Commit 16bb74b1 authored by Michał Kępień's avatar Michał Kępień

Merge branch 'michal/simplify-trailing-period-handling-in-system-tests-v9_11' into 'v9_11'

[v9_11] Simplify trailing period handling in system tests

See merge request !1878
parents 343fa390 72c7bc03
Pipeline #13946 passed with stages
in 55 seconds
......@@ -16,25 +16,25 @@ SYSTEMTESTTOP=../..
echo_i "dlv/ns3/sign.sh"
dlvzone="dlv.utld."
dlvzone="dlv.utld"
dlvsets=
dssets=
unsupporteddlvzone="unsupported-algorithm-dlv.utld."
unsupporteddlvzone="unsupported-algorithm-dlv.utld"
unsupporteddlvsets=
unsupporteddssets=
# Signed zone below unsigned TLD with DLV entry.
zone=child1.utld.
zone=child1.utld
infile=child.db.in
zonefile=child1.utld.db
outfile=child1.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -43,7 +43,7 @@ echo_i "signed $zone"
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
# with a disabled algorithm.
zone=child3.utld.
zone=child3.utld
infile=child.db.in
zonefile=child3.utld.db
outfile=child3.signed
......@@ -51,7 +51,7 @@ outfile=child3.signed
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -61,11 +61,11 @@ echo_i "signed $zone"
# Signed zone below unsigned TLD with DLV entry. This one is slightly
# different because its children (the grandchildren) don't have a DS record in
# this zone. The grandchild zones are served by ns6.
zone=child4.utld.
zone=child4.utld
infile=child.db.in
zonefile=child4.utld.db
outfile=child4.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -78,23 +78,23 @@ echo_i "signed $zone"
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
# with an unsupported algorithm.
zone=child5.utld.
zone=child5.utld
infile=child.db.in
zonefile=child5.utld.db
outfile=child5.signed
unsupporteddlvsets="$unsupporteddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
# Signed zone below unsigned TLD without DLV entry.
zone=child7.utld.
zone=child7.utld
infile=child.db.in
zonefile=child7.utld.db
outfile=child7.signed
......@@ -102,7 +102,7 @@ outfile=child7.signed
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -111,7 +111,7 @@ echo_i "signed $zone"
# Signed zone below unsigned TLD without DLV entry and no DS records for the
# grandchildren.
zone=child8.utld.
zone=child8.utld
infile=child.db.in
zonefile=child8.utld.db
outfile=child8.signed
......@@ -125,11 +125,11 @@ $SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/n
echo_i "signed $zone"
# Signed zone below unsigned TLD with DLV entry.
zone=child9.utld.
zone=child9.utld
infile=child.db.in
zonefile=child9.utld.db
outfile=child9.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -141,11 +141,11 @@ echo_i "signed $zone"
# Unsigned zone below an unsigned TLD with DLV entry. We still need to sign
# the zone to generate the DLV set.
zone=child10.utld.
zone=child10.utld
infile=child.db.in
zonefile=child10.utld.db
outfile=child10.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -157,11 +157,11 @@ echo_i "signed $zone"
# Zone signed with an unsupported algorithm with DLV entry.
zone=unsupported-algorithm.utld.
zone=unsupported-algorithm.utld
infile=child.db.in
zonefile=unsupported-algorithm.utld.db
outfile=unsupported-algorithm.utld.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -173,23 +173,23 @@ awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile
cp ${keyname2}.key ${keyname2}.tmp
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
cp dlvset-${zone} dlvset-${zone}tmp
awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}
cp dlvset-${zone}${TP} dlvset-${zone}tmp
awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}${TP}
echo_i "signed $zone"
# Signed zone below signed TLD with DLV entry and DS set.
zone=child1.druz.
zone=child1.druz
infile=child.db.in
zonefile=child1.druz.db
outfile=child1.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -198,7 +198,7 @@ echo_i "signed $zone"
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
# signed with a disabled algorithm.
zone=child3.druz.
zone=child3.druz
infile=child.db.in
zonefile=child3.druz.db
outfile=child3.druz.signed
......@@ -206,7 +206,7 @@ outfile=child3.druz.signed
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -215,12 +215,12 @@ echo_i "signed $zone"
# Signed zone below signed TLD with DLV entry and DS set, but missing
# DS records for the grandchildren.
zone=child4.druz.
zone=child4.druz
infile=child.db.in
zonefile=child4.druz.db
outfile=child4.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -233,17 +233,17 @@ echo_i "signed $zone"
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
# signed with an unsupported algorithm algorithm.
zone=child5.druz.
zone=child5.druz
infile=child.db.in
zonefile=child5.druz.db
outfile=child5.druz.signed
unsupporteddlvsets="$unsupporteddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
unsupporteddssets="$unsupportedssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
unsupporteddssets="$unsupportedssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -251,16 +251,16 @@ echo_i "signed $zone"
# Signed zone below signed TLD without DLV entry, but with normal DS set.
zone=child7.druz.
zone=child7.druz
infile=child.db.in
zonefile=child7.druz.db
outfile=child7.druz.signed
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -269,7 +269,7 @@ echo_i "signed $zone"
# Signed zone below signed TLD without DLV entry and no DS set. Also DS
# records for the grandchildren are not included in the zone.
zone=child8.druz.
zone=child8.druz
infile=child.db.in
zonefile=child8.druz.db
outfile=child8.druz.signed
......@@ -285,11 +285,11 @@ echo_i "signed $zone"
# Signed zone below signed TLD with DLV entry but no DS set. Also DS
# records for the grandchildren are not included in the zone.
zone=child9.druz.
zone=child9.druz
infile=child.db.in
zonefile=child9.druz.db
outfile=child9.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -302,12 +302,12 @@ echo_i "signed $zone"
# Unsigned zone below signed TLD with DLV entry and DS set. We still need to
# sign the zone to generate the DS sets.
zone=child10.druz.
zone=child10.druz
infile=child.db.in
zonefile=child10.druz.db
outfile=child10.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -323,18 +323,18 @@ cp $unsupporteddssets ../ns2
# DLV zones
infile=dlv.db.in
for zone in dlv.utld. unsupported-algorithm-dlv.utld.
for zone in dlv.utld unsupported-algorithm-dlv.utld
do
zonefile="${zone}db"
outfile="${zone}signed"
zonefile="${zone}.db"
outfile="${zone}.signed"
case $zone in
"dlv.utld.")
"dlv.utld")
algorithm=$DEFAULT_ALGORITHM
bits=$DEFAULT_BITS
dlvfiles=$dlvsets
;;
"unsupported-algorithm-dlv.utld.")
"unsupported-algorithm-dlv.utld")
algorithm=$DEFAULT_ALGORITHM
bits=$DEFAULT_BITS
dlvfiles=$unsupporteddlvsets
......@@ -347,11 +347,11 @@ do
cat $infile $dlvfiles $keyname1.key $keyname2.key >$zonefile
case $zone in
"dlv.utld.")
"dlv.utld")
$SIGNER -O full -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
keyfile_to_trusted_keys $keyname2 > ../ns5/trusted-dlv.conf
;;
"unsupported-algorithm-dlv.utld.")
"unsupported-algorithm-dlv.utld")
cp ${keyname2}.key ${keyname2}.tmp
$SIGNER -O full -r $RANDFILE -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
......
......@@ -134,7 +134,7 @@ $SIGNER -P -g -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
# Sign the privately secure file
privzone=private.secure.example.
privzone=private.secure.example
privinfile=private.secure.example.db.in
privzonefile=private.secure.example.db
......@@ -150,7 +150,7 @@ $SIGNER -P -g -r $RANDFILE -o $privzone -l dlv $privzonefile > /dev/null
dlvzone=dlv.
dlvinfile=dlv.db.in
dlvzonefile=dlv.db
dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP
dlvsetfile=dlvset-${privzone}${TP}
dlvkeyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $dlvzone`
......
......@@ -238,7 +238,7 @@ $SIGNER -P -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
# A zone that is signed with an unknown DNSKEY algorithm.
# Algorithm 7 is replaced by 100 in the zone and dsset.
#
zone=dnskey-unknown.example.
zone=dnskey-unknown.example
infile=dnskey-unknown.example.db.in
zonefile=dnskey-unknown.example.db
......@@ -250,14 +250,14 @@ $SIGNER -P -3 - -r $RANDFILE -o $zone -O full -f ${zonefile}.tmp $zonefile > /de
awk '$4 == "DNSKEY" { $7 = 100 } $4 == "RRSIG" { $6 = 100 } { print }' ${zonefile}.tmp > ${zonefile}.signed
DSFILE=dsset-`echo ${zone} |sed -e "s/\.$//g"`$TP
DSFILE=dsset-${zone}${TP}
$DSFROMKEY -A -f ${zonefile}.signed $zone > $DSFILE
#
# A zone that is signed with an unsupported DNSKEY algorithm (3).
# Algorithm 7 is replaced by 255 in the zone and dsset.
#
zone=dnskey-unsupported.example.
zone=dnskey-unsupported.example
infile=dnskey-unsupported.example.db.in
zonefile=dnskey-unsupported.example.db
......@@ -269,14 +269,14 @@ $SIGNER -P -3 - -r $RANDFILE -o $zone -O full -f ${zonefile}.tmp $zonefile > /de
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
DSFILE="dsset-${zone}${TP}"
$DSFROMKEY -A -f ${zonefile}.signed $zone > $DSFILE
#
# A zone with a published unsupported DNSKEY algorithm (Reserved).
# Different from above because this key is not intended for signing.
#
zone=dnskey-unsupported-2.example.
zone=dnskey-unsupported-2.example
infile=dnskey-unsupported-2.example.db.in
zonefile=dnskey-unsupported-2.example.db
......@@ -291,7 +291,7 @@ $SIGNER -P -3 - -r $RANDFILE -o $zone -f ${zonefile}.signed $zonefile > /dev/nul
# A zone with a unknown DNSKEY algorithm + unknown NSEC3 hash algorithm (-U).
# Algorithm 7 is replaced by 100 in the zone and dsset.
#
zone=dnskey-nsec3-unknown.example.
zone=dnskey-nsec3-unknown.example
infile=dnskey-nsec3-unknown.example.db.in
zonefile=dnskey-nsec3-unknown.example.db
......@@ -303,7 +303,7 @@ $SIGNER -P -3 - -r $RANDFILE -o $zone -U -O full -f ${zonefile}.tmp $zonefile >
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
DSFILE=dsset-`echo ${zone} |sed -e "s/\.$//g"`$TP
DSFILE=dsset-${zone}${TP}
$DSFROMKEY -A -f ${zonefile}.signed $zone > $DSFILE
#
......
......@@ -12,10 +12,10 @@
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
zone1=good.
zone1=good
infile1=good.db.in
zonefile1=good.db
zone2=bad.
zone2=bad
infile2=bad.db.in
zonefile2=bad.db
......@@ -30,8 +30,8 @@ cat $infile2 $keyname21.key $keyname22.key >$zonefile2
$SIGNER -P -g -r $RANDFILE -o $zone1 $zonefile1 > /dev/null
$SIGNER -P -g -r $RANDFILE -o $zone2 $zonefile2 > /dev/null
DSFILENAME1=dsset-`echo $zone1 |sed -e "s/\.$//g"`$TP
DSFILENAME2=dsset-`echo $zone2 |sed -e "s/\.$//g"`$TP
DSFILENAME1=dsset-${zone1}${TP}
DSFILENAME2=dsset-${zone2}${TP}
$DSFROMKEY -a SHA-256 $keyname12 > $DSFILENAME1
$DSFROMKEY -a SHA-256 $keyname22 > $DSFILENAME2
......
......@@ -47,13 +47,13 @@ signzone () {
cat $1/$3 $1/$KEYNAME.key > $1/tmp
$SIGNER -Pp -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null
sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/trusted-keys {"\1" \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf
DSFILENAME=dsset-`echo $2 |sed -e "s/\.$//g"`$TP
DSFILENAME=dsset-${2}${TP}
rm $DSFILENAME $1/tmp
}
# sign the root and a zone in ns2
test -r $RANDFILE || $GENRANDOM $RANDOMSIZE $RANDFILE
signzone ns2 tld2s. base-tld2s.db tld2s.db
signzone ns2 tld2s base-tld2s.db tld2s.db
# Performance and a few other checks.
cat <<EOF >ns5/rpz-switch
......
......@@ -16,11 +16,11 @@ SYSTESTDIR=wildcard
dssets=
zone=dlv.
zone=dlv
infile=dlv.db.in
zonefile=dlv.db
outfile=dlv.db.signed
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
......@@ -30,11 +30,11 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
zone=nsec.
zone=nsec
infile=nsec.db.in
zonefile=nsec.db
outfile=nsec.db.signed
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
......@@ -44,7 +44,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
zone=private.nsec.
zone=private.nsec
infile=private.nsec.db.in
zonefile=private.nsec.db
outfile=private.nsec.db.signed
......@@ -59,11 +59,11 @@ echo_i "signed $zone"
keyfile_to_trusted_keys $keyname2 > private.nsec.conf
zone=nsec3.
zone=nsec3
infile=nsec3.db.in
zonefile=nsec3.db
outfile=nsec3.db.signed
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
......@@ -73,7 +73,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -r $RANDFILE -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
zone=private.nsec3.
zone=private.nsec3
infile=private.nsec3.db.in
zonefile=private.nsec3.db
outfile=private.nsec3.db.signed
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment