Commit 2b8fab68 authored by Ondřej Surý's avatar Ondřej Surý Committed by Witold Krecicki

Remove genrandom command and all usage of specific random files throughout the system test suite

parent 3a4f820d
......@@ -46,7 +46,6 @@
<command>tsig-keygen</command>
<arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-h</option></arg>
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
<arg choice="opt" rep="norepeat">name</arg>
</cmdsynopsis>
<cmdsynopsis sepchar=" ">
......@@ -157,23 +156,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomfile</replaceable></term>
<listitem>
<para>
Specifies a source of random data for generating the
authorization. If the operating system does not provide a
<filename>/dev/random</filename> or equivalent device, the
default source of randomness is keyboard input.
<filename>randomdev</filename> specifies the name of a
character device or file containing random data to be used
instead of the default. The special value
<filename>keyboard</filename> indicates that keyboard input
should be used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s <replaceable class="parameter">name</replaceable></term>
<listitem>
......
......@@ -58,7 +58,6 @@
<arg choice="opt" rep="norepeat"><option>-h</option></arg>
<arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">address</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
......@@ -191,24 +190,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomfile</replaceable></term>
<listitem>
<para>
Specifies a source of random data for generating the
authorization. If the operating
system does not provide a <filename>/dev/random</filename>
or equivalent device, the default source of randomness
is keyboard input. <filename>randomdev</filename>
specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
<filename>keyboard</filename> indicates that keyboard
input should be used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s <replaceable class="parameter">address</replaceable></term>
<listitem>
......
......@@ -120,7 +120,6 @@ usage(void) {
"(DH only)\n");
fprintf(stderr, " -L <ttl>: default key TTL\n");
fprintf(stderr, " -p <protocol>: (default: 3 [dnssec])\n");
fprintf(stderr, " -r <randomdev>: DEPRECATED and ignored\n");
fprintf(stderr, " -s <strength>: strength value this key signs DNS "
"records with (default: 0)\n");
fprintf(stderr, " -T <rrtype>: DNSKEY | KEY (default: DNSKEY; "
......
......@@ -81,7 +81,6 @@
<arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-q</option></arg>
<arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">key</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
......@@ -349,31 +348,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
<para>
Specifies a source of randomness. Normally, when generating
DNSSEC keys, this option has no effect; the random number
generation function provided by the cryptographic library will
be used.
</para>
<para>
If that behavior is disabled at compile time, however,
the specified file will be used as entropy source
for key generation. <filename>randomdev</filename> is
the name of a character device or file containing random
data to be used. The special value <filename>keyboard</filename>
indicates that keyboard input should be used.
</para>
<para>
The default is <filename>/dev/random</filename> if the
operating system provides it or an equivalent device;
if not, the default source of randomness is keyboard input.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-S <replaceable class="parameter">key</replaceable></term>
<listitem>
......
......@@ -3053,8 +3053,6 @@ usage(void) {
fprintf(stderr, "\t\tsoa serial format of signed zone file (keep)\n");
fprintf(stderr, "\t-D:\n");
fprintf(stderr, "\t\toutput only DNSSEC-related records\n");
fprintf(stderr, "\t-r randomdev:\n");
fprintf(stderr, "\t\ta file containing random data\n");
fprintf(stderr, "\t-a:\t");
fprintf(stderr, "verify generated signatures\n");
fprintf(stderr, "\t-c class (IN)\n");
......
......@@ -78,10 +78,8 @@
<arg choice="opt" rep="norepeat"><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-P</option></arg>
<arg choice="opt" rep="norepeat"><option>-p</option></arg>
<arg choice="opt" rep="norepeat"><option>-Q</option></arg>
<arg choice="opt" rep="norepeat"><option>-R</option></arg>
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-S</option></arg>
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">ttl</replaceable></option></arg>
......@@ -508,18 +506,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-p</term>
<listitem>
<para>
Use pseudo-random data when signing the zone. This is faster,
but less secure, than using real random data. This option
may be useful when signing large zones or when the entropy
source is limited.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-P</term>
<listitem>
......@@ -571,23 +557,6 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
<para>
Specifies the source of randomness. If the operating
system does not provide a <filename>/dev/random</filename>
or equivalent device, the default source of randomness
is keyboard input. <filename>randomdev</filename>
specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
<filename>keyboard</filename> indicates that keyboard
input should be used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-S</term>
<listitem>
......
......@@ -70,7 +70,6 @@
<arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">randomdev</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-v</option></arg>
<arg choice="opt" rep="norepeat"><option>-T</option></arg>
<arg choice="opt" rep="norepeat"><option>-P</option></arg>
......@@ -269,22 +268,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-R <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
<para>
Where to obtain randomness. If the operating system
does not provide a <filename>/dev/random</filename> or
equivalent device, the default source of randomness is keyboard
input. <filename>randomdev</filename> specifies the name of
a character device or file containing random data to be used
instead of the default. The special value
<filename>keyboard</filename> indicates that keyboard input
should be used. This option may be specified multiple times.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-t <replaceable class="parameter">timeout</replaceable></term>
<listitem>
......
......@@ -49,7 +49,6 @@
<arg choice="opt" rep="norepeat"><option>-v</option></arg>
<arg choice="opt" rep="norepeat"><option>-z</option></arg>
<arg choice="opt" rep="norepeat"><option>-g <replaceable class="parameter">path</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">path</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">path</replaceable></option></arg>
<arg choice="opt" rep="repeat">zone</arg>
</cmdsynopsis>
......@@ -187,18 +186,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
<para>
Specifies a path to a file containing random data.
This is passed to the <command>dnssec-keygen</command> binary
using its <option>-r</option> option.
<!-- TODO: what to do about "-r keyboard"? -->
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s <replaceable class="parameter">settime-path</replaceable></term>
<listitem>
......
......@@ -76,7 +76,7 @@ def parse_args():
help='Path to \'dnssec-keygen\'',
metavar='path')
parser.add_argument('-r', dest='randomdev', type=str, default=None,
help='Path to a file containing random data to pass to \'dnssec-keygen\'',
help='DEPRECATED',
metavar='path')
parser.add_argument('-s', dest='settime', default=settime, type=str,
help='Path to \'dnssec-settime\'',
......@@ -97,6 +97,9 @@ def parse_args():
args = parser.parse_args()
if args.randomdev:
fatal("ERROR: -r option has been deprecated.")
if args.no_zsk and args.no_ksk:
fatal("ERROR: -z and -k cannot be used together.")
......
.libs
genrandom
headerdep_test.sh
nxtify
sdig
......
......@@ -20,18 +20,18 @@ infile=root.db.in
cat $infile ../ns2/dsset-example$TP > $zonefile
zskact=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE $zone`
zskvanish=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE $zone`
zskdel=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -D now $zone`
zskinact=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -I now $zone`
zskunpub=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -G $zone`
zsksby=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -A none $zone`
zskactnowpub1d=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -A now -P +1d $zone`
zsknopriv=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE $zone`
zskact=`$KEYGEN -3 -a RSASHA1 -q $zone`
zskvanish=`$KEYGEN -3 -a RSASHA1 -q $zone`
zskdel=`$KEYGEN -3 -a RSASHA1 -q -D now $zone`
zskinact=`$KEYGEN -3 -a RSASHA1 -q -I now $zone`
zskunpub=`$KEYGEN -3 -a RSASHA1 -q -G $zone`
zsksby=`$KEYGEN -3 -a RSASHA1 -q -A none $zone`
zskactnowpub1d=`$KEYGEN -3 -a RSASHA1 -q -A now -P +1d $zone`
zsknopriv=`$KEYGEN -3 -a RSASHA1 -q $zone`
rm $zsknopriv.private
ksksby=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -P now -A now+15s -fk $zone`
kskrev=`$KEYGEN -3 -a RSASHA1 -q -r $RANDFILE -R now+15s -fk $zone`
ksksby=`$KEYGEN -3 -a RSASHA1 -q -P now -A now+15s -fk $zone`
kskrev=`$KEYGEN -3 -a RSASHA1 -q -R now+15s -fk $zone`
cat $ksksby.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
......
......@@ -26,16 +26,16 @@ zonefile="${zone}.db"
infile="${zonefile}.in"
cat $infile dsset-*.example$TP > $zonefile
kskname=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone`
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > /dev/null
kskname=`$KEYGEN -a RSASHA1 -3 -q -fk $zone`
$KEYGEN -a RSASHA1 -3 -q $zone > /dev/null
$DSFROMKEY $kskname.key > dsset-${zone}$TP
# Create keys for a private secure zone.
zone=private.secure.example
zonefile="${zone}.db"
infile="${zonefile}.in"
ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone`
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > /dev/null
ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone`
$KEYGEN -a RSASHA1 -3 -q $zone > /dev/null
cat $ksk.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
......@@ -58,5 +58,5 @@ for i in Xbar.+005+30676.key Xbar.+005+30804.key Xbar.+005+30676.private \
do
cp $i `echo $i | sed s/X/K/`
done
$KEYGEN -a RSASHA1 -q -r $RANDFILE $zone > /dev/null
$KEYGEN -a RSASHA1 -q $zone > /dev/null
$DSFROMKEY Kbar.+005+30804.key > dsset-bar$TP
......@@ -30,8 +30,8 @@ setup () {
setup secure.example
cp $infile $zonefile
ksk=`$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
$DSFROMKEY $ksk.key > dsset-${zone}$TP
#
......@@ -39,8 +39,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup secure.nsec3.example
cp $infile $zonefile
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
$DSFROMKEY $ksk.key > dsset-${zone}$TP
#
......@@ -48,8 +48,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup nsec3.nsec3.example
cp $infile $zonefile
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
$DSFROMKEY $ksk.key > dsset-${zone}$TP
#
......@@ -57,8 +57,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup optout.nsec3.example
cp $infile $zonefile
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
$DSFROMKEY $ksk.key > dsset-${zone}$TP
#
......@@ -66,8 +66,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup nsec3.example
cat $infile dsset-*.${zone}$TP > $zonefile
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
$DSFROMKEY $ksk.key > dsset-${zone}$TP
#
......@@ -75,9 +75,9 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup autonsec3.example
cat $infile > $zonefile
ksk=`$KEYGEN -G -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
ksk=`$KEYGEN -G -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
echo $ksk > ../autoksk.key
zsk=`$KEYGEN -G -q -a RSASHA1 -3 -r $RANDFILE $zone 2> kg.out` || dumpit kg.out
zsk=`$KEYGEN -G -q -a RSASHA1 -3 $zone 2> kg.out` || dumpit kg.out
echo $zsk > ../autozsk.key
$DSFROMKEY $ksk.key > dsset-${zone}$TP
......@@ -86,8 +86,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup secure.optout.example
cp $infile $zonefile
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
$DSFROMKEY $ksk.key > dsset-${zone}$TP
#
......@@ -95,8 +95,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup nsec3.optout.example
cp $infile $zonefile
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
$DSFROMKEY $ksk.key > dsset-${zone}$TP
#
......@@ -104,8 +104,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup optout.optout.example
cp $infile $zonefile
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
$DSFROMKEY $ksk.key > dsset-${zone}$TP
#
......@@ -113,8 +113,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup optout.example
cat $infile dsset-*.${zone}$TP > $zonefile
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -3 $zone > kg.out 2>&1 || dumpit kg.out
$DSFROMKEY $ksk.key > dsset-${zone}$TP
#
......@@ -122,8 +122,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup rsasha256.example
cp $infile $zonefile
ksk=`$KEYGEN -q -a RSASHA256 -b 2048 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA256 -b 1024 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
ksk=`$KEYGEN -q -a RSASHA256 -b 2048 -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA256 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
$DSFROMKEY $ksk.key > dsset-${zone}$TP
#
......@@ -131,8 +131,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup rsasha512.example
cp $infile $zonefile
ksk=`$KEYGEN -q -a RSASHA512 -b 2048 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA512 -b 1024 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
ksk=`$KEYGEN -q -a RSASHA512 -b 2048 -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA512 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
$DSFROMKEY $ksk.key > dsset-${zone}$TP
#
......@@ -140,8 +140,8 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup nsec.example
cp $infile $zonefile
ksk=`$KEYGEN -q -a RSASHA1 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
ksk=`$KEYGEN -q -a RSASHA1 -fk $zone 2> kg.out` || dumpit kg.out
$KEYGEN -q -a RSASHA1 $zone > kg.out 2>&1 || dumpit kg.out
$DSFROMKEY $ksk.key > dsset-${zone}$TP
#
......@@ -150,16 +150,16 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
#
setup oldsigs.example
cp $infile $zonefile
$KEYGEN -q -a RSASHA1 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -q -a RSASHA1 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -q -a RSASHA1 -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -q -a RSASHA1 $zone > kg.out 2>&1 || dumpit kg.out
$SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
#
# NSEC3->NSEC transition test zone.
#
setup nsec3-to-nsec.example
$KEYGEN -q -a RSASHA512 -b 2048 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -q -a RSASHA512 -b 1024 -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -q -a RSASHA512 -b 2048 -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -q -a RSASHA512 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
#
......@@ -167,8 +167,8 @@ $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
# keys via nsupdate
#
setup secure-to-insecure.example
$KEYGEN -a RSASHA1 -q -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -q $zone > kg.out 2>&1 || dumpit kg.out
$SIGNER -S -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
#
......@@ -176,9 +176,9 @@ $SIGNER -S -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
# removal of keys on schedule.
#
setup secure-to-insecure2.example
ksk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
echo $ksk > ../del1.key
zsk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone 2> kg.out` || dumpit kg.out
zsk=`$KEYGEN -q -a RSASHA1 -3 $zone 2> kg.out` || dumpit kg.out
echo $zsk > ../del2.key
$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
......@@ -187,8 +187,8 @@ $SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
#
setup prepub.example
infile="secure-to-insecure2.example.db.in"
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
#
......@@ -197,35 +197,35 @@ $SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
# no default key TTL; DNSKEY should get SOA TTL
setup ttl1.example
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
cp $infile $zonefile
# default key TTL should be used
setup ttl2.example
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk -L 60 $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -L 60 $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -fk -L 60 $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -L 60 $zone > kg.out 2>&1 || dumpit kg.out
cp $infile $zonefile
# mismatched key TTLs, should use shortest
setup ttl3.example
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -fk -L 30 $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -L 60 $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -fk -L 30 $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -L 60 $zone > kg.out 2>&1 || dumpit kg.out
cp $infile $zonefile
# existing DNSKEY RRset, should retain TTL
setup ttl4.example
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -L 30 -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -L 30 -fk $zone > kg.out 2>&1 || dumpit kg.out
cat ${infile} K${zone}.+*.key > $zonefile
$KEYGEN -a RSASHA1 -3 -q -r $RANDFILE -L 180 $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q -L 180 $zone > kg.out 2>&1 || dumpit kg.out
#
# A zone with a DNSKEY RRset that is published before it's activated
#
setup delay.example
ksk=`$KEYGEN -G -q -a RSASHA1 -3 -r $RANDFILE -fk $zone 2> kg.out` || dumpit kg.out
ksk=`$KEYGEN -G -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
echo $ksk > ../delayksk.key
zsk=`$KEYGEN -G -q -a RSASHA1 -3 -r $RANDFILE $zone 2> kg.out` || dumpit kg.out
zsk=`$KEYGEN -G -q -a RSASHA1 -3 $zone 2> kg.out` || dumpit kg.out
echo $zsk > ../delayzsk.key
#
......@@ -233,8 +233,8 @@ echo $zsk > ../delayzsk.key
# is missing.
#
setup nozsk.example
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
zsk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone`
$KEYGEN -q -a RSASHA1 -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
zsk=`$KEYGEN -q -a RSASHA1 -3 $zone`
$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out 2>&1 || dumpit s.out
echo $zsk > ../missingzsk.key
rm -f ${zsk}.private
......@@ -244,8 +244,8 @@ rm -f ${zsk}.private
# is inactive.
#
setup inaczsk.example
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out
zsk=`$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE $zone`
$KEYGEN -q -a RSASHA1 -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
zsk=`$KEYGEN -q -a RSASHA1 -3 $zone`
$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out 2>&1 || dumpit s.out
echo $zsk > ../inactivezsk.key
$SETTIME -I now $zsk > st.out 2>&1 || dumpit st.out
......@@ -255,16 +255,16 @@ $SETTIME -I now $zsk > st.out 2>&1 || dumpit st.out
#
setup reconf.example
cp secure.example.db.in $zonefile
$KEYGEN -q -a RSASHA1 -3 -r $RANDFILE -fk $zone > kg.out 2>&1 || dumpit kg.out