[master] remove accidentally committed changes

72fd845d · Evan Hunt · 792915be · 72fd845d · 72fd845d · 72fd845d
Commit 72fd845d authored Feb 16, 2014 by Evan Hunt
4 changed files
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -33,7 +33,6 @@ NAMED=$TOP/bin/named/named
 # if the program is libtoolized.
 LWRESD="$TOP/bin/named/named -l"
 DIG=$TOP/bin/dig/dig
-DELVE=$TOP/bin/delve/delve
 RNDC=$TOP/bin/rndc/rndc
 NSUPDATE=$TOP/bin/nsupdate/nsupdate
 DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen

--- a/bin/tests/system/dnssec/clean.sh
+++ b/bin/tests/system/dnssec/clean.sh
@@ -67,5 +67,6 @@ rm -f ns6/optout-tld.db
 rm -f nosign.before
 rm -f signing.out*
 rm -f canonical?.*
+rm -f ns1/resolve.key
 rm -f ns3/siginterval.conf
 rm -f ns4/named_dump.db
--- a/bin/tests/system/dnssec/ns1/sign.sh
+++ b/bin/tests/system/dnssec/ns1/sign.sh
@@ -65,3 +65,14 @@ cp trusted.conf ../ns4/trusted.conf
 cp trusted.conf ../ns6/trusted.conf
 cp trusted.conf ../ns7/trusted.conf
 cp managed.conf ../ns4/managed.conf
+#
+#  Save keyid for managed key id test.
+#
+keyid=`expr $keyname : 'K.+001+\(.*\)'`
+keyid=`expr $keyid + 0`
+echo "$keyid" > managed.key.id
+cat $keyname.key | grep -v '^; ' | $PERL -n -e '
+local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
+local $key = join("", @rest);
+print "-a $alg -e -k $dn -K $key\n"
+' > resolve.key
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -26,7 +26,7 @@ n=1
 rm -f dig.out.*

 DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
-DELVEOPTS="-a ns1/trusted.conf"
+RESKEY=`cat ns1/resolve.key`

 # convert private-type records to readable form
 showprivate () {
@@ -137,10 +137,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking postive validation NSEC using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.example > resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.example > resolve.out$n || ret=1
   grep "a.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
   grep "a.example..*.RRSIG.A 3 2 300 .*" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
@@ -160,10 +160,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking positive validation NSEC3 using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.nsec3.example > resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.nsec3.example > resolve.out$n || ret=1
   grep "a.nsec3.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
   grep "a.nsec3.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
@@ -183,10 +183,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking positive validation OPTOUT using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.optout.example > resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.optout.example > resolve.out$n || ret=1
   grep "a.optout.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
   grep "a.optout.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
@@ -209,10 +209,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking positive wildcard validation NSEC using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.wild.example > resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.example > resolve.out$n || ret=1
   grep "a.wild.example..*10.0.0.27" resolve.out$n > /dev/null || ret=1
   grep "a.wild.example..*RRSIG.A 3 2 300.*" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
@@ -251,10 +251,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking positive wildcard validation NSEC3 using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.wild.nsec3.example > resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.nsec3.example > resolve.out$n || ret=1
   grep "a.wild.nsec3.example..*10.0.0.6" resolve.out$n > /dev/null || ret=1
   grep "a.wild.nsec3.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
@@ -277,10 +277,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking positive wildcard validation OPTOUT using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.wild.optout.example > resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.wild.optout.example > resolve.out$n || ret=1
   grep "a.wild.optout.example..*10.0.0.6" resolve.out$n > /dev/null || ret=1
   grep "a.wild.optout.example..*RRSIG.A 7 3 300.*" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
@@ -299,10 +299,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking negative validation NXDOMAIN NSEC using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 q.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -322,10 +322,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking negative validation NXDOMAIN NSEC3 using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 q.nsec3.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.nsec3.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -346,10 +346,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking negative validation NXDOMAIN OPTOUT using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 q.optout.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.optout.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -368,10 +368,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking negative validation NODATA OPTOUT using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t txt -s 10.53.0.4 a.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -392,10 +392,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking negative validation NODATA NSEC3 using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t txt -s 10.53.0.4 a.nsec3.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.nsec3.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -416,10 +416,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking negative validation NODATA OPTOUT using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t txt -s 10.53.0.4 a.optout.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 a.optout.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -437,10 +437,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking negative wildcard validation NSEC using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t txt -s 10.53.0.4 b.wild.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.wild.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -457,10 +457,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking negative wildcard validation NSEC3 using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t txt -s 10.53.0.4 b.wild.nsec3.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.wild.nsec3.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -481,10 +481,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking negative wildcard validation OPTOUT using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t txt -s 10.53.0.4 b.optout.nsec3.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t txt -s 10.53.0.4 b.optout.nsec3.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: ncache nxrrset" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -505,10 +505,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking 1-server insecurity proof NSEC using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.insecure.example > resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.example > resolve.out$n || ret=1
   grep "a.insecure.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -527,10 +527,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking 1-server insecurity proof NSEC3 using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.insecure.nsec3.example > resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.nsec3.example > resolve.out$n || ret=1
   grep "a.insecure.nsec3.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -549,10 +549,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking 1-server insecurity proof OPTOUT using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.insecure.optout.example > resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.insecure.optout.example > resolve.out$n || ret=1
   grep "a.insecure.optout.example..*10.0.0.1" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -573,10 +573,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking 1-server negative insecurity proof NSEC using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 q.insecure.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -597,10 +597,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking 1-server negative insecurity proof NSEC3 using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 q.insecure.nsec3.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.nsec3.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -621,10 +621,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking 1-server negative insecurity proof OPTOUT using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 q.insecure.optout.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 q.insecure.optout.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: ncache nxdomain" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -818,10 +818,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking failed validation using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.bogus.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.bogus.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: no valid RRSIG" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -863,10 +863,10 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-if [ -x ${DELVE} ] ; then
+if [ -x ${RESOLVE} ] ; then
   ret=0
   echo "I:checking that validation fails when key record is missing using dns_client ($n)"
-   $DELVE $DELVEOPTS -p 5300 -t a -s 10.53.0.4 a.b.keyless.example > /dev/null 2> resolve.out$n || ret=1
+   $RESOLVE $RESKEY -p 5300 -t a -s 10.53.0.4 a.b.keyless.example > /dev/null 2> resolve.out$n || ret=1
   grep "resolution failed: broken trust chain" resolve.out$n > /dev/null || ret=1
   n=`expr $n + 1`
   if [ $ret != 0 ]; then echo "I:failed"; fi