Commit 94354d46 authored by Ondřej Surý's avatar Ondřej Surý

Remove 2>&1 from the dnssec-signzone invocation in tests

parent ced15ede
......@@ -39,7 +39,7 @@ ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone`
$KEYGEN -a RSASHA1 -3 -q $zone > /dev/null
keyfile_to_static_keys $ksk > private.conf
cp private.conf ../ns4/private.conf
$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null 2>&1
$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null
# Extract saved keys for the revoke-to-duplicate-key test
zone=bar
......
......@@ -152,7 +152,7 @@ setup oldsigs.example
cp $infile $zonefile
$KEYGEN -q -a RSASHA1 -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -q -a RSASHA1 $zone > kg.out 2>&1 || dumpit kg.out
$SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
$SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile $infile > s.out || dumpit s.out
#
# NSEC3->NSEC transition test zone.
......@@ -160,7 +160,7 @@ $SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile $infile > s.out 2>&1 || d
setup nsec3-to-nsec.example
$KEYGEN -q -a RSASHA512 -b 2048 -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -q -a RSASHA512 -b 1024 $zone > kg.out 2>&1 || dumpit kg.out
$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out || dumpit s.out
#
# secure-to-insecure transition test zone; used to test removal of
......@@ -169,7 +169,7 @@ $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
setup secure-to-insecure.example
$KEYGEN -a RSASHA1 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -q $zone > kg.out 2>&1 || dumpit kg.out
$SIGNER -S -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
$SIGNER -S -o $zone -f $zonefile $infile > s.out || dumpit s.out
#
# another secure-to-insecure transition test zone; used to test
......@@ -180,7 +180,7 @@ ksk=`$KEYGEN -q -a RSASHA1 -3 -fk $zone 2> kg.out` || dumpit kg.out
echo $ksk > ../del1.key
zsk=`$KEYGEN -q -a RSASHA1 -3 $zone 2> kg.out` || dumpit kg.out
echo $zsk > ../del2.key
$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out || dumpit s.out
#
# Introducing a pre-published key test.
......@@ -189,7 +189,7 @@ setup prepub.example
infile="secure-to-insecure2.example.db.in"
$KEYGEN -a RSASHA1 -3 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
$KEYGEN -a RSASHA1 -3 -q $zone > kg.out 2>&1 || dumpit kg.out
$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out 2>&1 || dumpit s.out
$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out || dumpit s.out
#
# Key TTL tests.
......@@ -235,7 +235,7 @@ echo $zsk > ../delayzsk.key
setup nozsk.example
$KEYGEN -q -a RSASHA1 -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
zsk=`$KEYGEN -q -a RSASHA1 -3 $zone`
$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out 2>&1 || dumpit s.out
$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out || dumpit s.out
echo $zsk > ../missingzsk.key
rm -f ${zsk}.private
......@@ -246,7 +246,7 @@ rm -f ${zsk}.private
setup inaczsk.example
$KEYGEN -q -a RSASHA1 -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
zsk=`$KEYGEN -q -a RSASHA1 -3 $zone`
$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out 2>&1 || dumpit s.out
$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out || dumpit s.out
echo $zsk > ../inactivezsk.key
$SETTIME -I now $zsk > st.out 2>&1 || dumpit st.out
......
......@@ -84,7 +84,7 @@ sed 's/ add \(.*\) IN DS / add \1 3600 IN DS /' <UP.swap >UP.swapttl
sign() {
cat >db.$1
$SIGNER >/dev/null 2>&1 \
$SIGNER >/dev/null \
-S -O full -o $Z -f sig.$1 db.$1
}
......
......@@ -17,4 +17,4 @@ zonefile=example.db
ksk=`$KEYGEN -q -a RSASHA256 -b 2048 -fk $zone`
zsk=`$KEYGEN -q -a RSASHA256 -b 1024 $zone`
$SIGNER -S -o $zone example.db > /dev/null 2>&1
$SIGNER -S -o $zone example.db > /dev/null
......@@ -25,7 +25,7 @@ do
keyname1=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$keyname1.key" > "$zonefile"
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null
# Zone to test trust anchor that matches disabled algorithm.
zone=disabled.${tld}
......@@ -33,7 +33,7 @@ do
keyname2=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" -n zone "$zone")
cat "$infile" "$keyname2.key" > "$zonefile"
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null
# Zone to test trust anchor that has disabled algorithm for other domain.
zone=enabled.${tld}
......@@ -41,7 +41,7 @@ do
keyname3=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" -n zone "$zone")
cat "$infile" "$keyname3.key" > "$zonefile"
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null
# Zone to test trust anchor with unsupported algorithm.
zone=unsupported.${tld}
......@@ -49,7 +49,7 @@ do
keyname4=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$keyname4.key" > "$zonefile"
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
# Make trusted-keys and managed keys conf sections for ns8.
......@@ -62,7 +62,7 @@ do
keyname5=$("$KEYGEN" -f KSK -f REVOKE -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$keyname5.key" > "$zonefile"
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
"$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" > /dev/null
case $tld in
"managed")
......@@ -86,7 +86,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$cnameandkey.key" "$dnameandkey.key" "$keyname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
zone=bogus.example.
infile=bogus.example.db.in
......@@ -96,7 +96,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
zone=dynamic.example.
infile=dynamic.example.db.in
......@@ -107,7 +107,7 @@ keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KS
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
zone=keyless.example.
infile=generic.example.db.in
......@@ -117,7 +117,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
# Change the signer field of the a.b.keyless.example SIG A
# to point to a provably nonexistent KEY record.
......@@ -138,7 +138,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# NSEC3/NSEC3 test zone
......@@ -151,7 +151,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
#
# OPTOUT/NSEC3 test zone
......@@ -164,7 +164,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null
#
# A nsec3 zone (non-optout).
......@@ -177,7 +177,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -g -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -g -3 - -o "$zone" "$zonefile" > /dev/null
#
# OPTOUT/NSEC test zone
......@@ -190,7 +190,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# OPTOUT/NSEC3 test zone
......@@ -203,7 +203,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
#
# OPTOUT/OPTOUT test zone
......@@ -216,7 +216,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null
#
# A optout nsec3 zone.
......@@ -229,7 +229,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -g -3 - -A -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -g -3 - -A -o "$zone" "$zonefile" > /dev/null
#
# A nsec3 zone (non-optout) with unknown nsec3 hash algorithm (-U).
......@@ -242,7 +242,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -3 - -U -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -U -o "$zone" "$zonefile" > /dev/null
#
# A optout nsec3 zone with a unknown nsec3 hash algorithm (-U).
......@@ -255,7 +255,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -3 - -U -A -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -U -A -o "$zone" "$zonefile" > /dev/null
#
# A zone that is signed with an unknown DNSKEY algorithm.
......@@ -269,7 +269,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null
awk '$4 == "DNSKEY" { $7 = 100 } $4 == "RRSIG" { $6 = 100 } { print }' ${zonefile}.tmp > ${zonefile}.signed
......@@ -288,7 +288,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" > /dev/null
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
......@@ -308,7 +308,7 @@ zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key > "$zonefile"
"$SIGNER" -P -3 - -o "$zone" -f ${zonefile}.signed "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -o "$zone" -f ${zonefile}.signed "$zonefile" > /dev/null
#
# A zone with a unknown DNSKEY algorithm + unknown NSEC3 hash algorithm (-U).
......@@ -322,7 +322,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -3 - -o "$zone" -U -O full -f ${zonefile}.tmp "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -o "$zone" -U -O full -f ${zonefile}.tmp "$zonefile" > /dev/null
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
......@@ -340,17 +340,17 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
"$SIGNER" -P -u3 - -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -u3 - -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
"$SIGNER" -P -u3 AAAA -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -u3 AAAA -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
"$SIGNER" -P -u3 BBBB -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -u3 BBBB -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
"$SIGNER" -P -u3 CCCC -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -u3 CCCC -o "$zone" "$zonefile" > /dev/null
mv "$zonefile".signed "$zonefile"
"$SIGNER" -P -u3 DDDD -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -u3 DDDD -o "$zone" "$zonefile" > /dev/null
#
# A RSASHA256 zone.
......@@ -363,7 +363,7 @@ keyname=$("$KEYGEN" -q -a RSASHA256 -n zone "$zone")
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# A RSASHA512 zone.
......@@ -376,7 +376,7 @@ keyname=$("$KEYGEN" -q -a RSASHA512 -n zone "$zone")
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# A zone with the DNSKEY set only signed by the KSK
......@@ -388,7 +388,7 @@ zonefile=kskonly.example.db
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
"$SIGNER" -x -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -x -o "$zone" "$zonefile" > /dev/null
#
# A zone with the expired signatures
......@@ -400,7 +400,7 @@ zonefile=expired.example.db
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" -s -1d -e +1h "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" -s -1d -e +1h "$zonefile" > /dev/null
rm -f "$kskname.*" "$zskname.*"
#
......@@ -413,7 +413,7 @@ zonefile=update-nsec3.example.db
kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone")
zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
#
# A NSEC signed zone that will have auto-dnssec enabled and
......@@ -428,7 +428,7 @@ zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# A NSEC3 signed zone that will have auto-dnssec enabled and
......@@ -443,7 +443,7 @@ zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
kskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -fk "$zone")
zskname=$("$KEYGEN" -q -3 -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
#
# Secure below cname test zone.
......@@ -453,7 +453,7 @@ infile=secure.below-cname.example.db.in
zonefile=secure.below-cname.example.db
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# Patched TTL test zone.
......@@ -467,7 +467,7 @@ patchedfile=ttlpatch.example.db.patched
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -f $signedfile -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -f $signedfile -o "$zone" "$zonefile" > /dev/null
$CHECKZONE -D -s full "$zone" $signedfile 2> /dev/null | \
awk '{$2 = "3600"; print}' > $patchedfile
......@@ -483,7 +483,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
echo "\$INCLUDE \"$signedfile\"" >> "$zonefile"
: > "$signedfile"
"$SIGNER" -P -D -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -D -o "$zone" "$zonefile" > /dev/null
#
# Seperate DNSSEC records smart signing.
......@@ -498,7 +498,7 @@ cp "$infile" "$zonefile"
# shellcheck disable=SC2016
echo "\$INCLUDE \"$signedfile\"" >> "$zonefile"
: > "$signedfile"
"$SIGNER" -P -S -D -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -S -D -o "$zone" "$zonefile" > /dev/null
#
# Zone with signatures about to expire, but no private key to replace them
......@@ -510,7 +510,7 @@ signedfile="expiring.example.db.signed"
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
cp "$infile" "$zonefile"
"$SIGNER" -S -e now+1mi -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -S -e now+1mi -o "$zone" "$zonefile" > /dev/null
mv -f "${zskname}.private" "${zskname}.private.moved"
mv -f "${kskname}.private" "${kskname}.private.moved"
......@@ -525,7 +525,7 @@ signedfile="upper.example.db.signed"
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
cp "$infile" "$zonefile"
"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" > /dev/null
$CHECKZONE -D upper.example $lower 2>/dev/null | \
sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' > $signedfile
......@@ -540,7 +540,7 @@ signedfile="lower.example.db.signed"
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
cp "$infile" "$zonefile"
"$SIGNER" -P -S -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -S -o "$zone" "$zonefile" > /dev/null
#
# Zone with signatures about to expire, and dynamic, but configured
......@@ -553,7 +553,7 @@ signedfile="nosign.example.db.signed"
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
cp "$infile" "$zonefile"
"$SIGNER" -S -e "now+1mi" -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -S -e "now+1mi" -o "$zone" "$zonefile" > /dev/null
# preserve a normalized copy of the NS RRSIG for comparison later
$CHECKZONE -D nosign.example nosign.example.db.signed 2>/dev/null | \
awk '$4 == "RRSIG" && $5 == "NS" {$2 = ""; print}' | \
......@@ -578,7 +578,7 @@ kskname=$("$KEYGEN" -P "$now+90s" -A "$now+3600s" -q -a "$DEFAULT_ALGORITHM" -b
kskname=$("$KEYGEN" -I "$now+90s" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cp "$infile" "$zonefile"
"$SIGNER" -S -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -S -o "$zone" "$zonefile" > /dev/null
#
# A zone which will change its sig-validity-interval
......@@ -602,7 +602,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
sed -e 's/bogus/badds/g' < dsset-bogus.example$TP > dsset-badds.example$TP
#
......@@ -614,7 +614,7 @@ zonefile=future.example.db
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
"$SIGNER" -P -s +3600 -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -s +3600 -o "$zone" "$zonefile" > /dev/null
cp -f "$kskname.key" trusted-future.key
#
......@@ -626,7 +626,7 @@ zonefile=managed-future.example.db
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
cat "$infile" "$kskname.key" "$zskname.key" > "$zonefile"
"$SIGNER" -P -s +3600 -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -s +3600 -o "$zone" "$zonefile" > /dev/null
#
# A zone with a revoked key
......@@ -641,7 +641,7 @@ ksk2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -3fk "$zone")
zsk1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -3 "$zone")
cat "$infile" "${ksk1}.key" "${ksk2}.key" "${zsk1}.key" > "$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
#
# Check that NSEC3 are correctly signed and returned from below a DNAME
......@@ -653,7 +653,7 @@ zonefile=dname-at-apex-nsec3.example.db
kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -3fk "$zone")
zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -3 "$zone")
cat "$infile" "${kskname}.key" "${zskname}.key" >"$zonefile"
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -3 - -o "$zone" "$zonefile" > /dev/null
#
# A NSEC zone with occuded data at the delegation
......@@ -668,4 +668,4 @@ keyname=$("$KEYGEN" -q -a DH -b 1024 -n HOST -T KEY "delegation.$zone")
$DSFROMKEY "$dnskeyname.key" > "dsset-delegation.${zone}$TP"
cat "$infile" "${kskname}.key" "${zskname}.key" "${keyname}.key" \
"${dnskeyname}.key" "dsset-delegation.${zone}$TP" >"$zonefile"
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null 2>&1
"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
......@@ -1329,7 +1329,7 @@ ret=0
(
cd signer/general || exit 1
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test1.zone > signer.out.$n 2>&1
$SIGNER -f signed.zone -o example.com. test1.zone > signer.out.$n
test -f signed.zone
) || ret=1
n=$((n+1))
......@@ -1341,7 +1341,7 @@ ret=0
(
cd signer/general || exit 1
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test2.zone > signer.out.$n 2>&1
$SIGNER -f signed.zone -o example.com. test2.zone > signer.out.$n
test -f signed.zone
) && ret=1
n=$((n+1))
......@@ -1353,7 +1353,7 @@ ret=0
(
cd signer/general || exit 1
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test3.zone > signer.out.$n 2>&1
$SIGNER -f signed.zone -o example.com. test3.zone > signer.out.$n
test -f signed.zone
) && ret=1
n=$((n+1))
......@@ -1365,7 +1365,7 @@ ret=0
(
cd signer/general || exit 1
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test4.zone > signer.out.$n 2>&1
$SIGNER -f signed.zone -o example.com. test4.zone > signer.out.$n
test -f signed.zone
) || ret=1
n=$((n+1))
......@@ -1377,7 +1377,7 @@ ret=0
(
cd signer/general || exit 1
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test5.zone > signer.out.$n 2>&1
$SIGNER -f signed.zone -o example.com. test5.zone > signer.out.$n
test -f signed.zone
) || ret=1
n=$((n+1))
......@@ -1389,7 +1389,7 @@ ret=0
(
cd signer/general || exit 1
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test6.zone > signer.out.$n 2>&1
$SIGNER -f signed.zone -o example.com. test6.zone > signer.out.$n
test -f signed.zone
) || ret=1
n=$((n+1))
......@@ -1401,7 +1401,7 @@ ret=0
(
cd signer/general || exit 1
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test7.zone > signer.out.$n 2>&1
$SIGNER -f signed.zone -o example.com. test7.zone > signer.out.$n
test -f signed.zone
) && ret=1
n=$((n+1))
......@@ -1413,7 +1413,7 @@ ret=0
(
cd signer/general || exit 1
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test8.zone > signer.out.$n 2>&1
$SIGNER -f signed.zone -o example.com. test8.zone > signer.out.$n
test -f signed.zone
) && ret=1
n=$((n+1))
......@@ -1484,7 +1484,7 @@ key2=$($KEYGEN -K signer -q -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone)
(
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" > example.db
$SIGNER -o example -f example.db example.db > /dev/null 2>&1
$SIGNER -o example -f example.db example.db > /dev/null
) || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
......@@ -1498,7 +1498,7 @@ key2=$($KEYGEN -K signer -q -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone)
(
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" > example.db
$SIGNER -3 - -H 10 -o example -f example.db example.db > /dev/null 2>&1
$SIGNER -3 - -H 10 -o example -f example.db example.db > /dev/null
awk '/^IQF9LQTLK/ {
printf("%s", $0);
while (!index($0, ")")) {
......@@ -1524,7 +1524,7 @@ key2=$($KEYGEN -K signer -q -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone)
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" > example3.db
echo "some.empty.nonterminal.nodes.example 60 IN NS ns.example.tld" >> example3.db
$SIGNER -3 - -A -H 10 -o example -f example3.db example3.db > /dev/null 2>&1
$SIGNER -3 - -A -H 10 -o example -f example3.db example3.db > /dev/null
awk '/^IQF9LQTLK/ {
printf("%s", $0);
while (!index($0, ")")) {
......@@ -1549,9 +1549,9 @@ key2=$($KEYGEN -K signer -q -f KSK -a RSASHA1 -b 1024 -n zone $zone)
(
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" > example.db
$SIGNER -o example -f example.db.before example.db > /dev/null 2>&1
$SIGNER -o example -f example.db.before example.db > /dev/null
sed 's/60.IN.SOA./50 IN SOA /' example.db.before > example.db.changed
$SIGNER -o example -f example.db.after example.db.changed > /dev/null 2>&1
$SIGNER -o example -f example.db.after example.db.changed > /dev/null
)
grep "SOA 5 1 50" signer/example.db.after > /dev/null || ret=1
n=$((n+1))
......@@ -1569,12 +1569,12 @@ keyid3=$(keyfile_to_key_id "$key3")
(
cd signer || exit 1
cat example.db.in "$key1.key" "$key2.key" > example.db
$SIGNER -D -o example example.db > /dev/null 2>&1
$SIGNER -D -o example example.db > /dev/null
# now switch out key2 for key3 and resign the zone
cat example.db.in "$key1.key" "$key3.key" > example.db
echo "\$INCLUDE \"example.db.signed\"" >> example.db
$SIGNER -D -o example example.db > /dev/null 2>&1
$SIGNER -D -o example example.db > /dev/null
) || ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid2$" > /dev/null || ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid3$" > /dev/null || ret=1
......@@ -1586,7 +1586,7 @@ echo_i "checking dnssec-signzone -R purges signatures from removed keys ($n)"
ret=0
(
cd signer || exit 1
$SIGNER -RD -o example example.db > /dev/null 2>&1
$SIGNER -RD -o example example.db > /dev/null
) || ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid2$" > /dev/null && ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid3$" > /dev/null || ret=1
......@@ -1600,11 +1600,11 @@ zone=example
(
cd signer || exit 1
cp -f example.db.in example.db
$SIGNER -SD -o example example.db > /dev/null 2>&1
$SIGNER -SD -o example example.db > /dev/null
echo "\$INCLUDE \"example.db.signed\"" >> example.db
# now retire key2 and resign the zone
$SETTIME -I now "$key2" > /dev/null 2>&1
$SIGNER -SD -o example example.db > /dev/null 2>&1
$SIGNER -SD -o example example.db > /dev/null
) || ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid2$" > /dev/null || ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid3$" > /dev/null || ret=1
......@@ -1616,7 +1616,7 @@ echo_i "checking dnssec-signzone -Q purges signatures from inactive keys ($n)"
ret=0
(
cd signer || exit 1
$SIGNER -SDQ -o example example.db > /dev/null 2>&1
$SIGNER -SDQ -o example example.db > /dev/null
) || ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid2$" > /dev/null && ret=1
get_rsasha1_key_ids_from_sigs | grep "^$keyid3$" > /dev/null || ret=1
......@@ -1628,8 +1628,8 @@ echo_i "checking dnssec-signzone retains unexpired signatures ($n)"
ret=0
(
cd signer || exit 1
$SIGNER -Sxt -o example example.db > signer.out.1 2>&1
$SIGNER -Sxt -o example -f example.db.signed example.db.signed > signer.out.2 2>&1
$SIGNER -Sxt -o example example.db > signer.out.1
$SIGNER -Sxt -o example -f example.db.signed example.db.signed > signer.out.2
) || ret=1
gen1=$(awk '/generated/ {print $3}' signer/signer.out.1)
retain1=$(awk '/retained/ {print $3}' signer/signer.out.1)
......@@ -1656,7 +1656,7 @@ ns.sub2.example. IN A 10.53.0.2
EOF
echo "\$INCLUDE \"example2.db.signed\"" >> example2.db
touch example2.db.signed
$SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null 2>&1
$SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null
) || ret=1
grep "^sub1\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 || ret=1
grep "^ns\\.sub2\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 || ret=1
......@@ -1670,7 +1670,7 @@ sub2.example. IN NS ns.sub2.example.
ns.sub2.example. IN A 10.53.0.2
EOF
echo "\$INCLUDE \"example2.db.signed\"" >> example2.db
$SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null 2>&1
$SIGNER -DS -O full -f example2.db.signed -o example example2.db > /dev/null
) || ret=1
grep "^sub1\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1
grep "^ns\\.sub2\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1
......@@ -1690,7 +1690,7 @@ ns.sub2.example. IN A 10.53.0.2
EOF
echo "\$INCLUDE \"example2.db.signed\"" >> example2.db
touch example2.db.signed
$SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > /dev/null 2>&1
$SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > /dev/null
) || ret=1
grep "^sub1\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 || ret=1
grep "^ns\\.sub2\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 || ret=1
......@@ -1704,7 +1704,7 @@ sub2.example. IN NS ns.sub2.example.
ns.sub2.example. IN A 10.53.0.2
EOF
echo "\$INCLUDE \"example2.db.signed\"" >> example2.db
$SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > /dev/null 2>&1
$SIGNER -DS -3 feedabee -O full -f example2.db.signed -o example example2.db > /dev/null
) || ret=1
grep "^sub1\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1
grep "^ns\\.sub2\\.example\\..*RRSIG[ ]A[ ]" signer/example2.db.signed > /dev/null 2>&1 && ret=1
......@@ -1718,8 +1718,8 @@ ret=0
cd signer || exit 1
$SIGNER -O full -f - -Sxt -o example example.db > signer.out.3 2> /dev/null
$SIGNER -O text -f - -Sxt -o example example.db > signer.out.4 2> /dev/null
$SIGNER -O raw -f signer.out.5 -Sxt -o example example.db > /dev/null 2>&1
$SIGNER -O raw=0 -f signer.out.6 -Sxt -o example example.db > /dev/null 2>&1
$SIGNER -O raw -f signer.out.5 -Sxt -o example example.db > /dev/null
$SIGNER -O raw=0 -f signer.out.6 -Sxt -o example example.db > /dev/null
$SIGNER -O raw -f - -Sxt -o example example.db > signer.out.7 2> /dev/null