Commit bcfaac26 authored by Mark Andrews's avatar Mark Andrews
Browse files

remove false negatives (add eol to grep patterns; add missing ret=0)

parent 89e63ad5
......@@ -134,51 +134,52 @@ status=`expr $status + $ret`
echo "I:checking child zone DNSKEY set"
ret=0
grep "key id = $ckactive" $cfile.signed > /dev/null || {
grep "key id = $ckactive\$" $cfile.signed > /dev/null || {
ret=1
echo "I: missing expected child KSK id = $ckactive"
}
grep "key id = $ckpublished" $cfile.signed > /dev/null || {
grep "key id = $ckpublished\$" $cfile.signed > /dev/null || {
ret=1
echo "I: missing expected child prepublished KSK id = $ckpublished"
}
grep "key id = $ckrevoked" $cfile.signed > /dev/null || {
grep "key id = $ckrevoked\$" $cfile.signed > /dev/null || {
ret=1
echo "I: missing expected child revoked KSK id = $ckrevoked"
}
grep "key id = $czactive" $cfile.signed > /dev/null || {
grep "key id = $czactive\$" $cfile.signed > /dev/null || {
ret=1
echo "I: missing expected child ZSK id = $czactive"
}
grep "key id = $czpublished" $cfile.signed > /dev/null || {
grep "key id = $czpublished\$" $cfile.signed > /dev/null || {
ret=1
echo "I: missing expected child prepublished ZSK id = $czpublished"
}
grep "key id = $czinactive" $cfile.signed > /dev/null || {
grep "key id = $czinactive\$" $cfile.signed > /dev/null || {
ret=1
echo "I: missing expected child inactive ZSK id = $czinactive"
}
# should not be there, hence the &&
grep "key id = $ckprerevoke" $cfile.signed > /dev/null && {
grep "key id = $ckprerevoke\$" $cfile.signed > /dev/null && {
ret=1
echo "I: found unexpect child pre-revoke ZSK id = $ckprerevoke"
}
grep "key id = $czgenerated" $cfile.signed > /dev/null && {
grep "key id = $czgenerated\$" $cfile.signed > /dev/null && {
ret=1
echo "I: found unexpected child generated ZSK id = $czgenerated"
}
grep "key id = $czpredecessor" $cfile.signed > /dev/null && {
grep "key id = $czpredecessor\$" $cfile.signed > /dev/null && {
echo "I: found unexpected ZSK predecessor id = $czpredecessor (ignored)"
}
grep "key id = $czsuccessor" $cfile.signed > /dev/null && {
grep "key id = $czsuccessor\$" $cfile.signed > /dev/null && {
echo "I: found unexpected ZSK successor id = $czsuccessor (ignored)"
}
#grep "key id = $czpredecessor" $cfile.signed > /dev/null && ret=1
#grep "key id = $czsuccessor" $cfile.signed > /dev/null && ret=1
#grep "key id = $czpredecessor\$" $cfile.signed > /dev/null && ret=1
#grep "key id = $czsuccessor\$" $cfile.signed > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking key TTLs are correct"
ret=0
grep "${czone}. 30 IN" ${czsk1}.key > /dev/null 2>&1 || ret=1
grep "${czone}. 30 IN" ${cksk1}.key > /dev/null 2>&1 || ret=1
grep "${czone}. IN" ${czsk2}.key > /dev/null 2>&1 || ret=1
......@@ -190,12 +191,14 @@ if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking key TTLs were imported correctly"
ret=0
awk 'BEGIN {r = 0} $2 == "DNSKEY" && $1 != 30 {r = 1} END {exit r}' \
${cfile}.signed || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:re-signing and checking imported TTLs again"
ret=0
$SETTIME -L 15 ${czsk2} > /dev/null
czoneout=`$SIGNER -Sg -e now+1d -X now+2d -r $RANDFILE -o $czone $cfile 2>&1`
awk 'BEGIN {r = 0} $2 == "DNSKEY" && $1 != 15 {r = 1} END {exit r}' \
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment