Commit d0a73c7d authored by Michał Kępień's avatar Michał Kępień

Properly detect presence of CDS/CDNSKEY records

Replace grep calls with awk scripts to more precisely detect presence of
CDS and CDNSKEY records in a signed zone file, in order to prevent rare
false positives for the "smartsign" system test triggered by the strings
"CDS" and/or "CDNSKEY" being accidentally present in the Base64 form of
DNSSEC-related data in the zone file being checked.
parent bae12f56
Pipeline #15445 passed with stages
in 10 minutes and 19 seconds
......@@ -343,8 +343,8 @@ status=`expr $status + $ret`
echo_i "checking sync record publication"
ret=0
grep -w CDNSKEY $cfile.signed > /dev/null || ret=1
grep -w CDS $cfile.signed > /dev/null || ret=1
awk 'BEGIN { r=1 } $2 == "CDNSKEY" { r=0 } END { exit r }' $cfile.signed || ret=1
awk 'BEGIN { r=1 } $2 == "CDS" { r=0 } END { exit r }' $cfile.signed || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......@@ -353,8 +353,8 @@ ret=0
$SETTIME -P now -A now -Dsync now ${cksk5} > /dev/null
$SIGNER -Sg -o $czone -f $cfile.new $cfile.signed > /dev/null 2>&1
mv $cfile.new $cfile.signed
grep -w CDNSKEY $cfile.signed > /dev/null && ret=1
grep -w CDS $cfile.signed > /dev/null && ret=1
awk 'BEGIN { r=1 } $2 == "CDNSKEY" { r=0 } END { exit r }' $cfile.signed && ret=1
awk 'BEGIN { r=1 } $2 == "CDS" { r=0 } END { exit r }' $cfile.signed && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment