Commit eb26fdf7 authored by Ondřej Surý's avatar Ondřej Surý

Merge branch '4-fix-the-last-three-system-tests-parallel-run' into 'master'

Convert the last three system tests (ecdsa, eddsa and tkey) to use dynamic ports

See merge request !3257
parents bde35220 cfbb4620
Pipeline #37125 failed with stages
in 73 minutes and 18 seconds
......@@ -37,7 +37,7 @@ export LANG=C
# SEQUENTIAL_UNIX in conf.sh.in; those that only run on windows should
# be added to SEQUENTIAL_WINDOWS in conf.sh.win32.
#
SEQUENTIAL_COMMON="ecdsa eddsa tkey"
SEQUENTIAL_COMMON=""
#
# These tests can use ports assigned by the caller (other than 5300
......@@ -58,7 +58,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \
checkconf checknames checkzone \
cookie database digdelv dlz dlzexternal \
dns64 dscp dsdigest dyndb \
ednscompliance emptyzones \
ecdsa eddsa ednscompliance emptyzones \
fetchlimit filter-aaaa formerr forward \
geoip2 glue idna include-multiplecfg \
inline integrity ixfr \
......@@ -70,7 +70,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \
rrchecker rrl rrsetorder rsabigexponent runtime \
sfcache smartsign sortlist \
spf staticstub statistics statschannel stub synthfromdnssec \
tcp tools tsig tsiggss ttl \
tcp tkey tools tsig tsiggss ttl \
unknown upforwd verify views wildcard \
xfer xferquota zero zonechecks"
......
/ns1/named.conf
/ns2/named.conf
......@@ -9,11 +9,17 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm -f */K* */dsset-* */*.signed */trusted.conf
rm -f ns1/root.db
rm -f ns1/signer.err
rm -f dig.out*
rm -f */named.run
rm -f */named.memstats
rm -f ns*/named.lock
set -e
rm -f ./dig.out*
rm -f ns*/*.signed
rm -f ns*/K*
rm -f ns*/dsset-*
rm -f ns*/managed-keys.bind*
rm -f ns*/named.conf
rm -f ns*/named.lock
rm -f ns*/named.memstats
rm -f ns*/named.run
rm -f ns*/root.db
rm -f ns*/signer.err
rm -f ns*/trusted.conf
......@@ -17,7 +17,7 @@ options {
query-source address 10.53.0.1;
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
port 5300;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
......
......@@ -9,21 +9,22 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
set -e
. "$SYSTEMTESTTOP/conf.sh"
zone=.
infile=root.db.in
zonefile=root.db
key1=`$KEYGEN -q -a ECDSAP256SHA256 -n zone $zone`
key2=`$KEYGEN -q -a ECDSAP384SHA384 -n zone -f KSK $zone`
$DSFROMKEY -a sha-384 $key2.key > dsset-384
key1=$($KEYGEN -q -a ECDSAP256SHA256 -n zone "$zone")
key2=$($KEYGEN -q -a ECDSAP384SHA384 -n zone -f KSK "$zone")
$DSFROMKEY -a sha-384 "$key2.key" > dsset-384
cat $infile $key1.key $key2.key > $zonefile
cat "$infile" "$key1.key" "$key2.key" > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
$SIGNER -P -g -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err
# Configure the resolving server with a static key.
keyfile_to_static_ds $key1 > trusted.conf
keyfile_to_static_ds "$key1" > trusted.conf
cp trusted.conf ../ns2/trusted.conf
......@@ -17,7 +17,7 @@ options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port 5300;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
......
......@@ -9,7 +9,11 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
set -e
. "$SYSTEMTESTTOP/conf.sh"
copy_setports ns1/named.conf.in ns1/named.conf
copy_setports ns2/named.conf.in ns2/named.conf
cd ns1 && $SHELL sign.sh
......@@ -9,26 +9,28 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
set -e
. "$SYSTEMTESTTOP/conf.sh"
status=0
n=0
n=1
rm -f dig.out.*
dig_with_opts() {
"$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@"
}
DIGOPTS="+tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p 5300"
# Check the example. domain
echo "I:checking that positive validation works ($n)"
ret=0
$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
dig_with_opts . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1
......@@ -9,11 +9,17 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm -f */K* */dsset-* */*.signed */trusted.conf
rm -f ns1/root.db
rm -f ns*/signer.err
rm -f dig.out*
rm -f */named.run
rm -f */named.memstats
rm -f ns*/named.lock
set -e
rm -f ./dig.out*
rm -f ns*/*.signed
rm -f ns*/K*
rm -f ns*/dsset-*
rm -f ns*/managed-keys.bind*
rm -f ns*/named.conf
rm -f ns*/named.lock
rm -f ns*/named.memstats
rm -f ns*/named.run
rm -f ns*/root.db
rm -f ns*/signer.err
rm -f ns*/trusted.conf
......@@ -17,7 +17,7 @@ options {
query-source address 10.53.0.1;
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
port 5300;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
......
......@@ -9,24 +9,25 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
set -e
. "$SYSTEMTESTTOP/conf.sh"
zone=.
infile=root.db.in
zonefile=root.db
key1=`$KEYGEN -q -a ED25519 -n zone $zone`
key2=`$KEYGEN -q -a ED25519 -n zone -f KSK $zone`
#key2=`$KEYGEN -q -a ED448 -n zone -f KSK $zone`
$DSFROMKEY -a sha-256 $key2.key > dsset-256
key1=$($KEYGEN -q -a ED25519 -n zone "$zone")
key2=$($KEYGEN -q -a ED25519 -n zone -f KSK "$zone")
#key2=$($KEYGEN -q -a ED448 -n zone -f KSK "$zone")
$DSFROMKEY -a sha-256 "$key2.key" > dsset-256
cat $infile $key1.key $key2.key > $zonefile
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
$SIGNER -P -g -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err
# Configure the resolving server with a static key.
keyfile_to_static_ds $key1 > trusted.conf
keyfile_to_static_ds "$key1" > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cd ../ns2 && $SHELL sign.sh
......@@ -17,7 +17,7 @@ options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port 5300;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
......
......@@ -9,8 +9,9 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
set -e
. "$SYSTEMTESTTOP/conf.sh"
zone=example.com.
zonefile=example.com.db
......@@ -22,7 +23,7 @@ for i in Xexample.com.+015+03613.key Xexample.com.+015+03613.private \
Xexample.com.+016+09713.key Xexample.com.+016+09713.private \
Xexample.com.+016+38353.key Xexample.com.+016+38353.private
do
cp $i `echo $i | sed s/X/K/`
cp "$i" "$(echo $i | sed s/X/K/)"
done
$SIGNER -P -z -s $starttime -e $endtime -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
$SIGNER -P -z -s "$starttime" -e "$endtime" -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err
......@@ -9,7 +9,10 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
set -e
exec $SHELL ../testcrypto.sh eddsa
. "$SYSTEMTESTTOP/conf.sh"
if ! $SHELL ../testcrypto.sh eddsa; then
exit 1
fi
......@@ -9,7 +9,11 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
set -e
. "$SYSTEMTESTTOP/conf.sh"
copy_setports ns1/named.conf.in ns1/named.conf
copy_setports ns2/named.conf.in ns2/named.conf
cd ns1 && $SHELL sign.sh
......@@ -9,27 +9,28 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
set -e
. "$SYSTEMTESTTOP/conf.sh"
status=0
n=1
rm -f dig.out.*
DIGOPTS="+tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p 5300"
dig_with_opts() {
"$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@"
}
# Check the example. domain
echo "I:checking that positive validation works ($n)"
ret=0
$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
dig_with_opts . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
# Check test vectors (RFC 8080 + errata)
......@@ -39,9 +40,9 @@ grep 'oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jP' ns2/example.com.db.signed > /dev/nul
grep 'VrbpMngwcrqNAg==' ns2/example.com.db.signed > /dev/null || ret=1
grep 'zXQ0bkYgQTEFyfLyi9QoiY6D8ZdYo4wyUhVi' ns2/example.com.db.signed > /dev/null || ret=1
grep 'R0O7KuI5k2pcBg==' ns2/example.com.db.signed > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo "I:checking that Ed448 test vectors match ($n)"
ret=0
......@@ -57,9 +58,9 @@ grep '4m0AsQ4f7qI1gVnML8vWWiyW2KXhT9kuAICU' ns2/example.com.db.signed > /dev/nul
grep 'Sxv5OWbf81Rq7Yu60npabODB0QFPb/rkW3kU' ns2/example.com.db.signed > /dev/null || ret=1
grep 'ZmQ0YQUA' ns2/example.com.db.signed > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1
......@@ -9,10 +9,15 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm -f dig.out.* rndc.out.* ns1/named.conf
rm -f K* ns1/K*
rm -f */named.memstats
rm -f */named.run
rm -f ns1/_default.tsigkeys
rm -f ns*/named.lock
set -e
rm -f ./K*
rm -f ./dig.out.*
rm -f ./rndc.out.*
rm -f ns*/K*
rm -f ns*/_default.tsigkeys
rm -f ns*/managed-keys.bind*
rm -f ns*/named.conf
rm -f ns*/named.lock
rm -f ns*/named.memstats
rm -f ns*/named.run
......@@ -52,9 +52,11 @@
#define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
#define PORT 5300
#define TIMEOUT 30
static char *ip_address = NULL;
static int port = 0;
static dst_key_t *ourkey;
static isc_mem_t *mctx;
static dns_tsigkey_t *tsigkey, *initialkey;
......@@ -141,10 +143,10 @@ sendquery(isc_task_t *task, isc_event_t *event) {
isc_event_free(&event);
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) {
if (inet_pton(AF_INET, ip_address, &inaddr) != 1) {
CHECK("inet_pton", result);
}
isc_sockaddr_fromin(&address, &inaddr, PORT);
isc_sockaddr_fromin(&address, &inaddr, port);
dns_fixedname_init(&keyname);
isc_buffer_constinit(&namestr, "tkeytest.", 9);
......@@ -210,18 +212,16 @@ main(int argc, char *argv[]) {
RUNCHECK(isc_app_start());
if (argc < 2) {
if (argc < 4) {
fprintf(stderr, "I:no DH key provided\n");
exit(-1);
}
if (strcmp(argv[1], "-r") == 0) {
fprintf(stderr, "I:the -r option has been deprecated\n");
exit(-1);
}
ourkeyname = argv[1];
ip_address = argv[1];
port = atoi(argv[2]);
ourkeyname = argv[3];
if (argc >= 3) {
ownername_str = argv[2];
if (argc >= 5) {
ownername_str = argv[4];
}
dns_result_register();
......
......@@ -51,9 +51,10 @@
#define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
#define PORT 5300
#define TIMEOUT 30
static char *ip_address;
static int port;
static isc_mem_t *mctx;
static dns_tsigkey_t *tsigkey;
static dns_tsig_keyring_t *ring;
......@@ -114,10 +115,10 @@ sendquery(isc_task_t *task, isc_event_t *event) {
isc_event_free(&event);
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) {
if (inet_pton(AF_INET, ip_address, &inaddr) != 1) {
CHECK("inet_pton", result);
}
isc_sockaddr_fromin(&address, &inaddr, PORT);
isc_sockaddr_fromin(&address, &inaddr, port);
query = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
......@@ -155,7 +156,7 @@ main(int argc, char **argv) {
RUNCHECK(isc_app_start());
if (argc < 2) {
if (argc < 4) {
fprintf(stderr, "I:no key to delete\n");
exit(-1);
}
......@@ -163,7 +164,9 @@ main(int argc, char **argv) {
fprintf(stderr, "I:The -r options has been deprecated\n");
exit(-1);
}
keyname = argv[1];
ip_address = argv[1];
port = atoi(argv[2]);
keyname = argv[3];
dns_result_register();
......
......@@ -15,7 +15,7 @@ options {
query-source address 10.53.0.1;
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
port 5300;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
......@@ -32,7 +32,7 @@ key rndc_key {
};
controls {
inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
key "tkeytest." {
......
......@@ -9,10 +9,10 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
set -e
keyname=`$KEYGEN -T KEY -a DH -b 768 -n host server`
keyid=$(keyfile_to_key_id $keyname)
rm -f named.conf
sed -e "s;KEYID;$keyid;" < named.conf.in > named.conf
. "$SYSTEMTESTTOP/conf.sh"
keyname=$($KEYGEN -T KEY -a DH -b 768 -n host server)
keyid=$(keyfile_to_key_id "$keyname")
sed -i -e "s;KEYID;$keyid;" named.conf
......@@ -9,7 +9,10 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
set -e
. "$SYSTEMTESTTOP/conf.sh"
copy_setports ns1/named.conf.in ns1/named.conf
cd ns1 && $SHELL setup.sh
......@@ -9,137 +9,153 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
set -e
DIGOPTS="@10.53.0.1 -p 5300"
. "$SYSTEMTESTTOP/conf.sh"
dig_with_opts() {
"$DIG" @10.53.0.1 -p "$PORT" "$@"
}
status=0
n=1
echo "I:generating new DH key"
echo "I:generating new DH key ($n)"
ret=0
dhkeyname=`$KEYGEN -T KEY -a DH -b 768 -n host client` || ret=1
dhkeyname=$($KEYGEN -T KEY -a DH -b 768 -n host client) || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
status=`expr $status + $ret`
status=$((status+ret))
echo "I:exit status: $status"
exit $status
fi
status=`expr $status + $ret`
status=$((status+ret))
n=$((n+1))
for owner in . foo.example.
do
echo "I:creating new key using owner name \"$owner\""
echo "I:creating new key using owner name \"$owner\" ($n)"
ret=0
keyname=`$KEYCREATE $dhkeyname $owner` || ret=1
keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" $owner) || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
status=`expr $status + $ret`
status=$((status+ret))
echo "I:exit status: $status"
exit $status
fi
status=`expr $status + $ret`
status=$((status+ret))
n=$((n+1))
echo "I:checking the new key"
echo "I:checking the new key ($n)"
ret=0
$DIG $DIGOPTS txt txt.example -k $keyname > dig.out.1 || ret=1
grep "status: NOERROR" dig.out.1 > /dev/null || ret=1
grep "TSIG.*hmac-md5.*NOERROR" dig.out.1 > /dev/null || ret=1
grep "Some TSIG could not be validated" dig.out.1 > /dev/null && ret=1
dig_with_opts txt txt.example -k "$keyname" > dig.out.test$n || ret=1
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
grep "TSIG.*hmac-md5.*NOERROR" dig.out.test$n > /dev/null || ret=1
grep "Some TSIG could not be validated" dig.out.test$n > /dev/null && ret=1
if [ $ret != 0 ]; then
echo "I:failed"
fi
status=`expr $status + $ret`
status=$((status+ret))
n=$((n+1))
echo "I:deleting new key"
echo "I:deleting new key ($n)"
ret=0
$KEYDELETE $keyname || ret=1
$KEYDELETE 10.53.0.1 "$PORT" "$keyname" || ret=1
if [ $ret != 0 ]; then
echo "I:failed"
fi
status=`expr $status + $ret`
status=$((status+ret))
n=$((n+1))
echo "I:checking that new key has been deleted"
echo "I:checking that new key has been deleted ($n)"
ret=0
$DIG $DIGOPTS txt txt.example -k $keyname > dig.out.2 || ret=1
grep "status: NOERROR" di