Commit f5660107 authored by Ondřej Surý's avatar Ondřej Surý

sfcache system test: Remove RSAMD5 usage and make script shellcheck compliant

parent 7e07d05a
......@@ -9,13 +9,13 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm -f */K*.key */K*.private */*.signed */*.db */dsset-*
rm -f */managed.conf */trusted.conf
rm -f */named.memstats
rm -f */named.conf
rm -f */named.run */named.run.prev
rm -f dig.*
rm -f sfcache.*
rm -f ns*/named.lock
rm -f ns5/named.run.part*
rm -f ns*/managed-keys.bind*
rm -f ./*/K*.key ./*/K*.private ./*/*.signed ./*/*.db ./*/dsset-*
rm -f ./*/managed.conf ./*/trusted.conf
rm -f ./*/named.memstats
rm -f ./*/named.conf
rm -f ./*/named.run ./*/named.run.prev
rm -f ./dig.*
rm -f ./sfcache.*
rm -f ./ns*/named.lock
rm -f ./ns5/named.run.part*
rm -f ./ns*/managed-keys.bind*
......@@ -9,8 +9,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
zone=.
infile=root.db.in
......@@ -18,17 +18,17 @@ zonefile=root.db
(cd ../ns2 && $SHELL sign.sh )
cp ../ns2/dsset-example$TP .
cp "../ns2/dsset-example$TP" .
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
keyname=$($KEYGEN -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone $zone)
cat $infile $keyname.key > $zonefile
cat "$infile" "$keyname.key" > "$zonefile"
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys $keyname > trusted.conf
keyfile_to_trusted_keys "$keyname" > trusted.conf
cp trusted.conf ../ns2/trusted.conf
# ...or with a managed key.
keyfile_to_managed_keys $keyname > managed.conf
keyfile_to_managed_keys "$keyname" > managed.conf
......@@ -9,16 +9,16 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
zone=example.
infile=example.db.in
zonefile=example.db
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat $infile $keyname1.key $keyname2.key >$zonefile
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
#!/bin/sh
#!/bin/sh -e
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
......@@ -9,13 +9,9 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
if $KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone foo > /dev/null 2>&1
then
rm -f Kfoo*
else
echo "I:This test requires that --with-openssl was used." >&2
exit 255
fi
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
keyfile_to_trusted_keys "$keyname" > trusted.conf
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
trusted-keys {
"." 256 3 1 "AQO6Cl+slAf+iuieDim9L3kujFHQD7s/IOj03ClMOpKYcTXtK4mRpuULVfvWxDi9Ew/gj0xLnnX7z9OJHIxLI+DSrAHd8Dm0XfBEAtVtJSn70GaPZgnLMw1rk5ap2DsEoWk=";
};
......@@ -9,8 +9,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
$SHELL clean.sh
......@@ -18,7 +18,5 @@ copy_setports ns1/named.conf.in ns1/named.conf
copy_setports ns2/named.conf.in ns2/named.conf
copy_setports ns5/named.conf.in ns5/named.conf
cd ns1 && $SHELL sign.sh
cd ../ns5 && cp -f trusted.conf.bad trusted.conf
cd ns1 && $SHELL sign.sh && cd ..
cd ns5 && $SHELL sign.sh && cd ..
......@@ -9,94 +9,101 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
status=0
n=0
rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}"
RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
dig_with_opts() {
"$DIG" +tcp +noadd +nosea +nostat +nocmd -p "$PORT" "$@"
}
rndc_with_opts() {
"$RNDC" -c "$SYSTEMTESTTOP/common/rndc.conf" -p "$CONTROLPORT" -s "$@"
}
echo_i "checking DNSSEC SERVFAIL is cached ($n)"
ret=0
$DIG $DIGOPTS +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
$RNDCCMD 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
dig_with_opts +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
rndc_with_opts 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
# shellcheck disable=SC2034
for i in 1 2 3 4 5 6 7 8 9 10; do
awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db > sfcache.$n
[ -s "sfcache.$n" ] && break
sleep 1
done
grep "^; foo.example/A" sfcache.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "checking SERVFAIL is returned from cache ($n)"
ret=0
$DIG $DIGOPTS +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
dig_with_opts +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "checking that +cd bypasses cache check ($n)"
ret=0
$DIG $DIGOPTS +dnssec +cd foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
dig_with_opts +dnssec +cd foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "disabling server to force non-dnssec SERVFAIL"
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} sfcache ns2
"$PERL" "$SYSTEMTESTTOP/stop.pl" --use-rndc --port "${CONTROLPORT}" sfcache ns2
awk '/SERVFAIL/ { next; out=1 } /Zone/ { out=0 } { if (out) print }' ns5/named_dump.db
echo_i "checking SERVFAIL is cached ($n)"
ret=0
$DIG $DIGOPTS bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
$RNDCCMD 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
dig_with_opts bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
rndc_with_opts 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
# shellcheck disable=SC2034
for i in 1 2 3 4 5 6 7 8 9 10; do
awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db > sfcache.$n
[ -s "sfcache.$n" ] && break
sleep 1
done
grep "^; bar.example/A" sfcache.$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "checking SERVFAIL is returned from cache ($n)"
ret=0
nextpart ns5/named.run > /dev/null
$DIG $DIGOPTS bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
dig_with_opts bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
nextpart ns5/named.run > ns5/named.run.part$n
grep 'servfail cache hit bar.example/A (CD=0)' ns5/named.run.part$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "checking cache is bypassed with +cd query ($n)"
ret=0
$DIG $DIGOPTS +cd bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
dig_with_opts +cd bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
nextpart ns5/named.run > ns5/named.run.part$n
grep 'servfail cache hit' ns5/named.run.part$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "checking cache is used for subsequent +cd query ($n)"
ret=0
$DIG $DIGOPTS +dnssec bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
dig_with_opts +dnssec bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
nextpart ns5/named.run > ns5/named.run.part$n
grep 'servfail cache hit bar.example/A (CD=1)' ns5/named.run.part$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
......@@ -1008,8 +1008,7 @@
./bin/tests/system/sfcache/clean.sh SH 2014,2015,2016,2017,2018
./bin/tests/system/sfcache/ns1/sign.sh SH 2014,2016,2017,2018
./bin/tests/system/sfcache/ns2/sign.sh SH 2014,2016,2018
./bin/tests/system/sfcache/ns5/trusted.conf.bad X 2014,2016,2018
./bin/tests/system/sfcache/prereq.sh SH 2014,2016,2017,2018
./bin/tests/system/sfcache/ns5/sign.sh SH 2018
./bin/tests/system/sfcache/setup.sh SH 2014,2016,2017,2018
./bin/tests/system/sfcache/tests.sh SH 2014,2016,2017,2018
./bin/tests/system/smartsign/clean.sh SH 2010,2012,2014,2016,2018
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment