Commit f5785f97 authored by Ondřej Surý's avatar Ondřej Surý
Browse files

Refactor synthfromdnssec system test to use $DEFAULT_ALGORITHM, be shellcheck...

Refactor synthfromdnssec system test to use $DEFAULT_ALGORITHM, be shellcheck clean and run under set -e
parent e71bbde5
Pipeline #7869 passed with stages
in 32 minutes and 13 seconds
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
......@@ -7,19 +9,21 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm -f */named.memstats
rm -f */named.conf
rm -f */named.run
rm -f dig.out.*
rm -f ns1/K*+*+*.key
rm -f ns1/K*+*+*.private
rm -f ns1/dsset-*
rm -f ns1/example.db
rm -f ns1/example.db.signed
rm -f ns1/dnamed.db
rm -f ns1/dnamed.db.signed
rm -f ns1/root.db
rm -f ns1/root.db.signed
rm -f ns1/trusted.conf
rm -f ns2/named_dump.db
rm -f ns*/managed-keys.bind*
set -e
rm -f ./*/named.memstats
rm -f ./*/named.conf
rm -f ./*/named.run
rm -f ./dig.out.*
rm -f ./ns1/K*+*+*.key
rm -f ./ns1/K*+*+*.private
rm -f ./ns1/dsset-*
rm -f ./ns1/example.db
rm -f ./ns1/example.db.signed
rm -f ./ns1/dnamed.db
rm -f ./ns1/dnamed.db.signed
rm -f ./ns1/root.db
rm -f ./ns1/root.db.signed
rm -f ./ns1/trusted.conf
rm -f ./ns2/named_dump.db
rm -f ./ns*/managed-keys.bind*
......@@ -9,36 +9,35 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
zone=example
infile=example.db.in
zonefile=example.db
keyname=`$KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone`
cat $infile $keyname.key > $zonefile
keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
cat "$infile" "$keyname.key" > "$zonefile"
$SIGNER -P -o $zone $zonefile > /dev/null
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
zone=dnamed
infile=dnamed.db.in
zonefile=dnamed.db
keyname=`$KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone`
cat $infile $keyname.key > $zonefile
keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
cat "$infile" "$keyname.key" > "$zonefile"
$SIGNER -P -o $zone $zonefile > /dev/null
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
zone=.
infile=root.db.in
zonefile=root.db
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone)
cat "$infile" "$keyname.key" > "$zonefile"
cat $infile $keyname.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
$SIGNER -P -g -o $zone $zonefile > /dev/null 2>&1
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys $keyname > trusted.conf
keyfile_to_trusted_keys "$keyname" > trusted.conf
#!/bin/sh -e
#!/bin/sh
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
......@@ -9,8 +9,10 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
set -e
$SHELL clean.sh
......@@ -20,5 +22,7 @@ copy_setports ns3/named.conf.in ns3/named.conf
copy_setports ns4/named.conf.in ns4/named.conf
copy_setports ns5/named.conf.in ns5/named.conf
cd ns1
$SHELL sign.sh
(
cd ns1
$SHELL sign.sh
)
......@@ -9,16 +9,19 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
set -e
status=0
n=1
rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
DELVOPTS="-a ns1/trusted.conf -p ${PORT}"
dig_with_opts() {
"$DIG" +tcp +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@"
}
for ns in 2 4 5
do
......@@ -30,56 +33,56 @@ do
esac
echo_i "prime negative NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
ret=0
$DIG $DIGOPTS a.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
dig_with_opts a.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.ns${ns}.test$n > /dev/null || ret=1
grep "status: NXDOMAIN," dig.out.ns${ns}.test$n > /dev/null || ret=1
grep "example.*3600.IN.SOA" dig.out.ns${ns}.test$n > /dev/null || ret=1
[ $ns -eq ${ns} ] && nxdomain=dig.out.ns${ns}.test$n
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "prime negative NODATA response (synth-from-dnssec ${description};) ($n)"
ret=0
$DIG $DIGOPTS nodata.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
dig_with_opts nodata.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.ns${ns}.test$n > /dev/null || ret=1
grep "status: NOERROR," dig.out.ns${ns}.test$n > /dev/null || ret=1
grep "example.*3600.IN.SOA" dig.out.ns${ns}.test$n > /dev/null || ret=1
[ $ns -eq 2 ] && nodata=dig.out.ns${ns}.test$n
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "prime wildcard response (synth-from-dnssec ${description};) ($n)"
ret=0
$DIG $DIGOPTS a.wild-a.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
dig_with_opts a.wild-a.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.ns${ns}.test$n > /dev/null || ret=1
grep "status: NOERROR," dig.out.ns${ns}.test$n > /dev/null || ret=1
grep "a.wild-a.example.*3600.IN.A" dig.out.ns${ns}.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "prime wildcard CNAME response (synth-from-dnssec ${description};) ($n)"
ret=0
$DIG $DIGOPTS a.wild-cname.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
dig_with_opts a.wild-cname.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.ns${ns}.test$n > /dev/null || ret=1
grep "status: NOERROR," dig.out.ns${ns}.test$n > /dev/null || ret=1
grep "a.wild-cname.example.*3600.IN.CNAME" dig.out.ns${ns}.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
done
echo_i "prime redirect response (+nodnssec) (synth-from-dnssec <default>;) ($n)"
ret=0
$DIG $DIGOPTS +nodnssec a.redirect. @10.53.0.3 a > dig.out.ns2.test$n || ret=1
dig_with_opts +nodnssec a.redirect. @10.53.0.3 a > dig.out.ns2.test$n || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.ns2.test$n > /dev/null && ret=1
grep "status: NOERROR," dig.out.ns2.test$n > /dev/null || ret=1
grep 'a\.redirect\..*300.IN.A.100\.100\.100\.2' dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
#
# ensure TTL of synthesised answers differs from direct answers.
......@@ -96,7 +99,7 @@ do
esac
echo_i "check synthesized NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
ret=0
$DIG $DIGOPTS b.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
dig_with_opts b.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.ns${ns}.test$n > /dev/null || ret=1
grep "status: NXDOMAIN," dig.out.ns${ns}.test$n > /dev/null || ret=1
if [ ${synth} = yes ]
......@@ -107,13 +110,13 @@ do
grep "example.*3600.IN.SOA" dig.out.ns${ns}.test$n > /dev/null || ret=1
fi
digcomp $nxdomain dig.out.ns${ns}.test$n || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "check synthesized NODATA response (synth-from-dnssec ${description};) ($n)"
ret=0
$DIG $DIGOPTS nodata.example. @10.53.0.${ns} aaaa > dig.out.ns${ns}.test$n || ret=1
dig_with_opts nodata.example. @10.53.0.${ns} aaaa > dig.out.ns${ns}.test$n || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.ns${ns}.test$n > /dev/null || ret=1
grep "status: NOERROR," dig.out.ns${ns}.test$n > /dev/null || ret=1
if [ ${synth} = yes ]
......@@ -124,13 +127,13 @@ do
grep "example.*3600.IN.SOA" dig.out.ns${ns}.test$n > /dev/null || ret=1
fi
digcomp $nodata dig.out.ns${ns}.test$n || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "check synthesized wildcard response (synth-from-dnssec ${description};) ($n)"
ret=0
$DIG $DIGOPTS b.wild-a.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
dig_with_opts b.wild-a.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.ns${ns}.test$n > /dev/null || ret=1
grep "status: NOERROR," dig.out.ns${ns}.test$n > /dev/null || ret=1
if [ ${synth} = yes ]
......@@ -140,13 +143,13 @@ do
else
grep "b\.wild-a\.example\..*3600.IN.A" dig.out.ns${ns}.test$n > /dev/null || ret=1
fi
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "check synthesized wildcard CNAME response (synth-from-dnssec ${description};) ($n)"
ret=0
$DIG $DIGOPTS b.wild-cname.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
dig_with_opts b.wild-cname.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.ns${ns}.test$n > /dev/null || ret=1
grep "status: NOERROR," dig.out.ns${ns}.test$n > /dev/null || ret=1
if [ ${synth} = yes ]
......@@ -157,40 +160,40 @@ do
grep "b.wild-cname.example.*3600.IN.CNAME" dig.out.ns${ns}.test$n > /dev/null || ret=1
fi
grep "ns1.example.*.IN.A" dig.out.ns${ns}.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
done
echo_i "check redirect response (+dnssec) (synth-from-dnssec <default>;) ($n)"
ret=0
$DIG $DIGOPTS b.redirect. @10.53.0.3 a > dig.out.ns2.test$n || ret=1
dig_with_opts b.redirect. @10.53.0.3 a > dig.out.ns2.test$n || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.ns2.test$n > /dev/null || ret=1
grep "status: NXDOMAIN," dig.out.ns2.test$n > /dev/null || ret=1
grep "\..*3600.IN.SOA" dig.out.ns2.test$n > /dev/null && ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "check redirect response (+nodnssec) (synth-from-dnssec <default>;) ($n)"
ret=0
$DIG $DIGOPTS +nodnssec b.redirect. @10.53.0.3 a > dig.out.ns2.test$n || ret=1
dig_with_opts +nodnssec b.redirect. @10.53.0.3 a > dig.out.ns2.test$n || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.ns2.test$n > /dev/null && ret=1
grep "status: NOERROR," dig.out.ns2.test$n > /dev/null || ret=1
grep 'b\.redirect\..*300.IN.A.100\.100\.100\.2' dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "check DNAME handling (synth-from-dnssec yes;) ($n)"
ret=0
$DIG $DIGOPTS dnamed.example. ns @10.53.0.5 > dig.out.ns5.test$n || ret=1
$DIG $DIGOPTS a.dnamed.example. a @10.53.0.5 > dig.out.ns5-1.test$n || ret=1
dig_with_opts dnamed.example. ns @10.53.0.5 > dig.out.ns5.test$n || ret=1
dig_with_opts a.dnamed.example. a @10.53.0.5 > dig.out.ns5-1.test$n || ret=1
grep "status: NOERROR," dig.out.ns5-1.test$n > /dev/null || ret=1
n=`expr $n + 1`
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
status=$((status+ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment