Commit fd13fef2 authored by Michał Kępień's avatar Michał Kępień
Browse files

Fix regex used for mangling druz/DNSKEY

During "dlv" system test setup, the "sed" regex used for mangling the
DNSKEY RRset for the "druz" zone does not include the plus sign ("+"),
which may:

  - cause the replacement to happen near the end of DNSKEY RDATA, which
    can cause the latter to become an invalid Base64 string,

  - prevent the replacement from being performed altogether.

Both cases prevent the "dlv" system test from behaving as intended and
may trigger false positives.  Add the missing character to the
aforementioned regex to ensure the replacement is always performed on
bytes 10-25 of DNSKEY RDATA.
parent 570f56ab
Pipeline #11526 passed with stages
in 15 minutes and 46 seconds
......@@ -32,6 +32,6 @@ cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -l $dlvzone -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
$CHECKZONE -q -D -i none druz druz.pre |
sed '/IN DNSKEY/s/\([a-z0-9A-Z/]\{10\}\)[a-z0-9A-Z/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed
sed '/IN DNSKEY/s/\([a-z0-9A-Z+/]\{10\}\)[a-z0-9A-Z+/]\{16\}/\1XXXXXXXXXXXXXXXX/'> druz.signed
echo_i "signed $zone"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment