Commit e17b7ee0 authored by Evan Hunt's avatar Evan Hunt

temporarily disable jitter tests in the 'autosign' system test

the current method used for testing distribution of signatures
is failure-prone. we need to replace it with something both
effective and portable, but in the meantime we're commenting
out the jitter test.
parent 65860c80
Pipeline #25181 passed with stages
in 23 minutes and 18 seconds
......@@ -373,14 +373,24 @@ done
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
# Check jitter distribution.
echo_i "checking expired signatures were jittered correctly ($n)"
ret=0
$DIG $DIGOPTS axfr oldsigs.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
checkjitter dig.out.ns3.test$n || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
# XXX temporarily disable jitter test below until we have a better and more
# portable method for evaluating the evenness of the distribution.
if false; then
# Check jitter distribution.
echo_i "checking expired signatures were jittered correctly ($n)"
ret=0
$DIG $DIGOPTS axfr oldsigs.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
checkjitter dig.out.ns3.test$n || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
# XXX temporarily disabled
else
echowarn "I:autosign:jitter tests disabled"
fi
echo_i "checking NSEC->NSEC3 conversion succeeded ($n)"
ret=0
......@@ -984,35 +994,44 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i "checking jitter in a newly signed NSEC3 zone ($n)"
ret=0
# Use DNS UPDATE to add an NSEC3PARAM record into the zone.
$NSUPDATE > nsupdate.out.test$n 2>&1 <<END || ret=1
server 10.53.0.3 ${PORT}
zone jitter.nsec3.example.
update add jitter.nsec3.example. 3600 NSEC3PARAM 1 0 10 BEEF
send
# XXX temporarily disable jitter test below until we have a better and more
# portable method for evaluating the evenness of the distribution.
if false; then
echo_i "checking jitter in a newly signed NSEC3 zone ($n)"
ret=0
# Use DNS UPDATE to add an NSEC3PARAM record into the zone.
$NSUPDATE > nsupdate.out.test$n 2>&1 <<-END || ret=1
server 10.53.0.3 ${PORT}
zone jitter.nsec3.example.
update add jitter.nsec3.example. 3600 NSEC3PARAM 1 0 10 BEEF
send
END
[ $ret != 0 ] && echo_i "error: dynamic update add NSEC3PARAM failed"
# Create DNSSEC keys in the zone directory.
$KEYGEN -a rsasha1 -3 -q -K ns3 jitter.nsec3.example > /dev/null
# Trigger zone signing.
$RNDCCMD 10.53.0.3 sign jitter.nsec3.example. 2>&1 | sed 's/^/ns3 /' | cat_i
# Wait until zone has been signed.
for i in 0 1 2 3 4 5 6 7 8 9; do
failed=0
$DIG $DIGOPTS axfr jitter.nsec3.example @10.53.0.3 > dig.out.ns3.test$n || failed=1
grep "NSEC3PARAM" dig.out.ns3.test$n > /dev/null || failed=1
[ $failed -eq 0 ] && break
echo_i "waiting ... ($i)"
sleep 2
done
[ $failed != 0 ] && echo_i "error: no NSEC3PARAM found in AXFR" && ret=1
# Check jitter distribution.
checkjitter dig.out.ns3.test$n || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
[ $ret != 0 ] && echo_i "error: dynamic update add NSEC3PARAM failed"
# Create DNSSEC keys in the zone directory.
$KEYGEN -a rsasha1 -3 -q -K ns3 jitter.nsec3.example > /dev/null
# Trigger zone signing.
$RNDCCMD 10.53.0.3 sign jitter.nsec3.example. 2>&1 | sed 's/^/ns3 /' | cat_i
# Wait until zone has been signed.
for i in 0 1 2 3 4 5 6 7 8 9; do
failed=0
$DIG $DIGOPTS axfr jitter.nsec3.example @10.53.0.3 > dig.out.ns3.test$n || failed=1
grep "NSEC3PARAM" dig.out.ns3.test$n > /dev/null || failed=1
[ $failed -eq 0 ] && break
echo_i "waiting ... ($i)"
sleep 2
done
[ $failed != 0 ] && echo_i "error: no NSEC3PARAM found in AXFR" && ret=1
# Check jitter distribution.
checkjitter dig.out.ns3.test$n || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
# XXX temporarily disabled
else
echowarn "I:autosign:jitter tests disabled"
fi
echo_i "checking that serial number and RRSIGs are both updated (rt21045) ($n)"
ret=0
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment