Commit b0fd3a2f authored by Michał Kępień's avatar Michał Kępień
Browse files

Merge branch 'michal/simplify-trailing-period-handling-in-system-tests' into 'master'

Simplify trailing period handling in system tests

See merge request isc-projects/bind9!1860
parents 79357f93 da2c1b74
......@@ -16,29 +16,29 @@ SYSTEMTESTTOP=../..
echo_i "dlv/ns3/sign.sh"
dlvzone="dlv.utld."
dlvzone="dlv.utld"
dlvsets=
dssets=
disableddlvzone="disabled-algorithm-dlv.utld."
disableddlvzone="disabled-algorithm-dlv.utld"
disableddlvsets=
disableddssets=
unsupporteddlvzone="unsupported-algorithm-dlv.utld."
unsupporteddlvzone="unsupported-algorithm-dlv.utld"
unsupporteddlvsets=
unsupporteddssets=
# Signed zone below unsigned TLD with DLV entry.
zone=child1.utld.
zone=child1.utld
infile=child.db.in
zonefile=child1.utld.db
outfile=child1.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -47,16 +47,16 @@ echo_i "signed $zone"
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
# with a disabled algorithm.
zone=child3.utld.
zone=child3.utld
infile=child.db.in
zonefile=child3.utld.db
outfile=child3.signed
disableddlvsets="$disableddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -66,11 +66,11 @@ echo_i "signed $zone"
# Signed zone below unsigned TLD with DLV entry. This one is slightly
# different because its children (the grandchildren) don't have a DS record in
# this zone. The grandchild zones are served by ns6.
zone=child4.utld.
zone=child4.utld
infile=child.db.in
zonefile=child4.utld.db
outfile=child4.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -83,23 +83,23 @@ echo_i "signed $zone"
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
# with an unsupported algorithm.
zone=child5.utld.
zone=child5.utld
infile=child.db.in
zonefile=child5.utld.db
outfile=child5.signed
unsupporteddlvsets="$unsupporteddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
# Signed zone below unsigned TLD without DLV entry.
zone=child7.utld.
zone=child7.utld
infile=child.db.in
zonefile=child7.utld.db
outfile=child7.signed
......@@ -107,7 +107,7 @@ outfile=child7.signed
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -116,7 +116,7 @@ echo_i "signed $zone"
# Signed zone below unsigned TLD without DLV entry and no DS records for the
# grandchildren.
zone=child8.utld.
zone=child8.utld
infile=child.db.in
zonefile=child8.utld.db
outfile=child8.signed
......@@ -130,11 +130,11 @@ $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer
echo_i "signed $zone"
# Signed zone below unsigned TLD with DLV entry.
zone=child9.utld.
zone=child9.utld
infile=child.db.in
zonefile=child9.utld.db
outfile=child9.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -146,11 +146,11 @@ echo_i "signed $zone"
# Unsigned zone below an unsigned TLD with DLV entry. We still need to sign
# the zone to generate the DLV set.
zone=child10.utld.
zone=child10.utld
infile=child.db.in
zonefile=child10.utld.db
outfile=child10.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -163,11 +163,11 @@ echo_i "signed $zone"
# Zone signed with a disabled algorithm (an algorithm that is disabled in
# one of the test resolvers) with DLV entry.
zone=disabled-algorithm.utld.
zone=disabled-algorithm.utld
infile=child.db.in
zonefile=disabled-algorithm.utld.db
outfile=disabled-algorithm.utld.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
......@@ -179,11 +179,11 @@ echo_i "signed $zone"
# Zone signed with an unsupported algorithm with DLV entry.
zone=unsupported-algorithm.utld.
zone=unsupported-algorithm.utld
infile=child.db.in
zonefile=unsupported-algorithm.utld.db
outfile=unsupported-algorithm.utld.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -195,23 +195,23 @@ awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile
cp ${keyname2}.key ${keyname2}.tmp
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
cp dlvset-${zone} dlvset-${zone}tmp
awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}
cp dlvset-${zone}${TP} dlvset-${zone}tmp
awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}${TP}
echo_i "signed $zone"
# Signed zone below signed TLD with DLV entry and DS set.
zone=child1.druz.
zone=child1.druz
infile=child.db.in
zonefile=child1.druz.db
outfile=child1.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -220,17 +220,17 @@ echo_i "signed $zone"
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
# signed with a disabled algorithm.
zone=child3.druz.
zone=child3.druz
infile=child.db.in
zonefile=child3.druz.db
outfile=child3.druz.signed
disableddlvsets="$disableddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
disableddssets="$disableddssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
disableddssets="$disableddssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -239,12 +239,12 @@ echo_i "signed $zone"
# Signed zone below signed TLD with DLV entry and DS set, but missing
# DS records for the grandchildren.
zone=child4.druz.
zone=child4.druz
infile=child.db.in
zonefile=child4.druz.db
outfile=child4.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -257,17 +257,17 @@ echo_i "signed $zone"
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
# signed with an unsupported algorithm algorithm.
zone=child5.druz.
zone=child5.druz
infile=child.db.in
zonefile=child5.druz.db
outfile=child5.druz.signed
unsupporteddlvsets="$unsupporteddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
unsupporteddssets="$unsupportedssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
unsupporteddssets="$unsupportedssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -275,16 +275,16 @@ echo_i "signed $zone"
# Signed zone below signed TLD without DLV entry, but with normal DS set.
zone=child7.druz.
zone=child7.druz
infile=child.db.in
zonefile=child7.druz.db
outfile=child7.druz.signed
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
dsfilename=../ns6/dsset-grand.${zone}${TP}
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
......@@ -293,7 +293,7 @@ echo_i "signed $zone"
# Signed zone below signed TLD without DLV entry and no DS set. Also DS
# records for the grandchildren are not included in the zone.
zone=child8.druz.
zone=child8.druz
infile=child.db.in
zonefile=child8.druz.db
outfile=child8.druz.signed
......@@ -309,11 +309,11 @@ echo_i "signed $zone"
# Signed zone below signed TLD with DLV entry but no DS set. Also DS
# records for the grandchildren are not included in the zone.
zone=child9.druz.
zone=child9.druz
infile=child.db.in
zonefile=child9.druz.db
outfile=child9.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -326,12 +326,12 @@ echo_i "signed $zone"
# Unsigned zone below signed TLD with DLV entry and DS set. We still need to
# sign the zone to generate the DS sets.
zone=child10.druz.
zone=child10.druz
infile=child.db.in
zonefile=child10.druz.db
outfile=child10.druz.signed
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dlvsets="$dlvsets dlvset-${zone}${TP}"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
......@@ -347,23 +347,23 @@ cp $unsupporteddssets ../ns2
# DLV zones
infile=dlv.db.in
for zone in dlv.utld. disabled-algorithm-dlv.utld. unsupported-algorithm-dlv.utld.
for zone in dlv.utld disabled-algorithm-dlv.utld unsupported-algorithm-dlv.utld
do
zonefile="${zone}db"
outfile="${zone}signed"
zonefile="${zone}.db"
outfile="${zone}.signed"
case $zone in
"dlv.utld.")
"dlv.utld")
algorithm=$DEFAULT_ALGORITHM
bits=$DEFAULT_BITS
dlvfiles=$dlvsets
;;
"disabled-algorithm-dlv.utld.")
"disabled-algorithm-dlv.utld")
algorithm=$DISABLED_ALGORITHM
bits=$DISABLED_BITS
dlvfiles=$disableddlvsets
;;
"unsupported-algorithm-dlv.utld.")
"unsupported-algorithm-dlv.utld")
algorithm=$DEFAULT_ALGORITHM
bits=$DEFAULT_BITS
dlvfiles=$unsupporteddlvsets
......@@ -376,15 +376,15 @@ do
cat $infile $dlvfiles $keyname1.key $keyname2.key >$zonefile
case $zone in
"dlv.utld.")
"dlv.utld")
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
keyfile_to_trusted_keys $keyname2 > ../ns5/trusted-dlv.conf
;;
"disabled-algorithm-dlv.utld.")
"disabled-algorithm-dlv.utld")
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
keyfile_to_trusted_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf
;;
"unsupported-algorithm-dlv.utld.")
"unsupported-algorithm-dlv.utld")
cp ${keyname2}.key ${keyname2}.tmp
$SIGNER -O full -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
......
......@@ -138,7 +138,7 @@ cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
# Sign the privately secure file
privzone=private.secure.example.
privzone=private.secure.example
privinfile=private.secure.example.db.in
privzonefile=private.secure.example.db
......@@ -153,7 +153,7 @@ cat "$privinfile" "$privkeyname.key" > "$privzonefile"
dlvzone=dlv.
dlvinfile=dlv.db.in
dlvzonefile=dlv.db
dlvsetfile="dlvset-$(echo "$privzone" |sed -e "s/\\.$//g")$TP"
dlvsetfile="dlvset-${privzone}${TP}"
dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$dlvzone")
......
......@@ -261,7 +261,7 @@ cat "$infile" "$keyname.key" > "$zonefile"
# A zone that is signed with an unknown DNSKEY algorithm.
# Algorithm 7 is replaced by 100 in the zone and dsset.
#
zone=dnskey-unknown.example.
zone=dnskey-unknown.example
infile=dnskey-unknown.example.db.in
zonefile=dnskey-unknown.example.db
......@@ -273,14 +273,14 @@ cat "$infile" "$keyname.key" > "$zonefile"
awk '$4 == "DNSKEY" { $7 = 100 } $4 == "RRSIG" { $6 = 100 } { print }' ${zonefile}.tmp > ${zonefile}.signed
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
DSFILE="dsset-${zone}${TP}"
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
#
# A zone that is signed with an unsupported DNSKEY algorithm (3).
# Algorithm 7 is replaced by 255 in the zone and dsset.
#
zone=dnskey-unsupported.example.
zone=dnskey-unsupported.example
infile=dnskey-unsupported.example.db.in
zonefile=dnskey-unsupported.example.db
......@@ -292,14 +292,14 @@ cat "$infile" "$keyname.key" > "$zonefile"
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
DSFILE="dsset-${zone}${TP}"
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
#
# A zone with a published unsupported DNSKEY algorithm (Reserved).
# Different from above because this key is not intended for signing.
#
zone=dnskey-unsupported-2.example.
zone=dnskey-unsupported-2.example
infile=dnskey-unsupported-2.example.db.in
zonefile=dnskey-unsupported-2.example.db
......@@ -314,7 +314,7 @@ cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key > "$zonefile"
# A zone with a unknown DNSKEY algorithm + unknown NSEC3 hash algorithm (-U).
# Algorithm 7 is replaced by 100 in the zone and dsset.
#
zone=dnskey-nsec3-unknown.example.
zone=dnskey-nsec3-unknown.example
infile=dnskey-nsec3-unknown.example.db.in
zonefile=dnskey-nsec3-unknown.example.db
......@@ -326,7 +326,7 @@ cat "$infile" "$keyname.key" > "$zonefile"
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
DSFILE="dsset-${zone}${TP}"
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
#
......
......@@ -12,10 +12,10 @@
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
zone1=good.
zone1=good
infile1=good.db.in
zonefile1=good.db
zone2=bad.
zone2=bad
infile2=bad.db.in
zonefile2=bad.db
......@@ -30,8 +30,8 @@ cat $infile2 $keyname21.key $keyname22.key >$zonefile2
$SIGNER -P -g -o $zone1 $zonefile1 > /dev/null
$SIGNER -P -g -o $zone2 $zonefile2 > /dev/null
DSFILENAME1=dsset-`echo $zone1 |sed -e "s/\.$//g"`$TP
DSFILENAME2=dsset-`echo $zone2 |sed -e "s/\.$//g"`$TP
DSFILENAME1=dsset-${zone1}${TP}
DSFILENAME2=dsset-${zone2}${TP}
$DSFROMKEY -a SHA-256 $keyname12 > $DSFILENAME1
$DSFROMKEY -a SHA-256 $keyname22 > $DSFILENAME2
......
......@@ -82,10 +82,10 @@ signzone () {
cat $1/$3 $1/$KEYNAME.key > $1/tmp
$SIGNER -P -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null
sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/trusted-keys {"\1" \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf
DSFILENAME=dsset-`echo $2 |sed -e "s/\.$//g"`$TP
DSFILENAME=dsset-${2}${TP}
rm $DSFILENAME $1/tmp
}
signzone ns2 tld2s. base-tld2s.db tld2s.db
signzone ns2 tld2s base-tld2s.db tld2s.db
# Performance and a few other checks.
cat <<EOF >ns5/rpz-switch
......
......@@ -16,11 +16,11 @@ SYSTESTDIR=wildcard
dssets=
zone=dlv.
zone=dlv
infile=dlv.db.in
zonefile=dlv.db
outfile=dlv.db.signed
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
......@@ -30,11 +30,11 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
zone=nsec.
zone=nsec
infile=nsec.db.in
zonefile=nsec.db
outfile=nsec.db.signed
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
......@@ -44,7 +44,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
zone=private.nsec.
zone=private.nsec
infile=private.nsec.db.in
zonefile=private.nsec.db
outfile=private.nsec.db.signed
......@@ -59,11 +59,11 @@ echo_i "signed $zone"
keyfile_to_trusted_keys $keyname2 > private.nsec.conf
zone=nsec3.
zone=nsec3
infile=nsec3.db.in
zonefile=nsec3.db
outfile=nsec3.db.signed
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
dssets="$dssets dsset-${zone}${TP}"
keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
......@@ -73,7 +73,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
zone=private.nsec3.
zone=private.nsec3
infile=private.nsec3.db.in
zonefile=private.nsec3.db
outfile=private.nsec3.db.signed
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment