bind/bin/tests/system/inline/tests_signed_zone_files.py

# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0.  If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.

import glob
import struct


class RawFormatHeader(dict):
    '''
    A dictionary of raw-format header fields read from a zone file.
    '''

    fields = [
        'format',
        'version',
        'dumptime',
        'flags',
        'sourceserial',
        'lastxfrin',
    ]

    def __init__(self, file_name):
        header = struct.Struct('>IIIIII')
        with open(file_name, 'rb') as data:
            header_data = data.read(header.size)
        super().__init__(zip(self.fields, header.unpack_from(header_data)))


def test_unsigned_serial_number():

    '''
    Check whether all signed zone files in the "ns8" subdirectory contain the
    serial number of the unsigned version of the zone in the raw-format header.
    The test assumes that all "*.signed" files in the "ns8" subdirectory are in
    raw format.

    Notes:

      - The actual zone signing and dumping happens while the tests.sh phase of
        the "inline" system test is set up and run.  This check only verifies
        the outcome of those events; it does not initiate any signing or
        dumping itself.

      - example[0-9][0-9].com.db.signed files are initially signed by
        dnssec-signzone while the others - by named.
    '''

    zones_with_unsigned_serial_missing = []

    for signed_zone in sorted(glob.glob('ns8/*.signed')):
        raw_header = RawFormatHeader(signed_zone)
        # Ensure the unsigned serial number is placed where it is expected.
        assert raw_header['format'] == 2
        assert raw_header['version'] == 1
        # Check whether the header flags indicate that the unsigned serial
        # number is set and that the latter is indeed set.
        if raw_header['flags'] & 0x02 == 0 or raw_header['sourceserial'] == 0:
            zones_with_unsigned_serial_missing.append(signed_zone)

    assert not zones_with_unsigned_serial_missing
Check unsigned serial number in signed zone files All signed zone files present in bin/tests/system/inline/ns8 should contain the unsigned serial number in the raw-format header. Add a check to ensure that is the case. Extend the dnssec-signzone command line in ns8/sign.sh with the -L option to allow the zones initially signed there to pass the newly added check. Add another zone to the configuration for the ns8 named instance to ensure the check also passes when multiple zones are inline-signed by a single named instance. 2022-01-04 15:41:46 +01:00			`# Copyright (C) Internet Systems Consortium, Inc. ("ISC")`
			`#`
Update the copyright information in all files in the repository This commit converts the license handling to adhere to the REUSE specification. It specifically: 1. Adds used licnses to LICENSES/ directory 2. Add "isc" template for adding the copyright boilerplate 3. Changes all source files to include copyright and SPDX license header, this includes all the C sources, documentation, zone files, configuration files. There are notes in the doc/dev/copyrights file on how to add correct headers to the new files. 4. Handle the rest that can't be modified via .reuse/dep5 file. The binary (or otherwise unmodifiable) files could have license places next to them in <foo>.license file, but this would lead to cluttered repository and most of the files handled in the .reuse/dep5 file are system test files. 2021-06-03 08:37:05 +02:00			`# SPDX-License-Identifier: MPL-2.0`
			`#`
Check unsigned serial number in signed zone files All signed zone files present in bin/tests/system/inline/ns8 should contain the unsigned serial number in the raw-format header. Add a check to ensure that is the case. Extend the dnssec-signzone command line in ns8/sign.sh with the -L option to allow the zones initially signed there to pass the newly added check. Add another zone to the configuration for the ns8 named instance to ensure the check also passes when multiple zones are inline-signed by a single named instance. 2022-01-04 15:41:46 +01:00			`# This Source Code Form is subject to the terms of the Mozilla Public`
Update the copyright information in all files in the repository This commit converts the license handling to adhere to the REUSE specification. It specifically: 1. Adds used licnses to LICENSES/ directory 2. Add "isc" template for adding the copyright boilerplate 3. Changes all source files to include copyright and SPDX license header, this includes all the C sources, documentation, zone files, configuration files. There are notes in the doc/dev/copyrights file on how to add correct headers to the new files. 4. Handle the rest that can't be modified via .reuse/dep5 file. The binary (or otherwise unmodifiable) files could have license places next to them in <foo>.license file, but this would lead to cluttered repository and most of the files handled in the .reuse/dep5 file are system test files. 2021-06-03 08:37:05 +02:00			`# License, v. 2.0. If a copy of the MPL was not distributed with this`
Check unsigned serial number in signed zone files All signed zone files present in bin/tests/system/inline/ns8 should contain the unsigned serial number in the raw-format header. Add a check to ensure that is the case. Extend the dnssec-signzone command line in ns8/sign.sh with the -L option to allow the zones initially signed there to pass the newly added check. Add another zone to the configuration for the ns8 named instance to ensure the check also passes when multiple zones are inline-signed by a single named instance. 2022-01-04 15:41:46 +01:00			`# file, you can obtain one at https://mozilla.org/MPL/2.0/.`
			`#`
			`# See the COPYRIGHT file distributed with this work for additional`
			`# information regarding copyright ownership.`

			`import glob`
			`import struct`


			`class RawFormatHeader(dict):`
			`'''`
			`A dictionary of raw-format header fields read from a zone file.`
			`'''`

			`fields = [`
			`'format',`
			`'version',`
			`'dumptime',`
			`'flags',`
			`'sourceserial',`
			`'lastxfrin',`
			`]`

			`def __init__(self, file_name):`
			`header = struct.Struct('>IIIIII')`
			`with open(file_name, 'rb') as data:`
			`header_data = data.read(header.size)`
			`super().__init__(zip(self.fields, header.unpack_from(header_data)))`


			`def test_unsigned_serial_number():`

			`'''`
			`Check whether all signed zone files in the "ns8" subdirectory contain the`
			`serial number of the unsigned version of the zone in the raw-format header.`
			`The test assumes that all "*.signed" files in the "ns8" subdirectory are in`
			`raw format.`

			`Notes:`

			`- The actual zone signing and dumping happens while the tests.sh phase of`
			`the "inline" system test is set up and run. This check only verifies`
			`the outcome of those events; it does not initiate any signing or`
			`dumping itself.`

			`- example[0-9][0-9].com.db.signed files are initially signed by`
			`dnssec-signzone while the others - by named.`
			`'''`

			`zones_with_unsigned_serial_missing = []`

			`for signed_zone in sorted(glob.glob('ns8/*.signed')):`
			`raw_header = RawFormatHeader(signed_zone)`
			`# Ensure the unsigned serial number is placed where it is expected.`
			`assert raw_header['format'] == 2`
			`assert raw_header['version'] == 1`
			`# Check whether the header flags indicate that the unsigned serial`
			`# number is set and that the latter is indeed set.`
			`if raw_header['flags'] & 0x02 == 0 or raw_header['sourceserial'] == 0:`
			`zones_with_unsigned_serial_missing.append(signed_zone)`

			`assert not zones_with_unsigned_serial_missing`