diff --git a/bin/Makefile.in b/bin/Makefile.in index e4805520e7..077c1c6976 100644 --- a/bin/Makefile.in +++ b/bin/Makefile.in @@ -20,7 +20,7 @@ VPATH = @srcdir@ top_srcdir = @top_srcdir@ SUBDIRS = named rndc dig dnssec tests tools nsupdate \ - check confgen @PKCS11_TOOLS@ + check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@ TARGETS = @BIND9_MAKE_RULES@ diff --git a/bin/python/.gitignore b/bin/python/.gitignore new file mode 100644 index 0000000000..7df1706762 --- /dev/null +++ b/bin/python/.gitignore @@ -0,0 +1,2 @@ +dnssec-checkds +dnssec-checkds.py diff --git a/bin/python/Makefile.in b/bin/python/Makefile.in new file mode 100644 index 0000000000..3ffa95710c --- /dev/null +++ b/bin/python/Makefile.in @@ -0,0 +1,50 @@ +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +srcdir = @srcdir@ +VPATH = @srcdir@ +top_srcdir = @top_srcdir@ + +@BIND9_MAKE_INCLUDES@ + +PYTHON = @PYTHON@ + +TARGETS = dnssec-checkds +SRCS = dnssec-checkds.py + +MANPAGES = dnssec-checkds.8 +HTMLPAGES = dnssec-checkds.html +MANOBJS = ${MANPAGES} ${HTMLPAGES} + +@BIND9_MAKE_RULES@ + +dnssec-checkds: ${srcdir}/dnssec-checkds.py + cp -f $< $@ + chmod +x $@ + +doc man:: ${MANOBJS} + +docclean manclean maintainer-clean:: + rm -f ${MANOBJS} + +installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8 + +install:: ${TARGETS} installdirs + ${INSTALL_PROGRAM} dnssec-checkds@EXEEXT@ ${DESTDIR}${sbindir} + ${INSTALL_DATA} ${srcdir}/dnssec-checkds.8 ${DESTDIR}${mandir}/man8 + +clean distclean:: + rm -f ${TARGETS} diff --git a/bin/python/dnssec-checkds.8 b/bin/python/dnssec-checkds.8 new file mode 100644 index 0000000000..097967a8b1 --- /dev/null +++ b/bin/python/dnssec-checkds.8 @@ -0,0 +1,80 @@ +.\" Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +.\" +.\" Permission to use, copy, modify, and/or distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.\" $Id$ +.\" +.hy 0 +.ad l +.\" Title: dnssec\-checkds +.\" Author: +.\" Generator: DocBook XSL Stylesheets v1.71.1 +.\" Date: April 11, 2012 +.\" Manual: BIND9 +.\" Source: BIND9 +.\" +.TH "DNSSEC\-CHECKDS" "8" "April 11, 2012" "BIND9" "BIND9" +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.SH "NAME" +dnssec\-dsfromkey \- DNSSEC DS RR generation tool +.SH "SYNOPSIS" +.HP 15 +\fBdnssec\-chedkcs\fR [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-d\ \fR\fB\fIdig\ path\fR\fR] [\fB\-D\ \fR\fB\fIdsfromkey\ path\fR\fR] {zone} +.HP 17 +\fBdnssec\-dsfromkey\fR [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-d\ \fR\fB\fIdig\ path\fR\fR] [\fB\-D\ \fR\fB\fIdsfromkey\ path\fR\fR] {zone} +.SH "DESCRIPTION" +.PP +\fBdnssec\-checkds\fR +verifies the correctness of Delegation Signer (DS) or DNSSEC Lookaside Validation (DLV) resource records for keys in a specified zone. +.SH "OPTIONS" +.PP +\-f \fIfile\fR +.RS 4 +If a +\fBfile\fR +is specified, then the zone is read from that file to find the DNSKEY records. If not, then the DNSKEY records for the zone are looked up in the DNS. +.RE +.PP +\-l \fIdomain\fR +.RS 4 +Check for a DLV record in the specified lookaside domain, instead of checking for a DS record in the zone's parent. For example, to check for DLV records for "example.com" in ISC's DLV zone, use: +\fBdnssec\-checkds \-l dlv.isc.org example.com\fR +.RE +.PP +\-d \fIdig path\fR +.RS 4 +Specifies a path to a +\fBdig\fR +binary. Used for testing. +.RE +.PP +\-D \fIdsfromkey path\fR +.RS 4 +Specifies a path to a +\fBdnssec\-dsfromkey\fR +binary. Used for testing. +.RE +.SH "SEE ALSO" +.PP +\fBdnssec\-dsfromkey\fR(8), +\fBdnssec\-keygen\fR(8), +\fBdnssec\-signzone\fR(8), +.SH "AUTHOR" +.PP +Internet Systems Consortium +.SH "COPYRIGHT" +Copyright \(co 2012 Internet Systems Consortium, Inc. ("ISC") +.br diff --git a/bin/python/dnssec-checkds.docbook b/bin/python/dnssec-checkds.docbook new file mode 100644 index 0000000000..bd62faed10 --- /dev/null +++ b/bin/python/dnssec-checkds.docbook @@ -0,0 +1,145 @@ +]> + + + + + April 11, 2012 + + + + dnssec-checkds + 8 + BIND9 + + + + dnssec-dsfromkey + DNSSEC DS RR generation tool + + + + + 2012 + Internet Systems Consortium, Inc. ("ISC") + + + + + + dnssec-chedkcs + + + + + zone + + + dnssec-dsfromkey + + + + + zone + + + + + DESCRIPTION + dnssec-checkds + verifies the correctness of Delegation Signer (DS) or DNSSEC + Lookaside Validation (DLV) resource records for keys in a specified + zone. + + + + + OPTIONS + + + + -f file + + + If a is specified, then the zone is + read from that file to find the DNSKEY records. If not, + then the DNSKEY records for the zone are looked up in the DNS. + + + + + + -l domain + + + Check for a DLV record in the specified lookaside domain, + instead of checking for a DS record in the zone's parent. + For example, to check for DLV records for "example.com" + in ISC's DLV zone, use: + dnssec-checkds -l dlv.isc.org example.com + + + + + + -d dig path + + + Specifies a path to a dig binary. Used + for testing. + + + + + + -D dsfromkey path + + + Specifies a path to a dnssec-dsfromkey binary. + Used for testing. + + + + + + + + SEE ALSO + + dnssec-dsfromkey8 + , + + dnssec-keygen8 + , + + dnssec-signzone8 + , + + + + + AUTHOR + Internet Systems Consortium + + + + diff --git a/bin/python/dnssec-checkds.html b/bin/python/dnssec-checkds.html new file mode 100644 index 0000000000..9a7e32309d --- /dev/null +++ b/bin/python/dnssec-checkds.html @@ -0,0 +1,84 @@ + + + + + +dnssec-checkds + + +
+
+
+

Name

+

dnssec-dsfromkey — DNSSEC DS RR generation tool

+
+
+

Synopsis

+

dnssec-chedkcs [-l domain] [-f file] [-d dig path] [-D dsfromkey path] {zone}

+

dnssec-dsfromkey [-l domain] [-f file] [-d dig path] [-D dsfromkey path] {zone}

+
+
+

DESCRIPTION

+

dnssec-checkds + verifies the correctness of Delegation Signer (DS) or DNSSEC + Lookaside Validation (DLV) resource records for keys in a specified + zone. +

+
+
+

OPTIONS

+
+
-f file
+

+ If a file is specified, then the zone is + read from that file to find the DNSKEY records. If not, + then the DNSKEY records for the zone are looked up in the DNS. +

+
-l domain
+

+ Check for a DLV record in the specified lookaside domain, + instead of checking for a DS record in the zone's parent. + For example, to check for DLV records for "example.com" + in ISC's DLV zone, use: + dnssec-checkds -l dlv.isc.org example.com +

+
-d dig path
+

+ Specifies a path to a dig binary. Used + for testing. +

+
-D dsfromkey path
+

+ Specifies a path to a dnssec-dsfromkey binary. + Used for testing. +

+
+
+
+

SEE ALSO

+

dnssec-dsfromkey(8), + dnssec-keygen(8), + dnssec-signzone(8), +

+
+
+

AUTHOR

+

Internet Systems Consortium +

+
+
+ diff --git a/bin/python/dnssec-checkds.py.in b/bin/python/dnssec-checkds.py.in new file mode 100644 index 0000000000..2f1c853ada --- /dev/null +++ b/bin/python/dnssec-checkds.py.in @@ -0,0 +1,274 @@ +#!@PYTHON@ +############################################################################ +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. +############################################################################ + +import argparse +import pprint +import os + +def shellquote(s): + return "'" + s.replace("'", "'\\''") + "'" + +############################################################################ +# DSRR class: +# Delegation Signer (DS) resource record +############################################################################ +class DSRR: + hashalgs = {1: 'SHA-1', 2: 'SHA-256', 3: 'GOST'} + rrname='' + rrclass='IN' + rrtype='DS' + keyid=None + keyalg=None + hashalg=None + digest='' + ttl=0 + + def __init__(self, rrtext): + if not rrtext: + return + + fields = rrtext.split() + if len(fields) < 7: + return + + self.rrname = fields[0].lower() + fields = fields[1:] + if fields[0].upper() in ['IN','CH','HS']: + self.rrclass = fields[0].upper() + fields = fields[1:] + else: + self.ttl = int(fields[0]) + self.rrclass = fields[1].upper() + fields = fields[2:] + + if fields[0].upper() != 'DS': + raise Exception + + self.rrtype = 'DS' + self.keyid = int(fields[1]) + self.keyalg = int(fields[2]) + self.hashalg = int(fields[3]) + self.digest = ''.join(fields[4:]).upper() + + def __repr__(self): + return('%s %s %s %d %d %d %s' % + (self.rrname, self.rrclass, self.rrtype, self.keyid, + self.keyalg, self.hashalg, self.digest)) + + def __eq__(self, other): + return self.__repr__() == other.__repr__() + +############################################################################ +# DLVRR class: +# DNSSEC Lookaside Validation (DLV) resource record +############################################################################ +class DLVRR: + hashalgs = {1: 'SHA-1', 2: 'SHA-256', 3: 'GOST'} + parent='' + dlvname='' + rrname='IN' + rrclass='IN' + rrtype='DLV' + keyid=None + keyalg=None + hashalg=None + digest='' + ttl=0 + + def __init__(self, rrtext, dlvname): + if not rrtext: + return + + fields = rrtext.split() + if len(fields) < 7: + return + + self.dlvname = dlvname.lower() + parent = fields[0].lower().strip('.').split('.') + parent.reverse() + dlv = dlvname.split('.') + dlv.reverse() + while len(dlv) != 0 and len(parent) != 0 and parent[0] == dlv[0]: + parent = parent[1:] + dlv = dlv[1:] + if len(dlv) != 0: + raise Exception + parent.reverse() + self.parent = '.'.join(parent) + self.rrname = self.parent + '.' + self.dlvname + '.' + + fields = fields[1:] + if fields[0].upper() in ['IN','CH','HS']: + self.rrclass = fields[0].upper() + fields = fields[1:] + else: + self.ttl = int(fields[0]) + self.rrclass = fields[1].upper() + fields = fields[2:] + + if fields[0].upper() != 'DLV': + raise Exception + + self.rrtype = 'DLV' + self.keyid = int(fields[1]) + self.keyalg = int(fields[2]) + self.hashalg = int(fields[3]) + self.digest = ''.join(fields[4:]).upper() + + def __repr__(self): + return('%s %s %s %d %d %d %s' % + (self.rrname, self.rrclass, self.rrtype, + self.keyid, self.keyalg, self.hashalg, self.digest)) + + def __eq__(self, other): + return self.__repr__() == other.__repr__() + +############################################################################ +# checkds: +# Fetch DS RRset for the given zone from the DNS; fetch DNSKEY +# RRset from the masterfile if specified, or from DNS if not. +# Generate a set of expected DS records from the DNSKEY RRset, +# and report on congruency. +############################################################################ +def checkds(zone, masterfile = None): + dslist=[] + fp=os.popen("%s +noall +answer -t ds -q %s" % + (shellquote(args.dig), shellquote(zone))) + for line in fp: + dslist.append(DSRR(line)) + dslist = sorted(dslist, key=lambda ds: (ds.keyid, ds.keyalg, ds.hashalg)) + fp.close() + + dsklist=[] + + if masterfile: + fp = os.popen("%s -f %s %s " % + (shellquote(args.dsfromkey), shellquote(masterfile), + shellquote(zone))) + else: + fp = os.popen("%s +noall +answer -t dnskey -q %s | %s -f - %s" % + (shellquote(args.dig), shellquote(zone), + shellquote(args.dsfromkey), shellquote(zone))) + + for line in fp: + dsklist.append(DSRR(line)) + + fp.close() + + found = False + for ds in dsklist: + if ds in dslist: + print ("DS for KSK %s/%03d/%05d (%s) found in parent" % + (ds.rrname.strip('.'), ds.keyalg, + ds.keyid, DSRR.hashalgs[ds.hashalg])) + found = True + else: + print ("No DS records found for KSK %s/%03d/%05d" % + (ds.rrname, ds.keyalg, ds.keyid)) + + return found + +############################################################################ +# checkdlv: +# Fetch DLV RRset for the given zone from the DNS; fetch DNSKEY +# RRset from the masterfile if specified, or from DNS if not. +# Generate a set of expected DLV records from the DNSKEY RRset, +# and report on congruency. +############################################################################ +def checkdlv(zone, lookaside, masterfile = None): + dlvlist=[] + fp=os.popen("%s +noall +answer -t dlv -q %s" % + (shellquote(args.dig), shellquote(zone + '.' + lookaside))) + for line in fp: + dlvlist.append(DLVRR(line, lookaside)) + dlvlist = sorted(dlvlist, + key=lambda dlv: (dlv.keyid, dlv.keyalg, dlv.hashalg)) + fp.close() + + # + # Fetch DNSKEY records from DNS and generate DLV records from them + # + dlvklist=[] + if masterfile: + fp = os.popen("%s -f %s -l %s %s " % + (args.dsfromkey, masterfile, lookaside, zone)) + else: + fp = os.popen("%s +noall +answer -t dnskey %s | %s -f - -l %s %s" + % (shellquote(args.dig), shellquote(zone), + shellquote(args.dsfromkey), shellquote(lookaside), + shellquote(zone))) + + for line in fp: + dlvklist.append(DLVRR(line, lookaside)) + + fp.close() + + found = False + for dlv in dlvklist: + if dlv in dlvlist: + print ("DLV for KSK %s/%03d/%05d (%s) found in %s" % + (dlv.parent, dlv.keyalg, dlv.keyid, + DLVRR.hashalgs[dlv.hashalg], dlv.dlvname)) + found = True + else: + print ("No DLV records found for KSK %s/%03d/%05d in %s" % + (dlv.parent, dlv.keyalg, dlv.keyid, dlv.dlvname)) + + return found + + +############################################################################ +# parse_args: +# Read command line arguments, set global 'args' structure +############################################################################ +def parse_args(): + global args + parser = argparse.ArgumentParser(description='checkds: checks DS coverage') + + parser.add_argument('zone', type=str, help='zone to check') + parser.add_argument('-f', '--file', dest='masterfile', type=str, + help='zone master file') + parser.add_argument('-l', '--lookaside', dest='lookaside', type=str, + help='DLV lookaside zone') + parser.add_argument('-d', '--dig', dest='dig', + default='@prefix@/bin/dig', type=str, + help='path to \'dig\'') + parser.add_argument('-D', '--dsfromkey', dest='dsfromkey', + default='@prefix@/sbin/dnssec-dsfromkey', type=str, + help='path to \'dig\'') + parser.add_argument('-v', '--version', action='version', version='9.9.1') + args = parser.parse_args() + + args.zone = args.zone.strip('.') + if args.lookaside: + lookaside = args.lookaside.strip('.') + +############################################################################ +# Main +############################################################################ +def main(): + parse_args() + + if args.lookaside: + found = checkdlv(args.zone, args.lookaside, args.masterfile) + else: + found = checkds(args.zone, args.masterfile) + + exit(0 if found else 1) + +if __name__ == "__main__": + main() diff --git a/bin/tests/system/checkds/clean.sh b/bin/tests/system/checkds/clean.sh new file mode 100644 index 0000000000..58c51f41f6 --- /dev/null +++ b/bin/tests/system/checkds/clean.sh @@ -0,0 +1,16 @@ +#!/bin/sh +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +rm -f checkds.* diff --git a/bin/tests/system/checkds/dig.sh b/bin/tests/system/checkds/dig.sh new file mode 100755 index 0000000000..ef7553c80e --- /dev/null +++ b/bin/tests/system/checkds/dig.sh @@ -0,0 +1,29 @@ +#!/bin/sh +############################################################################ +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. +############################################################################ + +while [ "$#" != 0 ]; do + case $1 in + +*) shift ;; + -t) shift ;; + DS|ds) ext=ds ; shift ;; + DLV|dlv) ext=dlv ; shift ;; + DNSKEY|dnskey) ext=dnskey ; shift ;; + *) file=$1 ; shift ;; + esac +done + +cat ${file}.${ext}.db diff --git a/bin/tests/system/checkds/missing.example.dlv.example.dlv.db b/bin/tests/system/checkds/missing.example.dlv.example.dlv.db new file mode 100644 index 0000000000..5dd94621c6 --- /dev/null +++ b/bin/tests/system/checkds/missing.example.dlv.example.dlv.db @@ -0,0 +1,2 @@ +missing.example.dlv.example. 3600 IN DLV 12892 5 1 9D4CD60491D372207FA584D2EE460CC51D7FF8A7 +missing.example.dlv.example. 3600 IN DLV 12892 5 2 EF59E5C70BC4153B7DB4C11F9C36B729577DA71474E0A5C9B8875173 6E583200 diff --git a/bin/tests/system/checkds/missing.example.dnskey.db b/bin/tests/system/checkds/missing.example.dnskey.db new file mode 100644 index 0000000000..e372130f1d --- /dev/null +++ b/bin/tests/system/checkds/missing.example.dnskey.db @@ -0,0 +1,3 @@ +missing.example. 3600 IN DNSKEY 257 3 5 AwEAAc6Cz10GXEh5lxA9ujTY/QarTajcUOBwwBYIeldjRsgoouK/UioY FYgxEFL0O5JK6YCRUoGzl3EgLr5GvNyhIp1PZpOpHf7o/4MVOZTGJzm/ sHWP5B+KcYjQOxJiDb433iCmRM4DpHPUUoxw0QbZglzAzl5MfKBoyZud lH59DdT/50bkBg8iVu35EzuW0SYt31k70hxHBSb2wAGWeqxEPKJ1nQiI UcrWNDeem7byrqjPN9wyZhq0XkQ9qbcYxAkRNd8Y7P0FyR1YKJMc6SWZ Ru7muvxqTHgCtJVgxVz4qndCFKdYidiDeKe2/X/z5gf7pyYl3549O8JR tWdNKqutppk= +missing.example. 3600 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjG rhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA +u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy 347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQ zBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysy LKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/b ByBNsO70aEFTd +missing.example. 3600 IN DNSKEY 256 3 5 BQEAAAAB2F1v2HWzCCE9vNsKfk0K8vd4EBwizNT9KO6WYXj0oxEL4eOJ aXbax/BzPFx+3qO8B8pu8E/JjkWH0oaYz4guUyTVmT5Eelg44Vb1kssy q8W27oQ+9qNiP8Jv6zdOj0uCB/N0fxfVL3371xbednFqoECfSFDZa6Hw jU1qzveSsW0= diff --git a/bin/tests/system/checkds/missing.example.ds.db b/bin/tests/system/checkds/missing.example.ds.db new file mode 100644 index 0000000000..540ec0bdcb --- /dev/null +++ b/bin/tests/system/checkds/missing.example.ds.db @@ -0,0 +1,2 @@ +missing.example. 3600 IN DS 12892 5 2 EF59E5C70BC4153B7DB4C11F9C36B729577DA71474E0A5C9B8875173 6E583200 +missing.example. 3600 IN DS 12892 5 1 9D4CD60491D372207FA584D2EE460CC51D7FF8A7 diff --git a/bin/tests/system/checkds/none.example.dlv.example.dlv.db b/bin/tests/system/checkds/none.example.dlv.example.dlv.db new file mode 100644 index 0000000000..e69de29bb2 diff --git a/bin/tests/system/checkds/none.example.dnskey.db b/bin/tests/system/checkds/none.example.dnskey.db new file mode 100644 index 0000000000..76ae905ffd --- /dev/null +++ b/bin/tests/system/checkds/none.example.dnskey.db @@ -0,0 +1,3 @@ +none.example. 3600 IN DNSKEY 257 3 5 AwEAAc6Cz10GXEh5lxA9ujTY/QarTajcUOBwwBYIeldjRsgoouK/UioY FYgxEFL0O5JK6YCRUoGzl3EgLr5GvNyhIp1PZpOpHf7o/4MVOZTGJzm/ sHWP5B+KcYjQOxJiDb433iCmRM4DpHPUUoxw0QbZglzAzl5MfKBoyZud lH59DdT/50bkBg8iVu35EzuW0SYt31k70hxHBSb2wAGWeqxEPKJ1nQiI UcrWNDeem7byrqjPN9wyZhq0XkQ9qbcYxAkRNd8Y7P0FyR1YKJMc6SWZ Ru7muvxqTHgCtJVgxVz4qndCFKdYidiDeKe2/X/z5gf7pyYl3549O8JR tWdNKqutppk= +none.example. 3600 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjG rhhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA +u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy 347cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQ zBkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysy LKOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/b ByBNsO70aEFTd +none.example. 3600 IN DNSKEY 256 3 5 BQEAAAAB2F1v2HWzCCE9vNsKfk0K8vd4EBwizNT9KO6WYXj0oxEL4eOJ aXbax/BzPFx+3qO8B8pu8E/JjkWH0oaYz4guUyTVmT5Eelg44Vb1kssy q8W27oQ+9qNiP8Jv6zdOj0uCB/N0fxfVL3371xbednFqoECfSFDZa6Hw jU1qzveSsW0= diff --git a/bin/tests/system/checkds/none.example.ds.db b/bin/tests/system/checkds/none.example.ds.db new file mode 100644 index 0000000000..e69de29bb2 diff --git a/bin/tests/system/checkds/ok.example.dlv.example.dlv.db b/bin/tests/system/checkds/ok.example.dlv.example.dlv.db new file mode 100644 index 0000000000..5896bcc7b4 --- /dev/null +++ b/bin/tests/system/checkds/ok.example.dlv.example.dlv.db @@ -0,0 +1,2 @@ +ok.example.dlv.example. 3600 IN DLV 12892 5 1 7AA4A3F416C2F2391FB7AB0D434F762CD62D1390 +ok.example.dlv.example. 3600 IN DLV 12892 5 2 26584835CA80C81C91999F31CFAF2A0E89D4FF1C8FAFD0DDB31A85C7 19277C13 diff --git a/bin/tests/system/checkds/ok.example.dnskey.db b/bin/tests/system/checkds/ok.example.dnskey.db new file mode 100644 index 0000000000..c767c8fc78 --- /dev/null +++ b/bin/tests/system/checkds/ok.example.dnskey.db @@ -0,0 +1,2 @@ +ok.example. 625 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGr hhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+ u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy3 47cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQz Bkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyL KOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bB yBNsO70aEFTd +ok.example. 625 IN DNSKEY 256 3 5 BQEAAAAB2F1v2HWzCCE9vNsKfk0K8vd4EBwizNT9KO6WYXj0oxEL4eOJ aXbax/BzPFx+3qO8B8pu8E/JjkWH0oaYz4guUyTVmT5Eelg44Vb1kssy q8W27oQ+9qNiP8Jv6zdOj0uCB/N0fxfVL3371xbednFqoECfSFDZa6Hw jU1qzveSsW0= diff --git a/bin/tests/system/checkds/ok.example.ds.db b/bin/tests/system/checkds/ok.example.ds.db new file mode 100644 index 0000000000..96b159bc9b --- /dev/null +++ b/bin/tests/system/checkds/ok.example.ds.db @@ -0,0 +1,2 @@ +ok.example. 3600 IN DS 12892 5 2 26584835CA80C81C91999F31CFAF2A0E89D4FF1C8FAFD0DDB31A85C7 19277C13 +ok.example. 3600 IN DS 12892 5 1 7AA4A3F416C2F2391FB7AB0D434F762CD62D1390 diff --git a/bin/tests/system/checkds/setup.sh b/bin/tests/system/checkds/setup.sh new file mode 100644 index 0000000000..001554a735 --- /dev/null +++ b/bin/tests/system/checkds/setup.sh @@ -0,0 +1,16 @@ +#!/bin/sh +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +sh clean.sh diff --git a/bin/tests/system/checkds/tests.sh b/bin/tests/system/checkds/tests.sh new file mode 100644 index 0000000000..16750d9a7a --- /dev/null +++ b/bin/tests/system/checkds/tests.sh @@ -0,0 +1,174 @@ +#!/bin/sh +# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +DIG="./dig.sh" +chmod +x $DIG + +CHECKDS="$CHECKDS -d $DIG -D $DSFROMKEY" + +status=0 +n=1 + +echo "I:checking for correct DS, looking up key via 'dig' ($n)" +ret=0 +$CHECKDS ok.example > checkds.out.$n || ret=1 +grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for correct DS, obtaining key from file ($n)" +ret=0 +$CHECKDS -f ok.example.dnskey.db ok.example > checkds.out.$n || ret=1 +grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for correct DLV, looking up key via 'dig' ($n)" +ret=0 +$CHECKDS -l dlv.example ok.example > checkds.out.$n || ret=1 +grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for correct DLV, obtaining key from file ($n)" +ret=0 +$CHECKDS -l dlv.example -f ok.example.dnskey.db ok.example > checkds.out.$n || ret=1 +grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for incorrect DS, lowronging up key via 'dig' ($n)" +ret=0 +$CHECKDS wrong.example > checkds.out.$n || ret=1 +grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for incorrect DS, obtaining key from file ($n)" +ret=0 +$CHECKDS -f wrong.example.dnskey.db wrong.example > checkds.out.$n || ret=1 +grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for incorrect DLV, lowronging up key via 'dig' ($n)" +ret=0 +$CHECKDS -l dlv.example wrong.example > checkds.out.$n || ret=1 +grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for incorrect DLV, obtaining key from file ($n)" +ret=0 +$CHECKDS -l dlv.example -f wrong.example.dnskey.db wrong.example > checkds.out.$n || ret=1 +grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + + +echo "I:checking for partially missing DS, looking up key via 'dig' ($n)" +ret=0 +$CHECKDS missing.example > checkds.out.$n || ret=1 +grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'No DS' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for partially missing DS, obtaining key from file ($n)" +ret=0 +$CHECKDS -f missing.example.dnskey.db missing.example > checkds.out.$n || ret=1 +grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'No DS' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for partially missing DLV, looking up key via 'dig' ($n)" +ret=0 +$CHECKDS -l dlv.example missing.example > checkds.out.$n || ret=1 +grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'No DLV' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for partially missing DLV, obtaining key from file ($n)" +ret=0 +$CHECKDS -l dlv.example -f missing.example.dnskey.db missing.example > checkds.out.$n || ret=1 +grep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 +grep 'No DLV' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for entirely missing DS, looking up key via 'dig' ($n)" +ret=0 +$CHECKDS none.example > checkds.out.$n && ret=1 +grep 'No DS' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for entirely missing DS, obtaining key from file ($n)" +ret=0 +$CHECKDS -f none.example.dnskey.db none.example > checkds.out.$n && ret=1 +grep 'No DS' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for entirely missing DLV, looking up key via 'dig' ($n)" +ret=0 +$CHECKDS -l dlv.example none.example > checkds.out.$n && ret=1 +grep 'No DLV' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking for entirely missing DLV, obtaining key from file ($n)" +ret=0 +$CHECKDS -l dlv.example -f none.example.dnskey.db none.example > checkds.out.$n && ret=1 +grep 'No DLV' checkds.out.$n > /dev/null 2>&1 || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +if [ $status = 0 ]; then sh clean.sh; fi +echo "I:exit status: $status" +exit $status diff --git a/bin/tests/system/checkds/wrong.example.dlv.example.dlv.db b/bin/tests/system/checkds/wrong.example.dlv.example.dlv.db new file mode 100644 index 0000000000..096969b415 --- /dev/null +++ b/bin/tests/system/checkds/wrong.example.dlv.example.dlv.db @@ -0,0 +1,2 @@ +wrong.example.dlv.example. 3600 IN DLV 1192 5 1 684BB5119673C9272A0A7582AF8576561B5D80EC +wrong.example.dlv.example. 3600 IN DLV 1192 5 2 14E4A873360E512CD2E8C2C331C4472F5EDAB0736669901F4D42E976 3D7B1F5C diff --git a/bin/tests/system/checkds/wrong.example.dnskey.db b/bin/tests/system/checkds/wrong.example.dnskey.db new file mode 100644 index 0000000000..cc5bfd6fa1 --- /dev/null +++ b/bin/tests/system/checkds/wrong.example.dnskey.db @@ -0,0 +1,2 @@ +wrong.example. 3600 IN DNSKEY 257 3 5 AwEAAc6Cz10GXEh5lxA9ujTY/QarTajcUOBwwBYIeldjRsgoouK/UioY FYgxEFL0O5JK6YCRUoGzl3EgLr5GvNyhIp1PZpOpHf7o/4MVOZTGJzm/ sHWP5B+KcYjQOxJiDb433iCmRM4DpHPUUoxw0QbZglzAzl5MfKBoyZud lH59DdT/50bkBg8iVu35EzuW0SYt31k70hxHBSb2wAGWeqxEPKJ1nQiI UcrWNDeem7byrqjPN9wyZhq0XkQ9qbcYxAkRNd8Y7P0FyR1YKJMc6SWZ Ru7muvxqTHgCtJVgxVz4qndCFKdYidiDeKe2/X/z5gf7pyYl3549O8JR tWdNKqutppk= +wrong.example. 3600 IN DNSKEY 256 3 5 BQEAAAAB2F1v2HWzCCE9vNsKfk0K8vd4EBwizNT9KO6WYXj0oxEL4eOJ aXbax/BzPFx+3qO8B8pu8E/JjkWH0oaYz4guUyTVmT5Eelg44Vb1kssy q8W27oQ+9qNiP8Jv6zdOj0uCB/N0fxfVL3371xbednFqoECfSFDZa6Hw jU1qzveSsW0= diff --git a/bin/tests/system/checkds/wrong.example.ds.db b/bin/tests/system/checkds/wrong.example.ds.db new file mode 100644 index 0000000000..d7df6104a2 --- /dev/null +++ b/bin/tests/system/checkds/wrong.example.ds.db @@ -0,0 +1,2 @@ +wrong.example. 3600 IN DS 1192 5 1 684BB5119673C9272A0A7582AF8576561B5D80EC +wrong.example. 3600 IN DS 1192 5 2 14E4A873360E512CD2E8C2C331C4472F5EDAB0736669901F4D42E976 3D7B1F5C diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index 50ab018fa0..18ba5440de 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -42,6 +42,7 @@ SIGNER=$TOP/bin/dnssec/dnssec-signzone REVOKE=$TOP/bin/dnssec/dnssec-revoke SETTIME=$TOP/bin/dnssec/dnssec-settime DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey +CHECKDS=$TOP/bin/python/dnssec-checkds CHECKZONE=$TOP/bin/check/named-checkzone CHECKCONF=$TOP/bin/check/named-checkconf PK11GEN="$TOP/bin/pkcs11/pkcs11-keygen -s 0 -p 1234" @@ -54,7 +55,7 @@ VERIFY=$TOP/bin/dnssec/dnssec-verify # load on the machine to make it unusable to other users. # v6synth SUBDIRS="acl allow_query addzone autosign builtin cacheclean checkconf - checknames checkzone database dlv dlvauto dlz dlzexternal + checkds checknames checkzone database dlv dlvauto dlz dlzexternal dname dns64 dnssec ecdsa forward glue gost ixfr inline limits logfileconfig lwresd masterfile masterformat metadata notify nsupdate pending pkcs11 redirect resolver rndc rpz rrsetorder diff --git a/configure b/configure index 4bb62553e3..b6d3398201 100755 --- a/configure +++ b/configure @@ -1447,6 +1447,8 @@ ISC_PLATFORM_NORETURN_POST ISC_PLATFORM_NORETURN_PRE ISC_PLATFORM_HAVELONGLONG ISC_SOCKADDR_LEN_T +PYTHON_TOOLS +PYTHON PERL ETAGS LN @@ -1553,6 +1555,7 @@ with_pic with_tags enable_libbind enable_developer +with_python enable_kqueue enable_epoll enable_devpoll @@ -2271,6 +2274,7 @@ Optional Packages: --with-pic try to use only PIC/non-PIC objects [default=use both] --with-tags[=TAGS] include additional configurations [automatic] + --with-python=PATH Specify path to python interpreter --with-openssl=PATH Build with OpenSSL yes|no|path. (Required for DNSSEC) @@ -19636,6 +19640,165 @@ done +# +# Python is also optional; it is used by the tools in bin/python. +# If python is unavailable, we simply don't build those. +# + +# Check whether --with-python was given. +if test "${with_python+set}" = set; then : + withval=$with_python; use_python="$withval" +else + use_python="unspec" +fi + + +case "$use_python" in + no) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 +$as_echo "disabled" >&6; } + ;; + unspec|yes|*) + case "$use_python" in + unspec|yes|'') + for ac_prog in python +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_path_PYTHON+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + case $PYTHON in + [\\/]* | ?:[\\/]*) + ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PYTHON=$ac_cv_path_PYTHON +if test -n "$PYTHON"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 +$as_echo "$PYTHON" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$PYTHON" && break +done + + ;; + *) + for ac_prog in $use_python +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if test "${ac_cv_path_PYTHON+set}" = set; then : + $as_echo_n "(cached) " >&6 +else + case $PYTHON in + [\\/]* | ?:[\\/]*) + ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PYTHON=$ac_cv_path_PYTHON +if test -n "$PYTHON"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 +$as_echo "$PYTHON" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$PYTHON" && break +done + + ;; + esac + if test "X$PYTHON" == "X" + then + case "$use_python" in + unspec) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: disabled" >&5 +$as_echo "disabled" >&6; } + ;; + yes|*) + as_fn_error $? "missing python" "$LINENO" 5 + ;; + esac + break + fi + testscript='try: import argparse +except: exit(1)' + { $as_echo "$as_me:${as_lineno-$LINENO}: checking python module 'argparse'" >&5 +$as_echo_n "checking python module 'argparse'... " >&6; } + if $PYTHON -c "$testscript"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: found, using $PYTHON" >&5 +$as_echo "found, using $PYTHON" >&6; } + else + case "$use_python" in + unspec) + PYTHON="" + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found, python disabled" >&5 +$as_echo "not found, python disabled" >&6; } + ;; + yes) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no found" >&5 +$as_echo "no found" >&6; } + as_fn_error $? "python 'argparse' module not supported" "$LINENO" 5 + ;; + esac + fi + ;; +esac + +PYTHON_TOOLS='' +if test "X$PYTHON" != "X"; then + PYTHON_TOOLS=python +fi + + # # Special processing of paths depending on whether --prefix, # --sysconfdir or --localstatedir arguments were given. What's @@ -27877,7 +28040,7 @@ ac_config_commands="$ac_config_commands chmod" # elsewhere if there's a good reason for doing so. # -ac_config_files="$ac_config_files make/Makefile make/mkdep Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/dig/Makefile bin/dnssec/Makefile bin/named/Makefile bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile bin/tests/db/Makefile bin/tests/dst/Makefile bin/tests/hashes/Makefile bin/tests/headerdep_test.sh bin/tests/master/Makefile bin/tests/mem/Makefile bin/tests/names/Makefile bin/tests/net/Makefile bin/tests/rbt/Makefile bin/tests/resolver/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/dlz/prereq.sh bin/tests/system/dlzexternal/Makefile bin/tests/system/dlzexternal/ns1/named.conf bin/tests/system/ecdsa/prereq.sh bin/tests/system/filter-aaaa/Makefile bin/tests/system/gost/prereq.sh bin/tests/system/lwresd/Makefile bin/tests/system/rpz/Makefile bin/tests/system/rsabigexponent/Makefile bin/tests/system/tkey/Makefile bin/tests/system/tsiggss/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile contrib/check-secure-delegation.pl contrib/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter doc/misc/Makefile doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl isc-config.sh lib/Makefile lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile lib/export/Makefile lib/export/dns/Makefile lib/export/dns/include/Makefile lib/export/dns/include/dns/Makefile lib/export/dns/include/dst/Makefile lib/export/irs/Makefile lib/export/irs/include/Makefile lib/export/irs/include/irs/Makefile lib/export/isc/$thread_dir/Makefile lib/export/isc/$thread_dir/include/Makefile lib/export/isc/$thread_dir/include/isc/Makefile lib/export/isc/Makefile lib/export/isc/include/Makefile lib/export/isc/include/isc/Makefile lib/export/isc/nls/Makefile lib/export/isc/unix/Makefile lib/export/isc/unix/include/Makefile lib/export/isc/unix/include/isc/Makefile lib/export/isccfg/Makefile lib/export/isccfg/include/Makefile lib/export/isccfg/include/isccfg/Makefile lib/export/samples/Makefile lib/export/samples/Makefile-postinstall lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/tests/Makefile lib/isc/nls/Makefile lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile unit/Makefile unit/unittest.sh" +ac_config_files="$ac_config_files make/Makefile make/mkdep Makefile bin/Makefile bin/check/Makefile bin/confgen/Makefile bin/confgen/unix/Makefile bin/dig/Makefile bin/dnssec/Makefile bin/named/Makefile bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile bin/python/Makefile bin/python/dnssec-checkds.py bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile bin/tests/db/Makefile bin/tests/dst/Makefile bin/tests/hashes/Makefile bin/tests/headerdep_test.sh bin/tests/master/Makefile bin/tests/mem/Makefile bin/tests/names/Makefile bin/tests/net/Makefile bin/tests/rbt/Makefile bin/tests/resolver/Makefile bin/tests/sockaddr/Makefile bin/tests/system/Makefile bin/tests/system/conf.sh bin/tests/system/dlz/prereq.sh bin/tests/system/dlzexternal/Makefile bin/tests/system/dlzexternal/ns1/named.conf bin/tests/system/ecdsa/prereq.sh bin/tests/system/filter-aaaa/Makefile bin/tests/system/gost/prereq.sh bin/tests/system/lwresd/Makefile bin/tests/system/rpz/Makefile bin/tests/system/rsabigexponent/Makefile bin/tests/system/tkey/Makefile bin/tests/system/tsiggss/Makefile bin/tests/tasks/Makefile bin/tests/timers/Makefile bin/tests/virtual-time/Makefile bin/tests/virtual-time/conf.sh bin/tools/Makefile contrib/check-secure-delegation.pl contrib/zone-edit.sh doc/Makefile doc/arm/Makefile doc/doxygen/Doxyfile doc/doxygen/Makefile doc/doxygen/doxygen-input-filter doc/misc/Makefile doc/xsl/Makefile doc/xsl/isc-docbook-chunk.xsl doc/xsl/isc-docbook-html.xsl doc/xsl/isc-docbook-latex.xsl doc/xsl/isc-manpage.xsl isc-config.sh lib/Makefile lib/bind9/Makefile lib/bind9/include/Makefile lib/bind9/include/bind9/Makefile lib/dns/Makefile lib/dns/include/Makefile lib/dns/include/dns/Makefile lib/dns/include/dst/Makefile lib/dns/tests/Makefile lib/export/Makefile lib/export/dns/Makefile lib/export/dns/include/Makefile lib/export/dns/include/dns/Makefile lib/export/dns/include/dst/Makefile lib/export/irs/Makefile lib/export/irs/include/Makefile lib/export/irs/include/irs/Makefile lib/export/isc/$thread_dir/Makefile lib/export/isc/$thread_dir/include/Makefile lib/export/isc/$thread_dir/include/isc/Makefile lib/export/isc/Makefile lib/export/isc/include/Makefile lib/export/isc/include/isc/Makefile lib/export/isc/nls/Makefile lib/export/isc/unix/Makefile lib/export/isc/unix/include/Makefile lib/export/isc/unix/include/isc/Makefile lib/export/isccfg/Makefile lib/export/isccfg/include/Makefile lib/export/isccfg/include/isccfg/Makefile lib/export/samples/Makefile lib/export/samples/Makefile-postinstall lib/irs/Makefile lib/irs/include/Makefile lib/irs/include/irs/Makefile lib/irs/include/irs/netdb.h lib/irs/include/irs/platform.h lib/isc/$arch/Makefile lib/isc/$arch/include/Makefile lib/isc/$arch/include/isc/Makefile lib/isc/$thread_dir/Makefile lib/isc/$thread_dir/include/Makefile lib/isc/$thread_dir/include/isc/Makefile lib/isc/Makefile lib/isc/include/Makefile lib/isc/include/isc/Makefile lib/isc/include/isc/platform.h lib/isc/tests/Makefile lib/isc/nls/Makefile lib/isc/unix/Makefile lib/isc/unix/include/Makefile lib/isc/unix/include/isc/Makefile lib/isccc/Makefile lib/isccc/include/Makefile lib/isccc/include/isccc/Makefile lib/isccfg/Makefile lib/isccfg/include/Makefile lib/isccfg/include/isccfg/Makefile lib/lwres/Makefile lib/lwres/include/Makefile lib/lwres/include/lwres/Makefile lib/lwres/include/lwres/netdb.h lib/lwres/include/lwres/platform.h lib/lwres/man/Makefile lib/lwres/unix/Makefile lib/lwres/unix/include/Makefile lib/lwres/unix/include/lwres/Makefile lib/tests/Makefile lib/tests/include/Makefile lib/tests/include/tests/Makefile unit/Makefile unit/unittest.sh" # @@ -28604,6 +28767,8 @@ do "bin/named/unix/Makefile") CONFIG_FILES="$CONFIG_FILES bin/named/unix/Makefile" ;; "bin/nsupdate/Makefile") CONFIG_FILES="$CONFIG_FILES bin/nsupdate/Makefile" ;; "bin/pkcs11/Makefile") CONFIG_FILES="$CONFIG_FILES bin/pkcs11/Makefile" ;; + "bin/python/Makefile") CONFIG_FILES="$CONFIG_FILES bin/python/Makefile" ;; + "bin/python/dnssec-checkds.py") CONFIG_FILES="$CONFIG_FILES bin/python/dnssec-checkds.py" ;; "bin/rndc/Makefile") CONFIG_FILES="$CONFIG_FILES bin/rndc/Makefile" ;; "bin/tests/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tests/Makefile" ;; "bin/tests/atomic/Makefile") CONFIG_FILES="$CONFIG_FILES bin/tests/atomic/Makefile" ;; diff --git a/configure.in b/configure.in index 3c7e8b0589..7a2b0831d9 100644 --- a/configure.in +++ b/configure.in @@ -136,6 +136,66 @@ AC_SUBST(ETAGS) AC_PATH_PROGS(PERL, perl5 perl) AC_SUBST(PERL) +# +# Python is also optional; it is used by the tools in bin/python. +# If python is unavailable, we simply don't build those. +# +AC_ARG_WITH(python, +[ --with-python=PATH Specify path to python interpreter], + use_python="$withval", use_python="unspec") + +case "$use_python" in + no) + AC_MSG_RESULT(disabled) + ;; + unspec|yes|*) + case "$use_python" in + unspec|yes|'') + AC_PATH_PROGS(PYTHON, python) + ;; + *) + AC_PATH_PROGS(PYTHON, $use_python) + ;; + esac + if test "X$PYTHON" == "X" + then + case "$use_python" in + unspec) + AC_MSG_RESULT(disabled) + ;; + yes|*) + AC_MSG_ERROR([missing python]) + ;; + esac + break + fi + testscript='try: import argparse +except: exit(1)' + AC_MSG_CHECKING([python module 'argparse']) + if $PYTHON -c "$testscript"; then + AC_MSG_RESULT([found, using $PYTHON]) + else + case "$use_python" in + unspec) + PYTHON="" + AC_SUBST(PYTHON) + AC_MSG_RESULT([not found, python disabled]) + ;; + yes) + AC_MSG_RESULT([no found]) + AC_MSG_ERROR([python 'argparse' module not supported]) + ;; + esac + fi + ;; +esac + +PYTHON_TOOLS='' +if test "X$PYTHON" != "X"; then + PYTHON_TOOLS=python +fi +AC_SUBST(PYTHON_TOOLS) + # # Special processing of paths depending on whether --prefix, # --sysconfdir or --localstatedir arguments were given. What's @@ -3511,6 +3571,8 @@ AC_CONFIG_FILES([ bin/named/unix/Makefile bin/nsupdate/Makefile bin/pkcs11/Makefile + bin/python/Makefile + bin/python/dnssec-checkds.py bin/rndc/Makefile bin/tests/Makefile bin/tests/atomic/Makefile