Make "checking revoked key with duplicate key ID" work

There should be 2 keys with the same key id after the numerically
lower one is revoked (serial space arithmetic).  The DS points
at the non-revoked key so validation should still succeed.

bin/tests/system/autosign/ns1/keygen.sh

@@ -19,7 +19,7 @@ infile=root.db.in
 
 (cd ../ns2 && $SHELL keygen.sh )
 
-cat $infile ../ns2/dsset-example. > $zonefile
+cat $infile ../ns2/dsset-example. ../ns2/dsset-bar. > $zonefile
 
 zskact=$($KEYGEN -3 -a ${DEFAULT_ALGORITHM} -q $zone)
 zskvanish=$($KEYGEN -3 -a ${DEFAULT_ALGORITHM} -q $zone)

bin/tests/system/autosign/tests.sh

@@ -1309,17 +1309,22 @@ n=$((n + 1))
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
-echo_i "checking revoked key with duplicate key ID (failure expected) ($n)"
-lret=0
+echo_i "checking revoked key with duplicate key ID ($n)"
+ret=0
 id=30676
-$DIG $DIGOPTS +multi dnskey bar @10.53.0.2 > dig.out.ns2.test$n || lret=1
-grep '; key id = '"$id"'$' dig.out.ns2.test$n > /dev/null || lret=1
-$DIG $DIGOPTS dnskey bar @10.53.0.4 > dig.out.ns4.test$n || lret=1
-grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || lret=1
+rid=30804
+$DIG $DIGOPTS +multi dnskey bar @10.53.0.2 > dig.out.ns2.test$n || ret=1
+grep '; key id = '"$id"'$' dig.out.ns2.test$n > /dev/null && ret=1
+keys=$(grep '; key id = '"$rid"'$' dig.out.ns2.test$n | wc -l)
+test $keys -eq 2 || ret=1
+$DIG $DIGOPTS dnskey bar @10.53.0.4 > dig.out.ns4.test$n || ret=1
+grep "flags:.*ad.*QUERY" dig.out.ns4.test$n > /dev/null || ret=1
 n=$((n + 1))
-if [ $lret != 0 ]; then echo_i "not yet implemented"; fi
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
 
 echo_i "checking key event timers are always set ($n)"
+ret=0
 # this is a regression test for a bug in which the next key event could
 # be scheduled for the present moment, and then never fire.  check for
 # visible evidence of this error in the logs: