mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

Add additional test case with purged key

Browse Source 
Test that if a key to be purged is in the keyring, it does not
prevent the keymgr from running. Normally a key that is in the keyring
should be available again on the next run, but that is not true for
a key that can be purged.

In addition, fix some wait_for_log calls, by adding the missing
'|| ret=1' parts.
This commit is contained in:
Matthijs Mekking 2024-08-19 09:46:56 +02:00
parent d1e263ef13
commit a2317425bc
2 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bin/tests/system/kasp/ns3/setup.sh
View File

@ -322,6 +322,12 @@ private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$ZSK" >>"$infile"
cp $infile $zonefile cp $infile $zonefile
$SIGNER -PS -x -s now-2w -e now-1mi -o $zone -O raw -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1 $SIGNER -PS -x -s now-2w -e now-1mi -o $zone -O raw -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1
$SETTIME -s -g HIDDEN "$ZSK" >settime.out.$zone.3 2>&1 $SETTIME -s -g HIDDEN "$ZSK" >settime.out.$zone.3 2>&1
# An old key that is being purged should not prevent keymgr to be run.
T1="now-1y"
T2="now-2y"
oldtimes="-P $T2 -A $T2 -I $T1 -D $T1"
OLD=$($KEYGEN -a $DEFAULT_ALGORITHM -L 300 $oldtimes $zone 2>keygen.out.$zone.3)
$SETTIME -s -g $H -k $H $T1 -z $H $T1 "$OLD" >settime.out.$zone.3 2>&1
# #
# The zones at enable-dnssec.autosign represent the various steps of the # The zones at enable-dnssec.autosign represent the various steps of the

10
bin/tests/system/kasp/tests.sh
View File

@ -318,7 +318,7 @@ state_stat=$(key_get KEY1 STATE_STAT)
nextpart $DIR/named.run >/dev/null nextpart $DIR/named.run >/dev/null
rndccmd 10.53.0.3 loadkeys "$ZONE" >/dev/null || log_error "rndc loadkeys zone ${ZONE} failed" rndccmd 10.53.0.3 loadkeys "$ZONE" >/dev/null || log_error "rndc loadkeys zone ${ZONE} failed"
wait_for_log 3 "keymgr: $ZONE done" $DIR/named.run wait_for_log 3 "keymgr: $ZONE done" $DIR/named.run || ret=1
privkey_stat2=$(key_stat "${basefile}.private") privkey_stat2=$(key_stat "${basefile}.private")
pubkey_stat2=$(key_stat "${basefile}.key") pubkey_stat2=$(key_stat "${basefile}.key")
state_stat2=$(key_stat "${basefile}.state") state_stat2=$(key_stat "${basefile}.state")
@ -334,7 +334,7 @@ ret=0
nextpart $DIR/named.run >/dev/null nextpart $DIR/named.run >/dev/null
rndccmd 10.53.0.3 loadkeys "$ZONE" >/dev/null || log_error "rndc loadkeys zone ${ZONE} failed" rndccmd 10.53.0.3 loadkeys "$ZONE" >/dev/null || log_error "rndc loadkeys zone ${ZONE} failed"
wait_for_log 3 "keymgr: $ZONE done" $DIR/named.run wait_for_log 3 "keymgr: $ZONE done" $DIR/named.run || ret=1
privkey_stat2=$(key_stat "${basefile}.private") privkey_stat2=$(key_stat "${basefile}.private")
pubkey_stat2=$(key_stat "${basefile}.key") pubkey_stat2=$(key_stat "${basefile}.key")
state_stat2=$(key_stat "${basefile}.state") state_stat2=$(key_stat "${basefile}.state")
@ -1651,7 +1651,7 @@ check_rrsig_refresh
echo_i "load keys for $ZONE, making sure a recently purged key is not an issue when verifying keys ($n)" echo_i "load keys for $ZONE, making sure a recently purged key is not an issue when verifying keys ($n)"
ret=0 ret=0
rndccmd 10.53.0.3 loadkeys "$ZONE" >/dev/null || log_error "rndc loadkeys zone ${ZONE} failed" rndccmd 10.53.0.3 loadkeys "$ZONE" >/dev/null || log_error "rndc loadkeys zone ${ZONE} failed"
wait_for_log 3 "keymgr: $ZONE done" $DIR/named.run wait_for_log 3 "keymgr: $ZONE done" $DIR/named.run || ret=1
grep "zone $ZONE/IN (signed): zone_rekey:zone_verifykeys failed: some key files are missing" $DIR/named.run && ret=1 grep "zone $ZONE/IN (signed): zone_rekey:zone_verifykeys failed: some key files are missing" $DIR/named.run && ret=1
test "$ret" -eq 0 || echo_i "failed" test "$ret" -eq 0 || echo_i "failed"
status=$((status + ret)) status=$((status + ret))
@ -5270,7 +5270,7 @@ dig_with_opts @10.53.0.6 example SOA >dig.out.ns6.test$n.soa1 || ret=1
cp ns6/example2.db.in ns6/example.db || ret=1 cp ns6/example2.db.in ns6/example.db || ret=1
nextpart ns6/named.run >/dev/null nextpart ns6/named.run >/dev/null
rndccmd 10.53.0.6 reload || ret=1 rndccmd 10.53.0.6 reload || ret=1
wait_for_log 3 "all zones loaded" ns6/named.run wait_for_log 3 "all zones loaded" ns6/named.run || ret=1
# Check that the SOA SERIAL increases and check the TTLs (should be 300 as # Check that the SOA SERIAL increases and check the TTLs (should be 300 as
# defined in ns6/example2.db.in). # defined in ns6/example2.db.in).
retry_quiet 10 _check_soa_ttl 300 300 || ret=1 retry_quiet 10 _check_soa_ttl 300 300 || ret=1
@ -5288,7 +5288,7 @@ cp ns6/example3.db.in ns6/example.db || ret=1
rm ns6/example.db.jnl rm ns6/example.db.jnl
nextpart ns6/named.run >/dev/null nextpart ns6/named.run >/dev/null
start_server --noclean --restart --port ${PORT} ns6 start_server --noclean --restart --port ${PORT} ns6
wait_for_log 3 "all zones loaded" ns6/named.run wait_for_log 3 "all zones loaded" ns6/named.run || ret=1
# Check that the SOA SERIAL increases and check the TTLs (should be changed # Check that the SOA SERIAL increases and check the TTLs (should be changed
# from 300 to 400 as defined in ns6/example3.db.in). # from 300 to 400 as defined in ns6/example3.db.in).
retry_quiet 10 _check_soa_ttl 300 400 || ret=1 retry_quiet 10 _check_soa_ttl 300 400 || ret=1