From 0d69afd764f4fcd390d8c4ed7a7bf6ef1d8ae501 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 19 Jun 2024 12:45:09 +1000
Subject: [PATCH] Disable post zone verification for manykeys

As the expiration time is now+1 the RRSIG records may expire before
the verification step happens.
---
 bin/tests/system/statschannel/ns2/sign.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bin/tests/system/statschannel/ns2/sign.sh b/bin/tests/system/statschannel/ns2/sign.sh
index a66e81c22f..b9d2ed72d3 100644
--- a/bin/tests/system/statschannel/ns2/sign.sh
+++ b/bin/tests/system/statschannel/ns2/sign.sh
@@ -38,7 +38,8 @@ zsk13=$("$KEYGEN" -q -a ECDSAP256SHA256 -L 3600 -b 256 "$zone")
 ksk14=$("$KEYGEN" -q -a ECDSAP384SHA384 -L 3600 -b 384 -f KSK "$zone")
 zsk14=$("$KEYGEN" -q -a ECDSAP384SHA384 -L 3600 -b 384 "$zone")
 # Sign deliberately with a very short expiration date.
-"$SIGNER" -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" >"signzone.out.$zone" 2>&1
+# Disable zone verification (-P) as records may expire before signing is complete
+"$SIGNER" -P -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" >"signzone.out.$zone" 2>&1
 id=$(keyfile_to_key_id "$ksk8")
 echo "8+$id" >manykeys.ksk8.id
 id=$(keyfile_to_key_id "$zsk8")