mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-22 18:19:42 +00:00
Simplify trailing period handling in system tests
Windows systems do not allow a trailing period in file names while Unix
systems do. When BIND system tests are run, the $TP environment
variable is set to an empty string on Windows systems and to "." on Unix
systems. This environment variable is then used by system test scripts
for handling this discrepancy properly.
In multiple system test scripts, a variable holding a zone name is set
to a string with a trailing period while the names of the zone's
corresponding dlvset-* and/or dsset-* files are determined using
numerous sed invocations like the following one:
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
In order to improve code readability, use zone names without trailing
periods and replace sed invocations with variable substitutions.
To retain local consistency, also remove the trailing period from
certain other zone names used in system tests that are not subsequently
processed using sed.
This commit is contained in:
Michał Kępień
parent
79357f93c0
commit
da2c1b74ad
@ -16,29 +16,29 @@ SYSTEMTESTTOP=../..
|
||||
|
||||
echo_i "dlv/ns3/sign.sh"
|
||||
|
||||
dlvzone="dlv.utld."
|
||||
dlvzone="dlv.utld"
|
||||
dlvsets=
|
||||
dssets=
|
||||
|
||||
disableddlvzone="disabled-algorithm-dlv.utld."
|
||||
disableddlvzone="disabled-algorithm-dlv.utld"
|
||||
disableddlvsets=
|
||||
disableddssets=
|
||||
|
||||
unsupporteddlvzone="unsupported-algorithm-dlv.utld."
|
||||
unsupporteddlvzone="unsupported-algorithm-dlv.utld"
|
||||
unsupporteddlvsets=
|
||||
unsupporteddssets=
|
||||
|
||||
# Signed zone below unsigned TLD with DLV entry.
|
||||
zone=child1.utld.
|
||||
zone=child1.utld
|
||||
infile=child.db.in
|
||||
zonefile=child1.utld.db
|
||||
outfile=child1.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
@ -47,16 +47,16 @@ echo_i "signed $zone"
|
||||
|
||||
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
|
||||
# with a disabled algorithm.
|
||||
zone=child3.utld.
|
||||
zone=child3.utld
|
||||
infile=child.db.in
|
||||
zonefile=child3.utld.db
|
||||
outfile=child3.signed
|
||||
disableddlvsets="$disableddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
@ -66,11 +66,11 @@ echo_i "signed $zone"
|
||||
# Signed zone below unsigned TLD with DLV entry. This one is slightly
|
||||
# different because its children (the grandchildren) don't have a DS record in
|
||||
# this zone. The grandchild zones are served by ns6.
|
||||
zone=child4.utld.
|
||||
zone=child4.utld
|
||||
infile=child.db.in
|
||||
zonefile=child4.utld.db
|
||||
outfile=child4.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
@ -83,23 +83,23 @@ echo_i "signed $zone"
|
||||
|
||||
# Signed zone below unsigned TLD with DLV entry in DLV zone that is signed
|
||||
# with an unsupported algorithm.
|
||||
zone=child5.utld.
|
||||
zone=child5.utld
|
||||
infile=child.db.in
|
||||
zonefile=child5.utld.db
|
||||
outfile=child5.signed
|
||||
unsupporteddlvsets="$unsupporteddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
# Signed zone below unsigned TLD without DLV entry.
|
||||
zone=child7.utld.
|
||||
zone=child7.utld
|
||||
infile=child.db.in
|
||||
zonefile=child7.utld.db
|
||||
outfile=child7.signed
|
||||
@ -107,7 +107,7 @@ outfile=child7.signed
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
@ -116,7 +116,7 @@ echo_i "signed $zone"
|
||||
|
||||
# Signed zone below unsigned TLD without DLV entry and no DS records for the
|
||||
# grandchildren.
|
||||
zone=child8.utld.
|
||||
zone=child8.utld
|
||||
infile=child.db.in
|
||||
zonefile=child8.utld.db
|
||||
outfile=child8.signed
|
||||
@ -130,11 +130,11 @@ $SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer
|
||||
echo_i "signed $zone"
|
||||
|
||||
# Signed zone below unsigned TLD with DLV entry.
|
||||
zone=child9.utld.
|
||||
zone=child9.utld
|
||||
infile=child.db.in
|
||||
zonefile=child9.utld.db
|
||||
outfile=child9.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
@ -146,11 +146,11 @@ echo_i "signed $zone"
|
||||
|
||||
# Unsigned zone below an unsigned TLD with DLV entry. We still need to sign
|
||||
# the zone to generate the DLV set.
|
||||
zone=child10.utld.
|
||||
zone=child10.utld
|
||||
infile=child.db.in
|
||||
zonefile=child10.utld.db
|
||||
outfile=child10.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
@ -163,11 +163,11 @@ echo_i "signed $zone"
|
||||
|
||||
# Zone signed with a disabled algorithm (an algorithm that is disabled in
|
||||
# one of the test resolvers) with DLV entry.
|
||||
zone=disabled-algorithm.utld.
|
||||
zone=disabled-algorithm.utld
|
||||
infile=child.db.in
|
||||
zonefile=disabled-algorithm.utld.db
|
||||
outfile=disabled-algorithm.utld.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DISABLED_ALGORITHM -b $DISABLED_BITS -n zone $zone 2> /dev/null`
|
||||
@ -179,11 +179,11 @@ echo_i "signed $zone"
|
||||
|
||||
|
||||
# Zone signed with an unsupported algorithm with DLV entry.
|
||||
zone=unsupported-algorithm.utld.
|
||||
zone=unsupported-algorithm.utld
|
||||
infile=child.db.in
|
||||
zonefile=unsupported-algorithm.utld.db
|
||||
outfile=unsupported-algorithm.utld.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
@ -195,23 +195,23 @@ awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile
|
||||
|
||||
cp ${keyname2}.key ${keyname2}.tmp
|
||||
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
|
||||
cp dlvset-${zone} dlvset-${zone}tmp
|
||||
awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}
|
||||
cp dlvset-${zone}${TP} dlvset-${zone}tmp
|
||||
awk '$3 == "DLV" { $5 = 255 } { print }' dlvset-${zone}tmp > dlvset-${zone}${TP}
|
||||
|
||||
echo_i "signed $zone"
|
||||
|
||||
# Signed zone below signed TLD with DLV entry and DS set.
|
||||
zone=child1.druz.
|
||||
zone=child1.druz
|
||||
infile=child.db.in
|
||||
zonefile=child1.druz.db
|
||||
outfile=child1.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
@ -220,17 +220,17 @@ echo_i "signed $zone"
|
||||
|
||||
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
|
||||
# signed with a disabled algorithm.
|
||||
zone=child3.druz.
|
||||
zone=child3.druz
|
||||
infile=child.db.in
|
||||
zonefile=child3.druz.db
|
||||
outfile=child3.druz.signed
|
||||
disableddlvsets="$disableddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
disableddssets="$disableddssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
disableddlvsets="$disableddlvsets dlvset-${zone}${TP}"
|
||||
disableddssets="$disableddssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $disableddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
@ -239,12 +239,12 @@ echo_i "signed $zone"
|
||||
|
||||
# Signed zone below signed TLD with DLV entry and DS set, but missing
|
||||
# DS records for the grandchildren.
|
||||
zone=child4.druz.
|
||||
zone=child4.druz
|
||||
infile=child.db.in
|
||||
zonefile=child4.druz.db
|
||||
outfile=child4.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
@ -257,17 +257,17 @@ echo_i "signed $zone"
|
||||
|
||||
# Signed zone below signed TLD with DLV entry and DS set. The DLV zone is
|
||||
# signed with an unsupported algorithm algorithm.
|
||||
zone=child5.druz.
|
||||
zone=child5.druz
|
||||
infile=child.db.in
|
||||
zonefile=child5.druz.db
|
||||
outfile=child5.druz.signed
|
||||
unsupporteddlvsets="$unsupporteddlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
unsupporteddssets="$unsupportedssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
unsupporteddlvsets="$unsupporteddlvsets dlvset-${zone}${TP}"
|
||||
unsupporteddssets="$unsupportedssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -l $unsupporteddlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
@ -275,16 +275,16 @@ echo_i "signed $zone"
|
||||
|
||||
|
||||
# Signed zone below signed TLD without DLV entry, but with normal DS set.
|
||||
zone=child7.druz.
|
||||
zone=child7.druz
|
||||
infile=child.db.in
|
||||
zonefile=child7.druz.db
|
||||
outfile=child7.druz.signed
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
|
||||
dsfilename=../ns6/dsset-grand.`echo $zone |sed -e "s/\.$//g"`$TP
|
||||
dsfilename=../ns6/dsset-grand.${zone}${TP}
|
||||
cat $infile $keyname1.key $keyname2.key $dsfilename >$zonefile
|
||||
|
||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
@ -293,7 +293,7 @@ echo_i "signed $zone"
|
||||
|
||||
# Signed zone below signed TLD without DLV entry and no DS set. Also DS
|
||||
# records for the grandchildren are not included in the zone.
|
||||
zone=child8.druz.
|
||||
zone=child8.druz
|
||||
infile=child.db.in
|
||||
zonefile=child8.druz.db
|
||||
outfile=child8.druz.signed
|
||||
@ -309,11 +309,11 @@ echo_i "signed $zone"
|
||||
|
||||
# Signed zone below signed TLD with DLV entry but no DS set. Also DS
|
||||
# records for the grandchildren are not included in the zone.
|
||||
zone=child9.druz.
|
||||
zone=child9.druz
|
||||
infile=child.db.in
|
||||
zonefile=child9.druz.db
|
||||
outfile=child9.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
@ -326,12 +326,12 @@ echo_i "signed $zone"
|
||||
|
||||
# Unsigned zone below signed TLD with DLV entry and DS set. We still need to
|
||||
# sign the zone to generate the DS sets.
|
||||
zone=child10.druz.
|
||||
zone=child10.druz
|
||||
infile=child.db.in
|
||||
zonefile=child10.druz.db
|
||||
outfile=child10.druz.signed
|
||||
dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dlvsets="$dlvsets dlvset-${zone}${TP}"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone 2> /dev/null`
|
||||
@ -347,23 +347,23 @@ cp $unsupporteddssets ../ns2
|
||||
|
||||
# DLV zones
|
||||
infile=dlv.db.in
|
||||
for zone in dlv.utld. disabled-algorithm-dlv.utld. unsupported-algorithm-dlv.utld.
|
||||
for zone in dlv.utld disabled-algorithm-dlv.utld unsupported-algorithm-dlv.utld
|
||||
do
|
||||
zonefile="${zone}db"
|
||||
outfile="${zone}signed"
|
||||
zonefile="${zone}.db"
|
||||
outfile="${zone}.signed"
|
||||
|
||||
case $zone in
|
||||
"dlv.utld.")
|
||||
"dlv.utld")
|
||||
algorithm=$DEFAULT_ALGORITHM
|
||||
bits=$DEFAULT_BITS
|
||||
dlvfiles=$dlvsets
|
||||
;;
|
||||
"disabled-algorithm-dlv.utld.")
|
||||
"disabled-algorithm-dlv.utld")
|
||||
algorithm=$DISABLED_ALGORITHM
|
||||
bits=$DISABLED_BITS
|
||||
dlvfiles=$disableddlvsets
|
||||
;;
|
||||
"unsupported-algorithm-dlv.utld.")
|
||||
"unsupported-algorithm-dlv.utld")
|
||||
algorithm=$DEFAULT_ALGORITHM
|
||||
bits=$DEFAULT_BITS
|
||||
dlvfiles=$unsupporteddlvsets
|
||||
@ -376,15 +376,15 @@ do
|
||||
cat $infile $dlvfiles $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
case $zone in
|
||||
"dlv.utld.")
|
||||
"dlv.utld")
|
||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
keyfile_to_trusted_keys $keyname2 > ../ns5/trusted-dlv.conf
|
||||
;;
|
||||
"disabled-algorithm-dlv.utld.")
|
||||
"disabled-algorithm-dlv.utld")
|
||||
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
keyfile_to_trusted_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf
|
||||
;;
|
||||
"unsupported-algorithm-dlv.utld.")
|
||||
"unsupported-algorithm-dlv.utld")
|
||||
cp ${keyname2}.key ${keyname2}.tmp
|
||||
$SIGNER -O full -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
|
||||
|
||||
@ -138,7 +138,7 @@ cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
|
||||
|
||||
# Sign the privately secure file
|
||||
|
||||
privzone=private.secure.example.
|
||||
privzone=private.secure.example
|
||||
privinfile=private.secure.example.db.in
|
||||
privzonefile=private.secure.example.db
|
||||
|
||||
@ -153,7 +153,7 @@ cat "$privinfile" "$privkeyname.key" > "$privzonefile"
|
||||
dlvzone=dlv.
|
||||
dlvinfile=dlv.db.in
|
||||
dlvzonefile=dlv.db
|
||||
dlvsetfile="dlvset-$(echo "$privzone" |sed -e "s/\\.$//g")$TP"
|
||||
dlvsetfile="dlvset-${privzone}${TP}"
|
||||
|
||||
dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$dlvzone")
|
||||
|
||||
|
||||
@ -261,7 +261,7 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
||||
# A zone that is signed with an unknown DNSKEY algorithm.
|
||||
# Algorithm 7 is replaced by 100 in the zone and dsset.
|
||||
#
|
||||
zone=dnskey-unknown.example.
|
||||
zone=dnskey-unknown.example
|
||||
infile=dnskey-unknown.example.db.in
|
||||
zonefile=dnskey-unknown.example.db
|
||||
|
||||
@ -273,14 +273,14 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
awk '$4 == "DNSKEY" { $7 = 100 } $4 == "RRSIG" { $6 = 100 } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
|
||||
DSFILE="dsset-${zone}${TP}"
|
||||
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
|
||||
|
||||
#
|
||||
# A zone that is signed with an unsupported DNSKEY algorithm (3).
|
||||
# Algorithm 7 is replaced by 255 in the zone and dsset.
|
||||
#
|
||||
zone=dnskey-unsupported.example.
|
||||
zone=dnskey-unsupported.example
|
||||
infile=dnskey-unsupported.example.db.in
|
||||
zonefile=dnskey-unsupported.example.db
|
||||
|
||||
@ -292,14 +292,14 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
|
||||
DSFILE="dsset-${zone}${TP}"
|
||||
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
|
||||
|
||||
#
|
||||
# A zone with a published unsupported DNSKEY algorithm (Reserved).
|
||||
# Different from above because this key is not intended for signing.
|
||||
#
|
||||
zone=dnskey-unsupported-2.example.
|
||||
zone=dnskey-unsupported-2.example
|
||||
infile=dnskey-unsupported-2.example.db.in
|
||||
zonefile=dnskey-unsupported-2.example.db
|
||||
|
||||
@ -314,7 +314,7 @@ cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key > "$zonefile"
|
||||
# A zone with a unknown DNSKEY algorithm + unknown NSEC3 hash algorithm (-U).
|
||||
# Algorithm 7 is replaced by 100 in the zone and dsset.
|
||||
#
|
||||
zone=dnskey-nsec3-unknown.example.
|
||||
zone=dnskey-nsec3-unknown.example
|
||||
infile=dnskey-nsec3-unknown.example.db.in
|
||||
zonefile=dnskey-nsec3-unknown.example.db
|
||||
|
||||
@ -326,7 +326,7 @@ cat "$infile" "$keyname.key" > "$zonefile"
|
||||
|
||||
awk '$4 == "DNSKEY" { $7 = 100; print } $4 == "RRSIG" { $6 = 100; print } { print }' ${zonefile}.tmp > ${zonefile}.signed
|
||||
|
||||
DSFILE="dsset-$(echo ${zone} |sed -e "s/\\.$//g")$TP"
|
||||
DSFILE="dsset-${zone}${TP}"
|
||||
$DSFROMKEY -A -f ${zonefile}.signed "$zone" > "$DSFILE"
|
||||
|
||||
#
|
||||
|
||||
@ -12,10 +12,10 @@
|
||||
SYSTEMTESTTOP=../..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
|
||||
zone1=good.
|
||||
zone1=good
|
||||
infile1=good.db.in
|
||||
zonefile1=good.db
|
||||
zone2=bad.
|
||||
zone2=bad
|
||||
infile2=bad.db.in
|
||||
zonefile2=bad.db
|
||||
|
||||
@ -30,8 +30,8 @@ cat $infile2 $keyname21.key $keyname22.key >$zonefile2
|
||||
$SIGNER -P -g -o $zone1 $zonefile1 > /dev/null
|
||||
$SIGNER -P -g -o $zone2 $zonefile2 > /dev/null
|
||||
|
||||
DSFILENAME1=dsset-`echo $zone1 |sed -e "s/\.$//g"`$TP
|
||||
DSFILENAME2=dsset-`echo $zone2 |sed -e "s/\.$//g"`$TP
|
||||
DSFILENAME1=dsset-${zone1}${TP}
|
||||
DSFILENAME2=dsset-${zone2}${TP}
|
||||
$DSFROMKEY -a SHA-256 $keyname12 > $DSFILENAME1
|
||||
$DSFROMKEY -a SHA-256 $keyname22 > $DSFILENAME2
|
||||
|
||||
|
||||
@ -82,10 +82,10 @@ signzone () {
|
||||
cat $1/$3 $1/$KEYNAME.key > $1/tmp
|
||||
$SIGNER -P -K $1 -o $2 -f $1/$4 $1/tmp >/dev/null
|
||||
sed -n -e 's/\(.*\) IN DNSKEY \([0-9]\{1,\} [0-9]\{1,\} [0-9]\{1,\}\) \(.*\)/trusted-keys {"\1" \2 "\3";};/p' $1/$KEYNAME.key >>trusted.conf
|
||||
DSFILENAME=dsset-`echo $2 |sed -e "s/\.$//g"`$TP
|
||||
DSFILENAME=dsset-${2}${TP}
|
||||
rm $DSFILENAME $1/tmp
|
||||
}
|
||||
signzone ns2 tld2s. base-tld2s.db tld2s.db
|
||||
signzone ns2 tld2s base-tld2s.db tld2s.db
|
||||
|
||||
# Performance and a few other checks.
|
||||
cat <<EOF >ns5/rpz-switch
|
||||
|
||||
@ -16,11 +16,11 @@ SYSTESTDIR=wildcard
|
||||
|
||||
dssets=
|
||||
|
||||
zone=dlv.
|
||||
zone=dlv
|
||||
infile=dlv.db.in
|
||||
zonefile=dlv.db
|
||||
outfile=dlv.db.signed
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
@ -30,11 +30,11 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
|
||||
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=nsec.
|
||||
zone=nsec
|
||||
infile=nsec.db.in
|
||||
zonefile=nsec.db
|
||||
outfile=nsec.db.signed
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
@ -44,7 +44,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
|
||||
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=private.nsec.
|
||||
zone=private.nsec
|
||||
infile=private.nsec.db.in
|
||||
zonefile=private.nsec.db
|
||||
outfile=private.nsec.db.signed
|
||||
@ -59,11 +59,11 @@ echo_i "signed $zone"
|
||||
|
||||
keyfile_to_trusted_keys $keyname2 > private.nsec.conf
|
||||
|
||||
zone=nsec3.
|
||||
zone=nsec3
|
||||
infile=nsec3.db.in
|
||||
zonefile=nsec3.db
|
||||
outfile=nsec3.db.signed
|
||||
dssets="$dssets dsset-`echo $zone |sed -e "s/.$//g"`$TP"
|
||||
dssets="$dssets dsset-${zone}${TP}"
|
||||
|
||||
keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
|
||||
@ -73,7 +73,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
|
||||
$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
|
||||
echo_i "signed $zone"
|
||||
|
||||
zone=private.nsec3.
|
||||
zone=private.nsec3
|
||||
infile=private.nsec3.db.in
|
||||
zonefile=private.nsec3.db
|
||||
outfile=private.nsec3.db.signed
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user