mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-03 08:05:21 +00:00
Code Issues Releases Wiki Activity

temporarily disable jitter tests in the 'autosign' system test

Browse Source 
the current method used for testing distribution of signatures
is failure-prone. we need to replace it with something both
effective and portable, but in the meantime we're commenting
out the jitter test.
This commit is contained in:
Evan Hunt
2019-11-07 09:09:28 -08:00
parent 65860c8000
commit e17b7ee05a
1 changed files with 55 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
bin/tests/system/autosign/tests.sh
View File

@@ -373,6 +373,11 @@ done
n=`expr $n + 1` n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
# XXX temporarily disable jitter test below until we have a better and more
# portable method for evaluating the evenness of the distribution.
if false; then
# Check jitter distribution. # Check jitter distribution.
echo_i "checking expired signatures were jittered correctly ($n)" echo_i "checking expired signatures were jittered correctly ($n)"
ret=0 ret=0
@@ -382,6 +387,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
# XXX temporarily disabled
else
echowarn "I:autosign:jitter tests disabled"
fi
echo_i "checking NSEC->NSEC3 conversion succeeded ($n)" echo_i "checking NSEC->NSEC3 conversion succeeded ($n)"
ret=0 ret=0
$DIG $DIGOPTS nsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.ok.test$n || ret=1 $DIG $DIGOPTS nsec3.example. nsec3param @10.53.0.3 > dig.out.ns3.ok.test$n || ret=1
@@ -984,10 +994,14 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
# XXX temporarily disable jitter test below until we have a better and more
# portable method for evaluating the evenness of the distribution.
if false; then
echo_i "checking jitter in a newly signed NSEC3 zone ($n)" echo_i "checking jitter in a newly signed NSEC3 zone ($n)"
ret=0 ret=0
# Use DNS UPDATE to add an NSEC3PARAM record into the zone. # Use DNS UPDATE to add an NSEC3PARAM record into the zone.
$NSUPDATE > nsupdate.out.test$n 2>&1 <<END || ret=1 $NSUPDATE > nsupdate.out.test$n 2>&1 <<-END || ret=1
server 10.53.0.3 ${PORT} server 10.53.0.3 ${PORT}
zone jitter.nsec3.example. zone jitter.nsec3.example.
update add jitter.nsec3.example. 3600 NSEC3PARAM 1 0 10 BEEF update add jitter.nsec3.example. 3600 NSEC3PARAM 1 0 10 BEEF
@@ -1014,6 +1028,11 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
# XXX temporarily disabled
else
echowarn "I:autosign:jitter tests disabled"
fi
echo_i "checking that serial number and RRSIGs are both updated (rt21045) ($n)" echo_i "checking that serial number and RRSIGs are both updated (rt21045) ($n)"
ret=0 ret=0
oldserial=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '$0 !~ /SOA/ {print $3}'` oldserial=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '$0 !~ /SOA/ {print $3}'`