From e02de04e9723156003d4f52cb4cef282186f5bf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 11 Mar 2019 13:02:54 +0100 Subject: [PATCH] Stabilize "delzsk.example" zone checks When a zone is converted from NSEC to NSEC3, the private record at zone apex indicating that NSEC3 chain creation is in progress may be removed during a different (later) zone_nsec3chain() call than the one which adds the NSEC3PARAM record. The "delzsk.example" zone check only waits for the NSEC3PARAM record to start appearing in dig output while private records at zone apex directly affect "rndc signing -list" output. This may trigger false positives for the "autosign" system test as the output of the "rndc signing -list" command used for checking ZSK deletion progress may contain extra lines which are not accounted for. Ensure the private record is removed from zone apex before triggering ZSK deletion in the aforementioned check. Also future-proof the ZSK deletion progress check by making it only look at lines it should care about. --- bin/tests/system/autosign/tests.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh index 69798cb5d3..be51385515 100755 --- a/bin/tests/system/autosign/tests.sh +++ b/bin/tests/system/autosign/tests.sh @@ -1404,8 +1404,12 @@ for i in 0 1 2 3 4 5 6 7 8 9; do $DIG $DIGOPTS delzsk.example NSEC3PARAM @10.53.0.3 > dig.out.ns3.1.test$n 2>&1 || ret=1 grep "NSEC3PARAM.*12345678" dig.out.ns3.1.test$n > /dev/null 2>&1 if [ $? -eq 0 ]; then - _ret=0 - break + $RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.2.test$n 2>&1 + grep "Creating NSEC3 chain " signing.out.2.test$n > /dev/null 2>&1 + if [ $? -ne 0 ]; then + _ret=0 + break + fi fi sleep 1 done @@ -1420,10 +1424,10 @@ $SETTIME -D now-1h $file > settime.out.test$n 2>&1 || ret=1 $RNDCCMD 10.53.0.3 loadkeys delzsk.example 2>&1 | sed 's/^/ns3 /' | cat_i for i in 0 1 2 3 4 5 6 7 8 9; do _ret=1 - $RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.2.test$n 2>&1 - grep "Signing " signing.out.2.test$n > /dev/null 2>&1 + $RNDCCMD 10.53.0.3 signing -list delzsk.example > signing.out.3.test$n 2>&1 + grep "Signing " signing.out.3.test$n > /dev/null 2>&1 if [ $? -ne 0 ]; then - if [ `cat signing.out.2.test$n | wc -l` -eq 2 ]; then + if [ `grep "Done signing " signing.out.3.test$n | wc -l` -eq 2 ]; then _ret=0 break fi