2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 05:28:00 +00:00

43778 Commits

Author SHA1 Message Date
Nicki Křížek
784a252425 Use a single named.conf template in rollover test
Rather than using multiple slightly modified named.conf files, use a
single template which can be rendered differently based on an input
argument -- in this case, csk_roll.
2025-07-18 13:37:58 +02:00
Nicki Křížek
b2bb605143 chg: test: Refactor configloading test
- Use WatchLog.wait_for_sequence() for the configloading test.
- Omit artifacts check, as it seems quite useless for this test case.
- Join all the tests together. The test case is fairly simple here and
  this is the easiest way to ensure the log will be in a predictable
  state for all tests. Previously, there was no way to ensure
  test_configloading_loading() won't be executed after the other tests,
  which would render the check moot. It could also be separated into
  its own module, but that seems excessive for a simple test case like
  this.
- Use jinja2 template for named.conf and remove setup.sh.
- Remove README and put the relevent comment directly next to the test.
- Remove _sh_ from the test filename to uphold the naming convention.

Merge branch 'nicki/refactor-configloading-test' into 'main'

See merge request isc-projects/bind9!10748
2025-07-18 13:27:41 +02:00
Nicki Křížek
f076d0d619 Refactor configloading test
- Use WatchLog.wait_for_sequence() for the configloading test.
- Omit artifacts check, as it seems quite useless for this test case.
- Join all the tests together. The test case is fairly simple here and
  this is the easiest way to ensure the log will be in a predictable
  state for all tests. Previously, there was no way to ensure
  test_configloading_loading() won't be executed after the other tests,
  which would render the check moot. It could also be separated into
  its own module, but that seems excessive for a simple test case like
  this.
- Use jinja2 template for named.conf and remove setup.sh.
- Remove README and put the relevent comment directly next to the test.
- Remove _sh_ from the test filename to uphold the naming convention.
2025-07-18 12:13:30 +02:00
Nicki Křížek
cf77bfacce chg: test: Improve WatchLog API for pytest
- Refactor and extend the `WatchLog.wait_for_line()` API:
    1. To allow for usage of one or more FlexPatterns, i.e. either plain
       strings to be matched verbatim, or regular expressions. Both can be
       used interchangeably to provide the caller to write simple and
       readable test code, while allowing for increased complexity to allow
       special cases.
    2. Always return the regex match, which allows the caller to identify
       which line was matched, as well as to extract any additional
       information, such as individual regex groups.
- Add `WatchLog.wait_for_sequence()` and `WatchLog.wait_for_all()` helper functions

Merge branch 'nicki/watchlog-improvements' into 'main'

See merge request isc-projects/bind9!10618
2025-07-18 12:13:12 +02:00
Nicki Křížek
d737986ea2 Turn on doctest in CI
Run doctests for the isctest module in a dedicated CI job.
2025-07-18 11:32:41 +02:00
Nicki Křížek
dcfb6c23da Change NamedInstance.rndc() doctest into doc example
The test is troublesome, because NamedInstance(identifier) expects that
a directory with such a name exists. While it'd be possible to mock
those directories as well, it'd make the doctest overly long and
complex, which isn't justified, given that it's only testing a couple of
options. Turn it into regular documentation instead.
2025-07-18 11:32:41 +02:00
Nicki Křížek
ee782fb4b1 Separate LineReader functionality from WatchLog
The buffered reading of finished lines deserves its own class to make
its function clearer, rather than bundling it within the WatchLog class.

Co-Authored-By: Michał Kępień <michal@isc.org>
2025-07-18 11:32:41 +02:00
Nicki Křížek
3c8432d196 Refactor WatchLog for better readability
Various improvements for typing, naming, code deduplication and better
code organization to make the code easier to read.
2025-07-18 11:32:41 +02:00
Nicki Křížek
628b47dd30 Use custom WatchLog timeout exception
The TimeoutError is raised when system functions time out. Define a
custom WatchLogTimeout to improve clarity.
2025-07-18 11:32:41 +02:00
Nicki Křížek
0a839cd0bd Add wait_for_all() and wait_for_sequence() to WatchLog
Extend the WatchLog API with a couple of new matching options.

wait_for_sequence() can be used to check a specific sequence of lines
appears in the log file in the given order.

wait_for_all() ensure that all the provided patterns appear in the log
at least once.

Co-authored-by: Colin Vidal <colin@isc.org>
2025-07-18 11:32:41 +02:00
Nicki Křížek
365f8b6af6 Split up waiting for match to a separate WatchLog method
To allow re-use in upcoming functions, isolate the line matching logic
into a separate function. Use an instance-wide deadline attribute, which
is set by the calling function.
2025-07-18 11:32:41 +02:00
Nicki Křížek
2afb3755b2 Allow WatchLog.wait_for_line() to be called more than once
In some cases, it can be useful to be able to re-use the same WatchLog
to wait for another line.
2025-07-18 11:32:41 +02:00
Nicki Křížek
5840908ead Unify the WatchLog.wait_for_line/s() API
Rather than using two distinct functions for matching either one pattern
(wait_for_line()), or any of multiple patterns (wait_for_lines()), use a
single function that handles both in the same way.

Extend the wait_for_line() API:
1. To allow for usage of one or more FlexPatterns, i.e. either plain
   strings to be matched verbatim, or regular expressions. Both can be
   used interchangeably to provide the caller to write simple and
   readable test code, while allowing for increased complexity to allow
   special cases.
2. Always return the regex match, which allows the caller to identify
   which line was matched, as well as to extract any additional
   information, such as individual regex groups.
2025-07-18 11:32:41 +02:00
Nicki Křížek
f2679bff19 Set timeout for WatchLog per-instance rather than per-call
To simplify usage of multiple wait_for_*() calls, configure the timeout
value for the WatchLog instance, rather than specifying it for each
call.

This is a preparation/cleanup for implementing multiple wait_for_*()
calls in subsequent commits.
2025-07-18 11:32:41 +02:00
Nicki Křížek
67896ddde2 Abstract WatchLog line buffering to a separate function
Move the line buffering functionality into _readline() to improve the
readability of code. This also allows reading the file contents from
other functions, since the line buffer is now an attribute of the class.
2025-07-18 11:32:41 +02:00
Colin Vidal
9778068253 fix watchlog.py doctest
Fix some broken doctest in watchlog.py (no semantic error, but API
slightly changed and broke some output messags). Also add a test for a
missing failure case.
2025-07-18 11:32:40 +02:00
Alessio Podda
748812df08 chg: nil: Remove unused link field from rdatacommon
The field link in rdatacommon is unused. This change should save 16 bytes for
each rdata we keep in a zone or cache.

Merge branch 'alessio/remove-unused-rdata-link' into 'main'

See merge request isc-projects/bind9!10731
2025-07-17 11:45:39 +00:00
Alessio Podda
fdbcdcfc06 Remove unused link field from rdatacommon
The field link in rdatacommon is unused. This change should save 16
bytes for each rdata we create.
2025-07-17 12:57:51 +02:00
Štěpán Balážik
32499447cb rem: dev: Remove obsolete scripts across the repo
All are unmaintained, dysfunctional, or both.

Merge branch 'stepan/remove-obsolete-scripts' into 'main'

See merge request isc-projects/bind9!10712
2025-07-17 05:52:47 +00:00
Michał Kępień
7f8a88043f Fix broken markup in doc/arm/dlz.inc.rst
Commit a6cce753e2b1096c4db64555d2aee096ba8236ae erroneously used
Markdown syntax in doc/arm/dlz.inc.rst.  Replace it with proper
reStructuredText so that the relevant section of the ARM is rendered
correctly.
2025-07-17 07:17:12 +02:00
Michał Kępień
a951ab1872 Update broken reference to dlz_minimal.h
Commit a6cce753e2b1096c4db64555d2aee096ba8236ae missed a spot in
lib/dns/include/dns/clientinfo.h.  Replace the outdated file reference
with the URL used in all similar cases.
2025-07-17 07:17:12 +02:00
Štěpán Balážik
c2b800a552 Remove contrib/scripts
The scripts are ancient, trivial and/or unmaintained.
Since switching to Meson, we don't even build `*.in` ones.
2025-07-17 07:17:12 +02:00
Štěpán Balážik
04fb8bcebc Remove leftover references to contrib/dlz/
The DLZ modules have been moved to a separate Git repository in commit
a6cce753e2b1096c4db64555d2aee096ba8236ae.  Remove leftover references to
the contrib/dlz/ directory from the main BIND 9 repository.
2025-07-17 07:17:12 +02:00
Štěpán Balážik
0dcb95391f Remove util/git-replay-merge.sh
This is superceded by the auto-backport scripts in bind9-qa repo.
2025-07-17 07:17:12 +02:00
Štěpán Balážik
3e4e6c11b8 Remove obsolete include checks
These will not pass on today's code anyway.
2025-07-17 07:17:12 +02:00
Štěpán Balážik
d536de1db1 Remove util/nanny.pl and contrib/scripts/nanny.pl
I doubt that anyone is using it after 25 years.
2025-07-17 07:17:12 +02:00
Mark Andrews
6b906e3097 fix: test: Fix ifconfig.sh script
Add missing test for the variable 'a' being empty on linux.

Closes #5423

Merge branch '5423-fix-ifconfig-sh-script' into 'main'

See merge request isc-projects/bind9!10740
2025-07-17 08:12:59 +10:00
Mark Andrews
7ba91e3820 Fix ifconfig.sh script
Add missing test for the variable 'a' being empty on linux.
2025-07-17 07:36:40 +10:00
Andoni Duarte Pintado
ffee986ae0 Merge tag 'v9.21.10' 2025-07-16 17:16:27 +02:00
Michał Kępień
db8a6ee8bd fix: pkg: Fix plugin loading
Loading plugins specified using just the shared library name (i.e.
without using an absolute path or a relative path) did not work. This
has been fixed.

See #5379

Merge branch '5379-fix-plugin-loading' into 'main'

See merge request isc-projects/bind9!10734
2025-07-16 07:24:00 +02:00
Michał Kępień
9e1abc976c
Fix plugin loading
Plugins are built as shared libraries and are therefore installed into
$libdir/bind.  Meanwhile, the build system sets the NAMED_PLUGINDIR
preprocessor variable to $datadir/bind instead.  This prevents loading
plugins specified in the configuration file using just the shared
library name (i.e. without using an absolute path or a relative path).
Fix by setting NAMED_PLUGINDIR to the path that plugins are actually
installed into.
2025-07-16 07:22:53 +02:00
Mark Andrews
c407f3c12a chg: usr: Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1 and DS digest type 1
RSASHA1 and RSASHA1-NSEC-SHA1 DNSKEY algorithms have been deprecated
by the IETF and should no longer be used for DNSSEC. DS digest type
1 (SHA1) has also been deprecated. Validators are now expected
to treat these algorithms and digest as unknown, resulting in
some zones being treated as insecure when they were previously treated
as secure. Warnings have been added to named and tools when these
algorithms and this digest are being used for signing.

Zones signed with RSASHA1 or RSASHA1-NSEC-SHA1 should be migrated
to a different DNSKEY algorithm. 

Zones with DS or CDS records with digest type 1 (SHA1) should be
updated to use a different digest type (e.g. SHA256) and the digest
type 1 records should be removed.

Related to #5358

Merge branch '5358-add-sha1-deprecation-warnings' into 'main'

See merge request isc-projects/bind9!10559
2025-07-16 00:38:53 +10:00
Mark Andrews
1a82a1999b Remove leftover test development echo 2025-07-15 23:53:57 +10:00
Mark Andrews
370d28de97 Redirect named-checkzone output to file 2025-07-15 23:53:57 +10:00
Mark Andrews
125a232bfb Digest type GOST is also deprecated 2025-07-15 23:53:57 +10:00
Mark Andrews
86fb638085 Check deprecated algorithms in dnssec-policy 2025-07-15 23:53:57 +10:00
Mark Andrews
95a82d0893 Check that named-checkzone reports deprecated digests 2025-07-15 23:53:57 +10:00
Mark Andrews
5d406677f1 Check that named-checkzone reports deprecated algorithms 2025-07-15 23:53:57 +10:00
Mark Andrews
1e3e61ba53 Update man pages for deprecated algorithms 2025-07-15 23:53:57 +10:00
Mark Andrews
cb6903c55e Warn about deprecated DNSKEY and DS algorithms / digest types
DNSKEY algorithms RSASHA1 and RSASHA-NSEC3-SHA1 and DS digest type
SHA1 are deprecated.  Log when these are present in primary zone
files and when generating new DNSKEYs, DS and CDS records.
2025-07-15 23:53:57 +10:00
Štěpán Balážik
4248a5a495 chg: test: Use isctest.asyncserver in the "tsig" test
Replace the custom DNS server used in the "tsig" system test with
new code based on the isctest.asyncserver module.

Changes to isctest.asyncserver are required, previously it did not
handle TSIG signed queries at all. Now, with some hacking around
a [dnspython bug](https://github.com/rthalley/dnspython/issues/1205) it does.

Merge branch 'stepan/tsig-asyncserver' into 'main'

See merge request isc-projects/bind9!10566
2025-07-13 09:31:43 +00:00
Štěpán Balážik
e34e831cab Use isctest.asyncserver in the "tsig" test
Replace the custom DNS server used in the "tsig" system test with
new code based on the isctest.asyncserver module.
2025-07-13 10:57:04 +02:00
Štěpán Balážik
72ac1fe234 Let queries with TSIG parse in isctest.asyncserver.AsyncDnsServer
Previously, upon receiving a query with TSIG, the server would log
an error and timeout. As there is no way to set up the keyring in the
class anyway (and I believe we don't need it), this commit lets such
queries parse but logs the fact that the query has TSIG.

However, there is a bug [1] in dnspython, which causes `make_response`
and `to_wire` to crash on messages constructed by `from_wire` with
`keyring=False`, so the hack with `message.__class__` is needed to work
around this.

This makes just enough changes for the tsig system test to work with
dnspython >= 2.0.0. On older version the server gives up.

[1] https://github.com/rthalley/dnspython/issues/1205
2025-07-13 10:57:04 +02:00
Nicki Křížek
b7c3a1f3b0 chg: test: Check for FEATURETEST before running pytest
When compiling with meson, it may be easy to forget to compile system
test dependencies before running the tests. In that case, the test
results would be quite incosistent and unpredictable, with some tests
ending up with ERROR, some with FAILURE and others PASS, without a clear
indication that something is off before running the entire machinery.

Add a check to fail early on if the FEATURETEST binary isn't available,
indicating that system test dependencies were most likely not compiled.

Merge branch 'nicki/system-test-check-featuretest' into 'main'

See merge request isc-projects/bind9!10715
2025-07-10 17:13:28 +02:00
Nicki Křížek
927dc5bc2b Check for FEATURETEST before running pytest
When compiling with meson, it may be easy to forget to compile system
test dependencies before running the tests. In that case, the test
results would be quite incosistent and unpredictable, with some tests
ending up with ERROR, some with FAILURE and others PASS, without a clear
indication that something is off before running the entire machinery.

Add a check to fail early on if the FEATURETEST binary isn't available,
indicating that system test dependencies were most likely not compiled.
2025-07-10 17:13:05 +02:00
Michał Kępień
08df53858a fix: pkg: Fix cross builds
Cross-compilation did not work even when the ``-Ddoc=disabled`` build
option was passed to Meson due to the build targets used for generating
documentation depending on a non-native executable. This has been fixed.

See #5379

Merge branch '5379-fix-cross-builds' into 'main'

See merge request isc-projects/bind9!10702
2025-07-10 16:57:32 +02:00
Michał Kępień
ee5897743d
Fix cross builds
Commit 5c9b4f3163e05f64b97d04cba2c17ef59d682830 inadvertently broke
cross builds by making Meson process the doc/misc/meson.build file even
when sphinx-build is not found in PATH.  The doc/misc/meson.build file
defines targets that require a non-native executable, cfg_test, in order
to be built.

Fix by reverting to only processing the doc/misc/ subdirectory when
sphinx-build is found in PATH and moving the relevant alias_target()
method call so that the build targets depending on a non-native
executable are only defined if sphinx-build is found in PATH.
2025-07-10 16:56:15 +02:00
Artem Boldariev
59875ecbf1 fix: dev: Fix the DoH unit test for meson
The DoH unit test was omitted since meson migration due to a
typo. This commit fixes that.

Merge branch 'artem-fix-doh-test-for-meson' into 'main'

See merge request isc-projects/bind9!10723
2025-07-10 17:39:40 +03:00
Artem Boldariev
03c6f06437 Fix the DoH unit test for meson
The DoH unit test was omitted since meson migration due to a
typo. This commit fixes that.
2025-07-10 17:06:19 +03:00
Matthijs Mekking
15653c54a0 chg: dev: Prepend qpkey with namespace (normal vs denial of existence)
Merge the three qp tries (tree, nsec, nsec3) into one, add the namespace to the qpkey.

Merge branch 'matthijs-one-trie-for-zone-and-nsec3' into 'main'

See merge request isc-projects/bind9!10480
2025-07-10 13:53:07 +00:00