We need disable clang-format here to preserve the brackets around
the string concatenation to prevent -Wstring-concatenation -Werror
breaking the build.
(cherry picked from commit eeafcee7ad07ae793602a3640b7f05d3cb26ff9f)
We need to turn off clang-format to preserve the brackets as
'attribute' can be an expression and we need it to be evaluated
first.
Similarly we need the entire result to be evaluated independent of
the adjoining code.
(cherry picked from commit 3620db5ea6f163199cf5a3ad09c32d02b374f748)
In case the changelog file doesn't have an empty line at the end of the
file, the job may fail with the following error:
WARNING: Bullet list ends without a blank line; unexpected unindent.
This typically happens in MRs targeting the -S edition, as those
changelogs usually don't have an empty newline. This change ensures the
changelog job can pass and verify the title/desc contents even in those
cases.
Backport of MR !10628
Merge branch 'backport-nicki/ci-changelog-add-missing-newline-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10632
In case the changelog file doesn't have an empty line at the end of the
file, the job may fail with the following error:
WARNING: Bullet list ends without a blank line; unexpected unindent.
This typically happens in MRs targeting the -S edition, as those
changelogs usually don't have an empty newline. This change ensures the
changelog job can pass and verify the title/desc contents even in those
cases.
(cherry picked from commit ebf155ecc82fbf20576ce1cf8e6c9521430b4c66)
There is an ongoing debate about the usefulness of the extra artifacts
check. While it might be useful to detect unexpected behaviour in some
tests, it feels extraneous in many cases. This change provides a middle
ground by making the artifact checking optional. This might be
especially useful for writing new tests, since the author gets to decide
whether the check is useful -- and can utilize it, or can skip it for
sake of brevity.
Backport of MR !10622
Merge branch 'backport-nicki/make-extra-artifacts-check-optional-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10629
There is an ongoing debate about the usefulness of the extra artifacts
check. While it might be useful to detect unexpected behaviour in some
tests, it feels extraneous in many cases. This change provides a middle
ground by making the artifact checking optional. This might be
especially useful for writing new tests, since the author gets to decide
whether the check is useful -- and can utilize it, or can skip it for
sake of brevity.
(cherry picked from commit c06dc71cd5a307fcbbb20699f79ff753300e3c92)
Move the util/generate-stress-test-configs.py script from the BIND 9
source repository to the BIND 9 QA repository. This simplifies the
maintenance of that script by eliminating the need to backport every
change applied to it to multiple branches.
Backport of MR !10585
Merge branch 'backport-michal/move-stress-test-generation-script-to-qa-repo-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10612
Move the util/generate-stress-test-configs.py script from the BIND 9
source repository to the BIND 9 QA repository. This simplifies the
maintenance of that script by eliminating the need to backport every
change applied to it to multiple branches.
(cherry picked from commit 4f7f420534fc939107654a39ab94aa8d4e9d9c45)
Add a 1 second wait before updating verify-axfr.db so that the
modification time of the file changes.
Closes#5376
Backport of MR !10586
Merge branch 'backport-5376-verify-axfr-db-gets-updated-too-fast-in-mirror-test-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10609
Add a 1 second wait before updating verify-axfr.db so that the
modification time of the file changes.
(cherry picked from commit c19956b3cbf0ae55303266633dad2a1eca677224)
In some rare cases, the softhsm2 utility reports failure to delete the
token directory, despite the token being found. Subsequent attempts to
delete the token again indicate that the token was deleted.
Ignore this cleanup error, as it doesn't prevent our tests from working
properly. There is also an attempt to delete the token before the test
starts which ensures a clean state before the test is executed, in case
there's actually a leftover token.
Closes#5244
Backport of MR !10607
Merge branch 'backport-5244-ignore-softhsm2util-delete-token-error-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10608
In some rare cases, the softhsm2 utility reports failure to delete the
token directory, despite the token being found. Subsequent attempts to
delete the token again indicate that the token was deleted.
Ignore this cleanup error, as it doesn't prevent our tests from working
properly. There is also an attempt to delete the token before the test
starts which ensures a clean state before the test is executed, in case
there's actually a leftover token.
(cherry picked from commit e786a2e950411fb3ffe1aed140cc4520e4ffd74a)
Allow use of exception (and by extension, assert statements) in the
called function in order to extract essential debug information about
the type of failure that was encountered.
In case the called function fails to succeed on the last retry and
raised an exception, log it as error and set it as the assert message to
propagate it through the pytest framework.
Closes#5324
Backport of MR !10580
Merge branch 'backport-5324-pytest-isctest-run-logging-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10605
For duration measurements, i.e. deadlines and timeouts, it's more
suitable to use monotonic time as it's guaranteed to only go forward,
unlike time.time() which can be affected by local clock settings.
(cherry picked from commit 069e4ef0f72bfe045123db817908460144ff70f7)
Allow use of exception (and by extension, assert statements) in the
called function in order to extract essential debug information about
the type of failure that was encountered.
In case the called function fails to succeed on the last retry and
raised an exception, log it as error and set it as the assert message to
propagate it through the pytest framework.
(cherry picked from commit 620c884133f1cac13efebaf381855462a123927c)
Previously, when a DNSSEC key was purged by one zone view, other zone views would return an error about missing key files. This has been fixed.
Closes#5315
Backport of MR !10550
Merge branch 'backport-5315-fix-spurious-some-key-files-are-missing-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10598
This happens because old key is purged by one zone view, then the other
is freaking out about it.
Keys that are unused or being purged should not be taken into account
when verifying key files are available.
The keyring is maintained per zone. So in one zone, a key in the
keyring is being purged. The corresponding key file is removed.
The key maintenance is done for the other zone view. The key in that
keyring is not yet set to purge, but its corresponding key file is
removed. This leads to "some keys are missing" log errors.
We should not check the purge variable at this point, but the
current time and purge-keys duration.
This commit fixes this erroneous logic.
(cherry picked from commit d494698852e21e25d65d1e2453813a7b19a0a755)
Create a test scenario where a signed zone is in multiple views and
then a key may be purged. This is a bug case where the key files are
removed by one view and then the other view starts complaining.
(cherry picked from commit 752d8617f558130cc552cae0e903aca318a3ef02)
These test cases involve a reconfig, dnssec policy changes.
Backport of MR !10295
Merge branch 'backport-matthijs-pytest-rewrite-kasp-system-test-6-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10594
Now that all tests have been converted, we can remove 'kasp/tests.sh'
and 'kasp/tests_sh_kasp.py'.
(cherry picked from commit 6994a604a7943cccfb60d62a0a38ce8fa8f0e8ed)
Roll the algorithm rollover test cases over to the rollover directory
and rewrite using pytest.
(cherry picked from commit 80992c7b96d0fe1cc10130963766225780dd6ed1)
When going insecure, we publish CDS and CDNSKEY DELETE records. Update
the check_apex function to test this.
Also, skip some tests in the 'check_rollover_step()' function. If
we change the DNSSEC Policy, keys that no longer match the policy will
be retired. When this exactly happens is hard to determine, as it
happens on the reconfigure. So for these tests, we skip the key timing
metadata checks.
Also, the zone becomes unsigned, so don't call 'check_zone_is_signed'
in those cases.
(cherry picked from commit b1d8217d1a39f798983152345f29c48ffa2427f9)
These test cases involve a reconfiguration. The first one is a zone
that changes from dynamic to inline-signing. The others are tests that
key lifetimes are updated correctly after changing them.
(cherry picked from commit de3c0970eb0ef9dea6e18a26f04b2c2810b68da0)
The state files need to be written before trying to identify zsk/ksk
keys. Wait for "keymgr: manual-rollover.kasp done" to appear in
named.run first.
Closes#5371
Backport of MR !10587
Merge branch 'backport-5371-unstable-rollover-tests_rollover-py-test_rollover_manual-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10589
The state files need to be written before trying to identify zsk/ksk
keys. Wait for "keymgr: manual-rollover.kasp done" to appear in
named.run first.
(cherry picked from commit 80fedf7fcf85bb4c51a573c7dc166b36b6f71991)
Add support to display the CO (Compact denial of existence Ok flag) when displaying messages.
Add support to set the CO flag when making queries in dig (+coflag).
Closes#5319
Backport of MR !10482
Merge branch 'backport-5319-add-support-to-set-and-display-the-co-flag-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10578
Dig now support setting the EDNS CO as flag using "+coflag" /
"+nocoflag" rather than as part of +ednsflags.
(cherry picked from commit 6c28411c55d595e3c9ce3f8d1754b24875eb5306)
Add a 1 second delay to ensure file time stamp is different
from last load.
Closes#5365
Backport of MR !10570
Merge branch 'backport-5365-nsec3-test-updates-nsec3-ent-kasp-db-too-fast-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10577
ensure a second has elasped before updating the zone file
by adding 'sleep 1' to test.sh
(cherry picked from commit 52c29e3ab28794e84c629970f097d6fcac2b8dba)
Add a 1 second delay to ensure file time stamp is different
from last load.
Closes#5366
Backport of MR !10571
Merge branch 'backport-5366-test_xferquota-py-reloads-zone-file-too-fast-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10575
ensure a second has elasped before updating the zone file
by adding 'time.sleep(1)' to xferquota/tests_xferquota.py
(cherry picked from commit d8d14cb780410ea0955d7152223e01b7a1b6d1fa)
`delv +ns` invokes the same code to perform name resolution as `named`,
but it neglected to set up an IPv6 dispatch object first. Consequently,
it was behaving more like `named -4`. It now sets up dispatch objects
for both address families, and performs resolver queries to both v4 and v6
addresses, except when one of the address families has been suppressed
by using `delv -4` or `delv -6`.
Closes#5352
Backport of MR !10563
Merge branch 'backport-5352-delv-ipv6-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10573
check that `delv +ns` sends iterative queries over both address
families when -4 and -6 are not used, and suppresses queries
appropriately when they are.
(cherry picked from commit d29f1d171050580fde7e1ff3bc70f4c8157a4c1f)
`delv +ns` invokes the same code to perform name resolution as `named`,
but it neglected to set up an IPv6 dispatch object first. Consequently,
it was behaving more like `named -4`.
It now sets up dispatch objects for both address families, and performs
resolver queries to both v4 and v6 addresses, except when one of the
address families has been suppressed by using `delv -4` or `delv -6`.
(cherry picked from commit 70ce3136bd533b2c3caa8e2f81dd631c85e2eab9)
