- added tests to the dnssec system test that duplicate the ones
from bin/tests/dnssec-signzone
- changed cleanall.sh so it doesn't automatically remove all
key files, because there are now some of those that are part of the
distribution
- some of these tests are obsolete and should be cleared up,
others overlap with ATF tests and may be removed later.
for now, let's just tidy up the bin/tests directory by
moving these files down a level.
- in unittest step, explicitly preserve kyua.log or atf.out
- preserve kyua results database if present
- generate HTML report from kyua results if available
Using fixed make concurrency settings on all runners is not flexible and
requires .gitlab-ci.yml to be modified each time tweaking these settings
is needed. Use environment variables which are expected to be set by
the runner (defaulting to 1 in case they are not set) for controlling
make concurrency.
Our current CI configuration causes ccache data to be zipped after each
job and also included in build artifacts, which will quickly become
infeasible as ccache data grows. Instead of asking gitlab-runner to
preserve ccache data between jobs, keep a separate ccache directory on
each runner, expecting it to be accessible at /ccache when a CI job is
run. As this requires gitlab-runner to be configured in a specific way,
do not use ccache at all in case the ccache directory is not found while
building.
Given the characteristics of the three timestamps involved in file
modification time checks in the cds system test (each one is an hour
apart from the next), reduce the resolution of these checks to 1 minute.
This will prevent intermittent false negatives caused by exceeding the
currently allowed difference of 9 seconds between file modification
times without making the test moot.
Also note that by using abs(), checkmtime.pl allows the cds system test
to pass when the modification time of the checked file is less than an
hour (or two hours for the second check) in the past. This should never
happen, so remove abs() from the condition checked by checkmtime.pl.
Calling nextpart() after reconfiguring ns1 is not safe, because the
expected log message may appear in ns5/named.run before nextpart() is
run. With the TTL for ./DNSKEY set to 20 seconds, ns5 will refresh it
after 10 seconds, by which time wait_for_log() will already have failed.
This results in a false negative.
However, just calling nextpart() before reconfiguring ns1 would
introduce a different problem: if ns5 refreshed ./DNSKEY between these
two steps, the subsequent wait_for_log() call would return immediately
as it would come across the log message about a failure while refreshing
./DNSKEY instead of the expected success. This in turn would result in
a different false negative as the root key would still be uninitialized
by the time "rndc secroots" is called.
Prevent both kinds of false negatives by:
- calling nextpart() before reconfiguring ns1, in order to prevent the
first case described above,
- looking for a more specific log message, in order to prevent the
second case described above.
Also look for a more specific log message in the first part of the
relevant check, not to fix any problem, but just to emphasize that a
different fetch result is expected in that case.
With these tweaks in place, if a (failed) ./DNSKEY refresh is scheduled
between nextpart() and reconfiguring ns1, wait_for_log() will just wait
for two more seconds (one "hour"), at which point another refresh
attempt will be made that will succeed.
Add a GitLab CI precheck stage to check for up-to-date copyright information and sequential CHANGES notes.
Closes#76
See merge request isc-projects/bind9!42
