upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-08 19:52:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch '284-unify-keyfile-to-configuration-conversions-in-system-tests' into 'master'

Browse source 
Unify keyfile-to-configuration conversions in system tests

Closes #284

See merge request isc-projects/bind9!312
This commit is contained in:
Michał Kępień 2018-06-13 02:06:15 -04:00
commit 337e37a6cf
23 changed files with 119 additions and 284 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
bin/tests/system/autosign/ns1/keygen.sh
View file

@ -33,28 +33,12 @@ rm $zsknopriv.private
ksksby=`$KEYGEN -3 -a RSASHA1 -q -P now -A now+15s -fk $zone`
kskrev=`$KEYGEN -3 -a RSASHA1 -q -R now+15s -fk $zone`
cat $ksksby.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $ksksby > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
cat $kskrev.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $kskrev > trusted.conf
cp trusted.conf ../ns5/trusted.conf
echo $zskact > ../active.key

10
bin/tests/system/autosign/ns2/keygen.sh
View file

@ -36,15 +36,7 @@ zonefile="${zone}.db"
infile="${zonefile}.in"
ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone`
$KEYGEN -a RSASHA1 -3 -q $zone > /dev/null
cat $ksk.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > private.conf
keyfile_to_trusted_keys $ksk > private.conf
cp private.conf ../ns4/private.conf
$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null 2>&1

35
bin/tests/system/conf.sh.in
View file

@ -254,6 +254,41 @@ digcomp() {
# Useful functions in test scripts
#
# keyfile_to_keys_section: helper function for keyfile_to_*_keys() which
# converts keyfile data into a configuration section using the supplied
# parameters
keyfile_to_keys_section() {
section_name=$1
key_prefix=$2
shift
shift
echo "$section_name {"
for keyname in $*; do
awk '!/^; /{
printf "\t\""$1"\" "
printf "'"$key_prefix"'"
printf $4 " " $5 " " $6 " \""
for (i=7; i<=NF; i++) printf $i
printf "\";\n"
}' $keyname.key
done
echo "};"
}
# keyfile_to_trusted_keys: convert key data contained in the keyfile(s)
# provided to a "trusted-keys" section suitable for including in a
# resolver's configuration file
keyfile_to_trusted_keys() {
keyfile_to_keys_section "trusted-keys" "" $*
}
# keyfile_to_managed_keys: convert key data contained in the keyfile(s)
# provided to a "managed-keys" section suitable for including in a
# resolver's configuration file
keyfile_to_managed_keys() {
keyfile_to_keys_section "managed-keys" "initial-key " $*
}
# nextpart: read everything that's been appended to a file since the
# last time 'nextpart' was called.
nextpart () {

35
bin/tests/system/conf.sh.win32
View file

@ -231,6 +231,41 @@ digcomp() {
# Useful functions in test scripts
#
# keyfile_to_keys_section: helper function for keyfile_to_*_keys() which
# converts keyfile data into a configuration section using the supplied
# parameters
keyfile_to_keys_section() {
section_name=$1
key_prefix=$2
shift
shift
echo "$section_name {"
for keyname in $*; do
awk '!/^; /{
printf "\t\""$1"\" "
printf "'"$key_prefix"'"
printf $4 " " $5 " " $6 " \""
for (i=7; i<=NF; i++) printf $i
printf "\";\n"
}' $keyname.key
done
echo "};"
}
# keyfile_to_trusted_keys: convert key data contained in the keyfile(s)
# provided to a "trusted-keys" section suitable for including in a
# resolver's configuration file
keyfile_to_trusted_keys() {
keyfile_to_keys_section "trusted-keys" "" $*
}
# keyfile_to_managed_keys: convert key data contained in the keyfile(s)
# provided to a "managed-keys" section suitable for including in a
# resolver's configuration file
keyfile_to_managed_keys() {
keyfile_to_keys_section "managed-keys" "initial-key " $*
}
# nextpart: read everything that's been appended to a file since the
# last time 'nextpart' was called.
nextpart () {

11
bin/tests/system/dlv/ns1/sign.sh
View file

@ -32,14 +32,5 @@ $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signe
echo_i "signed $zone"
grep -v '^;' $keyname2.key | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $keyname2 > trusted.conf
cp trusted.conf ../ns5

11
bin/tests/system/dlv/ns3/sign.sh
View file

@ -280,16 +280,7 @@ cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
grep -v '^;' $keyname2.key | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted-dlv.conf
keyfile_to_trusted_keys $keyname2 > trusted-dlv.conf
cp trusted-dlv.conf ../ns5
cp $dssets ../ns2

25
bin/tests/system/dnssec/ns1/sign.sh
View file

@ -34,32 +34,17 @@ cat $infile $keyname.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
# ...or with a managed key.
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
managed-keys {
"$dn" initial-key $flags $proto $alg "$key";
};
EOF
' > managed.conf
keyfile_to_trusted_keys $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
cp trusted.conf ../ns6/trusted.conf
cp trusted.conf ../ns7/trusted.conf
# ...or with a managed key.
keyfile_to_managed_keys $keyname > managed.conf
cp managed.conf ../ns4/managed.conf
#
# Save keyid for managed key id test.
#

10
bin/tests/system/dnssec/ns5/sign.sh
View file

@ -19,15 +19,7 @@ zonefile=root.db.signed
keyname=`$KEYGEN -a RSASHA1 -qfk $zone`
# copy the KSK out first, then revoke it
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
managed-keys {
"$dn" initial-key $flags $proto $alg "$key";
};
EOF
' > revoked.conf
keyfile_to_managed_keys $keyname > revoked.conf
$SETTIME -R now ${keyname}.key > /dev/null

11
bin/tests/system/dsdigest/ns1/sign.sh
View file

@ -29,16 +29,7 @@ cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
cat $key2.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $key2 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf

11
bin/tests/system/ecdsa/ns1/sign.sh
View file

@ -25,14 +25,5 @@ cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
# Configure the resolving server with a trusted key.
cat $key1.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $key1 > trusted.conf
cp trusted.conf ../ns2/trusted.conf

11
bin/tests/system/eddsa/ns1/sign.sh
View file

@ -26,16 +26,7 @@ cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
# Configure the resolving server with a trusted key.
cat $key1.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $key1 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cd ../ns2 && $SHELL sign.sh

11
bin/tests/system/inline/ns1/sign.sh
View file

@ -20,14 +20,5 @@ keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1
[ $? = 0 ] || cat signer.out
cat ${keyname}.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $keyname > trusted.conf
cp trusted.conf ../ns6/trusted.conf

10
bin/tests/system/legacy/ns7/sign.sh
View file

@ -28,13 +28,5 @@ cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err
grep -v '^;' $keyname2.key | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $keyname2 > trusted.conf
cp trusted.conf ../ns1

22
bin/tests/system/mkeys/ns1/sign.sh
View file

@ -21,29 +21,13 @@ zskkeyname=`$KEYGEN -a rsasha256 -q $zone`
$SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null
# Configure the resolving server with a managed trusted key.
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
managed-keys {
"$dn" initial-key $flags $proto $alg "$key";
};
EOF
' > managed.conf
keyfile_to_managed_keys $keyname > managed.conf
cp managed.conf ../ns2/managed.conf
cp managed.conf ../ns4/managed.conf
cp managed.conf ../ns5/managed.conf
# Configure a trusted key statement (used by delve)
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
# Configure a trusted key statement (used by delv)
keyfile_to_trusted_keys $keyname > trusted.conf
#
# Save keyname and keyid for managed key id test.

41
bin/tests/system/mkeys/tests.sh
View file

@ -84,6 +84,9 @@ mkeys_secroots_on() {
$RNDCCMD 10.53.0.${nsidx} secroots | sed "s/^/ns${nsidx} /" | cat_i
}
original=`cat ns1/managed.key`
originalid=`cat ns1/managed.key.id`
status=0
n=1
@ -191,7 +194,7 @@ ret=0
echo_i "restore untrusted standby key, revoke original key ($n)"
t1=$t2
$SETTIME -D none -K ns1 $standby1 > /dev/null
$SETTIME -R now -K ns1 `cat ns1/managed.key` > /dev/null
$SETTIME -R now -K ns1 $original > /dev/null
mkeys_loadkeys_on 1
# Less than a second may have passed since the last time ns2 received a
# ./DNSKEY response from ns1. Ensure keys are refreshed at a different
@ -261,9 +264,9 @@ n=`expr $n + 1`
ret=0
echo_i "restore revoked key, ensure same result ($n)"
t1=$t2
$SETTIME -R none -D now -K ns1 `cat ns1/managed.key` > /dev/null
$SETTIME -R none -D now -K ns1 $original > /dev/null
mkeys_loadkeys_on 1
$SETTIME -D none -K ns1 `cat ns1/managed.key` > /dev/null
$SETTIME -D none -K ns1 $original > /dev/null
mkeys_loadkeys_on 1
# Less than a second may have passed since the last time ns2 received a
# ./DNSKEY response from ns1. Ensure keys are refreshed at a different
@ -298,17 +301,7 @@ status=`expr $status + $ret`
echo_i "reinitialize trust anchors, add second key to bind.keys"
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} . ns2
rm -f ns2/managed-keys.bind*
cat ns1/$standby1.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
local $originalkey = `grep initial-key ns2/managed1.conf`;
print <<EOF
managed-keys {
$originalkey
"$dn" initial-key $flags $proto $alg "$key";
};
EOF
' > ns2/managed.conf
keyfile_to_managed_keys ns1/$original ns1/$standby1 > ns2/managed.conf
nextpart ns2/named.run > /dev/null
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns2
@ -349,7 +342,7 @@ n=`expr $n + 1`
echo_i "revoke original key, add new standby ($n)"
ret=0
standby2=`$KEYGEN -a rsasha256 -qfk -K ns1 .`
$SETTIME -R now -K ns1 `cat ns1/managed.key` > /dev/null
$SETTIME -R now -K ns1 $original > /dev/null
mkeys_loadkeys_on 1
mkeys_refresh_on 2
mkeys_status_on 2 > rndc.out.$n 2>&1
@ -435,7 +428,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "revoke all keys, confirm roll to insecure ($n)"
ret=0
$SETTIME -D now -K ns1 `cat ns1/managed.key` > /dev/null
$SETTIME -D now -K ns1 $original > /dev/null
$SETTIME -R now -K ns1 $standby1 > /dev/null
$SETTIME -R now -K ns1 $standby2 > /dev/null
mkeys_loadkeys_on 1
@ -471,7 +464,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i "reset the root server"
$SETTIME -D none -R none -K ns1 `cat ns1/managed.key` > /dev/null
$SETTIME -D none -R none -K ns1 $original > /dev/null
$SETTIME -D now -K ns1 $standby1 > /dev/null
$SETTIME -D now -K ns1 $standby2 > /dev/null
$SIGNER -Sg -K ns1 -N unixtime -o . ns1/root.db > /dev/null 2>/dev/null
@ -498,9 +491,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "revoke key with bad signature, check revocation is ignored ($n)"
ret=0
orig=`cat ns1/managed.key`
keyid=`cat ns1/managed.key.id`
revoked=`$REVOKE -K ns1 $orig`
revoked=`$REVOKE -K ns1 $original`
rkeyid=`expr $revoked : 'ns1/K\.+00.+0*\([1-9]*[0-9]*[0-9]\)'`
rm -f ns1/root.db.signed.jnl
# We need to activate at least one valid DNSKEY to prevent dnssec-signzone from
@ -525,8 +516,8 @@ mkeys_status_on 2 > rndc.out.$n 2>&1
count=`grep -c "keyid: " rndc.out.$n`
[ "$count" -eq 1 ] || { echo "'keyid:' count ($count) != 1"; ret=1; }
# it's the original key id
count=`grep -c "keyid: $keyid" rndc.out.$n`
[ "$count" -eq 1 ] || { echo "'keyid: $keyid' count ($count) != 1"; ret=1; }
count=`grep -c "keyid: $originalid" rndc.out.$n`
[ "$count" -eq 1 ] || { echo "'keyid: $originalid' count ($count) != 1"; ret=1; }
# not revoked
count=`grep -c "REVOKE" rndc.out.$n`
[ "$count" -eq 0 ] || { echo "'REVOKE' count ($count) != 0"; ret=1; }
@ -552,7 +543,7 @@ echo_i "restore DNSKEY rrset, check validation succeeds again ($n)"
ret=0
rm -f ${revoked}.key ${revoked}.private
rm -f ns1/root.db.signed.jnl
$SETTIME -D none -R none -K ns1 `cat ns1/managed.key` > /dev/null
$SETTIME -D none -R none -K ns1 $original > /dev/null
$SETTIME -D now -K ns1 $standby1 > /dev/null
# Less than a second may have passed since ns1 was started. If we call
# dnssec-signzone immediately, ns1/root.db.signed will not be reloaded by the
@ -593,7 +584,7 @@ mkeys_status_on 2 > rndc.out.$n 2>&1
count=`grep -c "keyid: " rndc.out.$n`
[ "$count" -eq 1 ] || ret=1
# it's the original key id
count=`grep -c "keyid: $keyid" rndc.out.$n`
count=`grep -c "keyid: $originalid" rndc.out.$n`
[ "$count" -eq 1 ] || ret=1
# not revoked
count=`grep -c "REVOKE" rndc.out.$n`
@ -631,7 +622,7 @@ mkeys_status_on 2 > rndc.out.$n 2>&1
count=`grep -c "keyid: " rndc.out.$n`
[ "$count" -eq 1 ] || ret=1
# it's the original key id
count=`grep -c "keyid: $keyid" rndc.out.$n`
count=`grep -c "keyid: $originalid" rndc.out.$n`
[ "$count" -eq 1 ] || ret=1
# not revoked
count=`grep -c "REVOKE" rndc.out.$n`

11
bin/tests/system/pending/ns1/sign.sh
View file

@ -28,16 +28,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
# Configure the resolving server with a trusted key.
cat $keyname2.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $keyname2 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf

12
bin/tests/system/resolver/ns6/keygen.sh
View file

@ -30,13 +30,5 @@ zsk=`$KEYGEN -q -a rsasha256 $zone`
cat $ksk.key $zsk.key dsset-ds.example.net$TP >> $zonefile
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
# Configure a trusted key statement (used by delve)
cat $ksk.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > ../ns5/trusted.conf
# Configure a trusted key statement (used by delv)
keyfile_to_trusted_keys $ksk > ../ns5/trusted.conf

11
bin/tests/system/rootkeysentinel/ns1/sign.sh
View file

@ -28,16 +28,7 @@ cat $infile $keyname.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf

11
bin/tests/system/rsabigexponent/ns1/sign.sh
View file

@ -25,16 +25,7 @@ cat $infile $keyname.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf

22
bin/tests/system/sfcache/ns1/sign.sh
View file

@ -27,24 +27,8 @@ cat $infile $keyname.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
# ...or with a managed key.
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
managed-keys {
"$dn" initial-key $flags $proto $alg "$key";
};
EOF
' > managed.conf
cp trusted.conf ../ns2/trusted.conf
keyfile_to_managed_keys $keyname > managed.conf

22
bin/tests/system/staticstub/ns3/sign.sh
View file

@ -27,16 +27,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
# Configure the resolving server with a trusted key.
cat $keyname2.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $keyname2 > trusted.conf
zone=undelegated
infile=undelegated.db.in
@ -47,14 +38,5 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
cat $keyname2.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' >> trusted.conf
keyfile_to_trusted_keys $keyname2 >> trusted.conf
cp trusted.conf ../ns2/trusted.conf

10
bin/tests/system/synthfromdnssec/ns1/sign.sh
View file

@ -32,12 +32,4 @@ cat $infile $keyname.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $keyname > trusted.conf

30
bin/tests/system/wildcard/ns1/sign.sh
View file

@ -57,15 +57,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
grep -v '^;' $keyname2.key | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > private.nsec.conf
keyfile_to_trusted_keys $keyname2 > private.nsec.conf
zone=nsec3.
infile=nsec3.db.in
@ -94,15 +86,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
grep -v '^;' $keyname2.key | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > private.nsec3.conf
keyfile_to_trusted_keys $keyname2 > private.nsec3.conf
zone=.
infile=root.db.in
@ -117,12 +101,4 @@ cat $infile $keyname1.key $keyname2.key $dssets >$zonefile
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
grep -v '^;' $keyname2.key | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
keyfile_to_trusted_keys $keyname2 > trusted.conf