upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 15:09:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

add a test for dnssec-verify -J

Browse source 
generate a journal file and confirm that dnssec-verify is able
to load it.
This commit is contained in:
Evan Hunt 2022-02-04 23:20:03 -08:00
parent d2597e3496
commit 4d2f5754af
3 changed files with 21 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
bin/tests/system/verify/clean.sh
View file

@ -17,3 +17,4 @@ rm -f zones/*.out*
rm -f zones/*.tmp
rm -f zones/K*
rm -f zones/dsset-*
rm -f zones/updated*

13
bin/tests/system/verify/tests.sh
View file

@ -21,7 +21,7 @@ status=0
for file in zones/*.good
do
n=`expr $n + 1`
n=$((n+1))
zone=`expr "$file" : 'zones/\(.*\).good'`
echo_i "checking supposedly good zone: $zone ($n)"
ret=0
@ -36,7 +36,7 @@ done
for file in zones/*.bad
do
n=`expr $n + 1`
n=$((n+1))
zone=`expr "$file" : 'zones/\(.*\).bad'`
echo_i "checking supposedly bad zone: $zone ($n)"
ret=0
@ -88,7 +88,7 @@ do
[ $dumpit = 1 ] && cat verify.out.$n
done
n=`expr $n + 1`
n=$((n+1))
echo_i "checking error message when -o is not used and a SOA record not at top of zone is found ($n)"
ret=0
# When -o is not used, origin is set to zone file name, which should cause an error in this case
@ -97,7 +97,7 @@ grep "not at top of zone" verify.out.$n > /dev/null || ret=1
grep "use -o to specify a different zone origin" verify.out.$n > /dev/null || ret=1
[ $ret = 0 ] || failed
n=`expr $n + 1`
n=$((n+1))
echo_i "checking error message when an invalid -o is specified and a SOA record not at top of zone is found ($n)"
ret=0
$VERIFY -o invalid.origin zones/ksk+zsk.nsec.good > verify.out.$n 2>&1 && ret=1
@ -105,5 +105,10 @@ grep "not at top of zone" verify.out.$n > /dev/null || ret=1
grep "use -o to specify a different zone origin" verify.out.$n > /dev/null && ret=1
[ $ret = 0 ] || failed
n=$((n+1))
echo_i "checking dnssec-verify -J reads journal file ($n)"
$VERIFY -o updated -J zones/updated.other.jnl zones/updated.other > verify.out.$n 2>&1 || ret=1
[ $ret = 0 ] || failed
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

11
bin/tests/system/verify/zones/genzones.sh
View file

@ -242,3 +242,14 @@ $4 == "NSEC3" && NF == 9 {
cat ${file}.tmp >> ${file}
rm -f ${file}.tmp
$SIGNER -3 - -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file} $zsk > s.out$n || dumpit s.out$n
# sign and verify with journal file
setup updated other
$KEYGEN -a rsasha256 ${zone} > kg1.out$n 2>&1 || dumpit kg1.out$n
$KEYGEN -a rsasha256 -fK ${zone} > kg2.out$n 2>&1 || dumpit kg2.out$n
cat unsigned.db $ksk.key $zsk.key > $file
$SIGNER -SPx -o ${zone} -f $file $file > s.out$n || dumpit s.out$n
sed -e '/serial/s/0/1/' $file > ${file}.update
echo "extra 3600 IN A 4.3.2.1" >> ${file}.update
$SIGNER -SPx -o ${zone} -f ${file}.update ${file}.update > s.out$n || dumpit s.out$n
$MAKEJOURNAL updated ${file} ${file}.update ${file}.jnl > mj.out$n 2>&1 || dumpit mj.out$n