From 4d2f5754afdc04d258565600b6a7cd9cbcba68c9 Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Fri, 4 Feb 2022 23:20:03 -0800 Subject: [PATCH] add a test for dnssec-verify -J generate a journal file and confirm that dnssec-verify is able to load it. --- bin/tests/system/verify/clean.sh | 1 + bin/tests/system/verify/tests.sh | 13 +++++++++---- bin/tests/system/verify/zones/genzones.sh | 11 +++++++++++ 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/bin/tests/system/verify/clean.sh b/bin/tests/system/verify/clean.sh index c1d692e95a..3f781e946f 100644 --- a/bin/tests/system/verify/clean.sh +++ b/bin/tests/system/verify/clean.sh @@ -17,3 +17,4 @@ rm -f zones/*.out* rm -f zones/*.tmp rm -f zones/K* rm -f zones/dsset-* +rm -f zones/updated* diff --git a/bin/tests/system/verify/tests.sh b/bin/tests/system/verify/tests.sh index 4ae47f1369..930380fdb0 100644 --- a/bin/tests/system/verify/tests.sh +++ b/bin/tests/system/verify/tests.sh @@ -21,7 +21,7 @@ status=0 for file in zones/*.good do - n=`expr $n + 1` + n=$((n+1)) zone=`expr "$file" : 'zones/\(.*\).good'` echo_i "checking supposedly good zone: $zone ($n)" ret=0 @@ -36,7 +36,7 @@ done for file in zones/*.bad do - n=`expr $n + 1` + n=$((n+1)) zone=`expr "$file" : 'zones/\(.*\).bad'` echo_i "checking supposedly bad zone: $zone ($n)" ret=0 @@ -88,7 +88,7 @@ do [ $dumpit = 1 ] && cat verify.out.$n done -n=`expr $n + 1` +n=$((n+1)) echo_i "checking error message when -o is not used and a SOA record not at top of zone is found ($n)" ret=0 # When -o is not used, origin is set to zone file name, which should cause an error in this case @@ -97,7 +97,7 @@ grep "not at top of zone" verify.out.$n > /dev/null || ret=1 grep "use -o to specify a different zone origin" verify.out.$n > /dev/null || ret=1 [ $ret = 0 ] || failed -n=`expr $n + 1` +n=$((n+1)) echo_i "checking error message when an invalid -o is specified and a SOA record not at top of zone is found ($n)" ret=0 $VERIFY -o invalid.origin zones/ksk+zsk.nsec.good > verify.out.$n 2>&1 && ret=1 @@ -105,5 +105,10 @@ grep "not at top of zone" verify.out.$n > /dev/null || ret=1 grep "use -o to specify a different zone origin" verify.out.$n > /dev/null && ret=1 [ $ret = 0 ] || failed +n=$((n+1)) +echo_i "checking dnssec-verify -J reads journal file ($n)" +$VERIFY -o updated -J zones/updated.other.jnl zones/updated.other > verify.out.$n 2>&1 || ret=1 +[ $ret = 0 ] || failed + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/verify/zones/genzones.sh b/bin/tests/system/verify/zones/genzones.sh index 2884085a1e..2438727aba 100644 --- a/bin/tests/system/verify/zones/genzones.sh +++ b/bin/tests/system/verify/zones/genzones.sh @@ -242,3 +242,14 @@ $4 == "NSEC3" && NF == 9 { cat ${file}.tmp >> ${file} rm -f ${file}.tmp $SIGNER -3 - -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file} $zsk > s.out$n || dumpit s.out$n + +# sign and verify with journal file +setup updated other +$KEYGEN -a rsasha256 ${zone} > kg1.out$n 2>&1 || dumpit kg1.out$n +$KEYGEN -a rsasha256 -fK ${zone} > kg2.out$n 2>&1 || dumpit kg2.out$n +cat unsigned.db $ksk.key $zsk.key > $file +$SIGNER -SPx -o ${zone} -f $file $file > s.out$n || dumpit s.out$n +sed -e '/serial/s/0/1/' $file > ${file}.update +echo "extra 3600 IN A 4.3.2.1" >> ${file}.update +$SIGNER -SPx -o ${zone} -f ${file}.update ${file}.update > s.out$n || dumpit s.out$n +$MAKEJOURNAL updated ${file} ${file}.update ${file}.jnl > mj.out$n 2>&1 || dumpit mj.out$n