diff --git a/bin/tests/system/cds/setup.sh b/bin/tests/system/cds/setup.sh index c3ec8a23fe..6de5de5acb 100644 --- a/bin/tests/system/cds/setup.sh +++ b/bin/tests/system/cds/setup.sh @@ -11,10 +11,12 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -set -eu +set -e . ../conf.sh +set -u + touch empty Z=cds.test diff --git a/bin/tests/system/ckdnsrps.sh b/bin/tests/system/ckdnsrps.sh index 846c95f100..3063adb00f 100644 --- a/bin/tests/system/ckdnsrps.sh +++ b/bin/tests/system/ckdnsrps.sh @@ -69,7 +69,7 @@ else add_conf "## testing with DNSRPS" fi -if [ ! -x $DNSRPS_CMD ]; then +if [ ! -x "$DNSRPS_CMD" ]; then add_conf "## make $DNSRPS_CMD to test DNSRPS" add_conf '#skip' exit 0 diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index 0ef94436e3..0e7431ff6d 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -27,7 +27,11 @@ export ARPANAME=$TOP_BUILDDIR/bin/tools/arpaname export CDS=$TOP_BUILDDIR/bin/dnssec/dnssec-cds export CHECKCONF=$TOP_BUILDDIR/bin/check/named-checkconf export CHECKZONE=$TOP_BUILDDIR/bin/check/named-checkzone -export DELV=$TOP_BUILDDIR/bin/delv/delv +if [ -z "$TSAN_OPTIONS" ]; then # workaround for GL#4119 + export DELV=$TOP_BUILDDIR/bin/delv/delv +else + export DELV=: +fi export DIG=$TOP_BUILDDIR/bin/dig/dig export DNSTAPREAD=$TOP_BUILDDIR/bin/tools/dnstap-read export DSFROMKEY=$TOP_BUILDDIR/bin/dnssec/dnssec-dsfromkey diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 966c891e2a..18d0d7577b 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -197,7 +197,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking positive validation NSEC using dns_client ($n)" delv_with_opts @10.53.0.4 a a.example > delv.out$n || ret=1 @@ -229,7 +229,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking positive validation NSEC3 using dns_client ($n)" delv_with_opts @10.53.0.4 a a.nsec3.example > delv.out$n || ret=1 @@ -254,7 +254,7 @@ status=$((status+ret)) SP="[[:space:]]+" -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking positive validation OPTOUT using dns_client ($n)" delv_with_opts @10.53.0.4 a a.optout.example > delv.out$n || ret=1 @@ -280,7 +280,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking positive wildcard validation NSEC using dns_client ($n)" delv_with_opts @10.53.0.4 a a.wild.example > delv.out$n || ret=1 @@ -322,7 +322,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking positive wildcard validation NSEC3 using dns_client ($n)" delv_with_opts @10.53.0.4 a a.wild.nsec3.example > delv.out$n || ret=1 @@ -348,7 +348,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking positive wildcard validation OPTOUT using dns_client ($n)" delv_with_opts @10.53.0.4 a a.wild.optout.example > delv.out$n || ret=1 @@ -370,7 +370,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking negative validation NXDOMAIN NSEC using dns_client ($n)" delv_with_opts @10.53.0.4 a q.example > delv.out$n 2>&1 || ret=1 @@ -393,7 +393,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking negative validation NXDOMAIN NSEC3 using dns_client ($n)" delv_with_opts @10.53.0.4 a q.nsec3.example > delv.out$n 2>&1 || ret=1 @@ -417,7 +417,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking negative validation NXDOMAIN OPTOUT using dns_client ($n)" delv_with_opts @10.53.0.4 a q.optout.example > delv.out$n 2>&1 || ret=1 @@ -439,7 +439,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking negative validation NODATA OPTOUT using dns_client ($n)" delv_with_opts @10.53.0.4 txt a.example > delv.out$n 2>&1 || ret=1 @@ -463,7 +463,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking negative validation NODATA NSEC3 using dns_client ($n)" delv_with_opts @10.53.0.4 txt a.nsec3.example > delv.out$n 2>&1 || ret=1 @@ -487,7 +487,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking negative validation NODATA OPTOUT using dns_client ($n)" delv_with_opts @10.53.0.4 txt a.optout.example > delv.out$n 2>&1 || ret=1 @@ -508,7 +508,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking negative wildcard validation NSEC using dns_client ($n)" delv_with_opts @10.53.0.4 txt b.wild.example > delv.out$n 2>&1 || ret=1 @@ -528,7 +528,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking negative wildcard validation NSEC3 using dns_client ($n)" delv_with_opts @10.53.0.4 txt b.wild.nsec3.example > delv.out$n 2>&1 || ret=1 @@ -552,7 +552,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking negative wildcard validation OPTOUT using dns_client ($n)" delv_with_opts @10.53.0.4 txt b.optout.nsec3.example > delv.out$n 2>&1 || ret=1 @@ -576,7 +576,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking 1-server insecurity proof NSEC using dns_client ($n)" delv_with_opts @10.53.0.4 a a.insecure.example > delv.out$n || ret=1 @@ -598,7 +598,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking 1-server insecurity proof NSEC3 using dns_client ($n)" delv_with_opts @10.53.0.4 a a.insecure.nsec3.example > delv.out$n || ret=1 @@ -620,7 +620,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking 1-server insecurity proof OPTOUT using dns_client ($n)" delv_with_opts @10.53.0.4 a a.insecure.optout.example > delv.out$n || ret=1 @@ -644,7 +644,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking 1-server negative insecurity proof NSEC using dns_client ($n)" delv_with_opts @10.53.0.4 a q.insecure.example > delv.out$n 2>&1 || ret=1 @@ -668,7 +668,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking 1-server negative insecurity proof NSEC3 using dns_client ($n)" delv_with_opts @10.53.0.4 a q.insecure.nsec3.example > delv.out$n 2>&1 || ret=1 @@ -692,7 +692,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking 1-server negative insecurity proof OPTOUT using dns_client ($n)" delv_with_opts @10.53.0.4 a q.insecure.optout.example > delv.out$n 2>&1 || ret=1 @@ -889,7 +889,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking failed validation using dns_client ($n)" delv_with_opts +cd @10.53.0.4 a a.bogus.example > delv.out$n 2>&1 || ret=1 @@ -934,7 +934,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking that validation fails when key record is missing using dns_client ($n)" delv_with_opts +cd @10.53.0.4 a a.b.keyless.example > delv.out$n 2>&1 || ret=1 @@ -953,7 +953,7 @@ n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) -if [ -x ${DELV} ] ; then +if [ -x "${DELV}" ] ; then ret=0 echo_i "checking that validation succeeds when a revoked key is encountered using dns_client ($n)" delv_with_opts +cd @10.53.0.4 soa revkey.example > delv.out$n 2>&1 || ret=1 diff --git a/bin/tests/system/mkeys/tests.sh b/bin/tests/system/mkeys/tests.sh index 062149602c..a82cff8a78 100644 --- a/bin/tests/system/mkeys/tests.sh +++ b/bin/tests/system/mkeys/tests.sh @@ -111,15 +111,17 @@ grep "example..*.RRSIG..*TXT" dig.out.ns2.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) -n=$((n+1)) -ret=0 -echo_i "check positive validation using delv ($n)" -delv_with_opts @10.53.0.1 txt example > delv.out$n || ret=1 -grep "; fully validated" delv.out$n > /dev/null || ret=1 # redundant -grep "example..*TXT.*This is a test" delv.out$n > /dev/null || ret=1 -grep "example..*.RRSIG..*TXT" delv.out$n > /dev/null || ret=1 -if [ $ret != 0 ]; then echo_i "failed"; fi -status=$((status+ret)) +if [ -x "$DELV" ]; then + n=$((n+1)) + ret=0 + echo_i "check positive validation using delv ($n)" + delv_with_opts @10.53.0.1 txt example > delv.out$n || ret=1 + grep "; fully validated" delv.out$n > /dev/null || ret=1 # redundant + grep "example..*TXT.*This is a test" delv.out$n > /dev/null || ret=1 + grep "example..*.RRSIG..*TXT" delv.out$n > /dev/null || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) +fi n=$((n+1)) echo_i "check for failed validation due to wrong key in managed-keys ($n)" diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index 5f8bd01bda..ddad687641 100755 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh @@ -37,7 +37,7 @@ grep "status: NXDOMAIN" dig.out.ns1.test${n} > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -if [ -x ${RESOLVE} ] ; then +if [ -x "${RESOLVE}" ] ; then n=$((n+1)) echo_i "checking non-cachable NXDOMAIN response handling using dns_client ($n)" ret=0 @@ -47,7 +47,7 @@ if [ -x ${RESOLVE} ] ; then status=$((status + ret)) fi -if [ -x ${RESOLVE} ] ; then +if [ -x "${RESOLVE}" ] ; then n=$((n+1)) echo_i "checking that local bound address can be set (Can't query from a denied address) ($n)" ret=0 @@ -73,7 +73,7 @@ grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -if [ -x ${RESOLVE} ] ; then +if [ -x "${RESOLVE}" ] ; then n=$((n+1)) echo_i "checking non-cachable NODATA response handling using dns_client ($n)" ret=0 @@ -88,7 +88,7 @@ echo_i "checking handling of bogus referrals ($n)" # If the server has the "INSIST(!external)" bug, this query will kill it. dig_with_opts +tcp www.example.com. a @10.53.0.1 >/dev/null || { echo_i "failed"; status=$((status + 1)); } -if [ -x ${RESOLVE} ] ; then +if [ -x "${RESOLVE}" ] ; then n=$((n+1)) echo_i "checking handling of bogus referrals using dns_client ($n)" ret=0 @@ -135,7 +135,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -if [ -x ${RESOLVE} ] ; then +if [ -x "${RESOLVE}" ] ; then n=$((n+1)) echo_i "checking answer IPv4 address filtering using dns_client (accept) ($n)" ret=0 @@ -153,7 +153,7 @@ grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -if [ -x ${RESOLVE} ] ; then +if [ -x "${RESOLVE}" ] ; then n=$((n+1)) echo_i "checking answer IPv6 address filtering using dns_client (accept) ($n)" ret=0 @@ -179,7 +179,7 @@ grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -if [ -x ${RESOLVE} ] ; then +if [ -x "${RESOLVE}" ] ; then n=$((n+1)) echo_i "checking CNAME target filtering using dns_client (accept) ($n)" ret=0 @@ -198,7 +198,7 @@ grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -if [ -x ${RESOLVE} ] ; then +if [ -x "${RESOLVE}" ] ; then n=$((n+1)) echo_i "checking CNAME target filtering using dns_client (accept due to subdomain) ($n)" ret=0 @@ -226,7 +226,7 @@ grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -if [ -x ${RESOLVE} ] ; then +if [ -x "${RESOLVE}" ] ; then n=$((n+1)) echo_i "checking DNAME target filtering using dns_client (accept) ($n)" ret=0 @@ -245,7 +245,7 @@ grep "status: NOERROR" dig.out.ns1.test${n} > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) -if [ -x ${RESOLVE} ] ; then +if [ -x "${RESOLVE}" ] ; then n=$((n+1)) echo_i "checking DNAME target filtering using dns_client (accept due to subdomain) ($n)" ret=0 diff --git a/bin/tests/system/rpz/qperf.sh b/bin/tests/system/rpz/qperf.sh index 0b1d3fff1a..dc79de9311 100644 --- a/bin/tests/system/rpz/qperf.sh +++ b/bin/tests/system/rpz/qperf.sh @@ -13,7 +13,7 @@ for QDIR in `echo "$PATH" | tr : ' '` ../../../../contrib/queryperf; do QPERF=$QDIR/queryperf - if test -f $QPERF -a -x $QPERF; then + if test -f "$QPERF" -a -x "$QPERF"; then echo $QPERF exit 0 fi diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh index 1400b5c657..0d2dea57e0 100644 --- a/bin/tests/system/rpz/tests.sh +++ b/bin/tests/system/rpz/tests.sh @@ -66,7 +66,7 @@ comment () { DNSRPSCMD=./dnsrps RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s" -if test -x $DNSRPSCMD; then +if test -x "$DNSRPSCMD"; then # speed up the many delays for dnsrpzd by waiting only 0.1 seconds WAIT_CMD="$DNSRPSCMD -w 0.1" TEN_SECS=100