upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-27 12:13:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

rollover-straight2none: From setup.sh to pytest bootstrap

Browse source 
Similar to rollover-going-insecure.

(cherry picked from commit da04c75cec)
This commit is contained in:
Matthijs Mekking 2025-11-28 12:42:21 +01:00
parent e403f6dc2c
commit 74ed63eb8d
11 changed files with 88 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
bin/tests/system/rollover-straight2none/ns1 Symbolic link
View file

@ -0,0 +1 @@
../rollover/ns1

1
bin/tests/system/rollover-straight2none/ns2 Symbolic link
View file

@ -0,0 +1 @@
../rollover/ns2

1
bin/tests/system/rollover-straight2none/ns3/kasp.conf Symbolic link
View file

@ -0,0 +1 @@
../../rollover-going-insecure/ns3/kasp.conf

1
bin/tests/system/rollover-straight2none/ns3/kasp.conf.j2
View file

@ -1 +0,0 @@
../../rollover-going-insecure/ns3/kasp.conf.j2

1
bin/tests/system/rollover-straight2none/ns3/template.db.in
View file

@ -1 +0,0 @@
../../rollover/ns3/template.db.in

1
bin/tests/system/rollover-straight2none/ns3/template.db.j2.manual Symbolic link
View file

@ -0,0 +1 @@
../../rollover/ns3/template.db.j2.manual

1
bin/tests/system/rollover-straight2none/ns3/trusted.conf.j2 Symbolic link
View file

@ -0,0 +1 @@
../../_common/trusted.conf.j2

53
bin/tests/system/rollover-straight2none/setup.sh
View file

@ -1,53 +0,0 @@
#!/bin/sh -e
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
# shellcheck source=conf.sh
. ../conf.sh
cd "ns3"
setup() {
zone="$1"
echo_i "setting up zone: $zone"
zonefile="${zone}.db"
infile="${zone}.db.infile"
}
# Make lines shorter by storing key states in environment variables.
H="HIDDEN"
R="RUMOURED"
O="OMNIPRESENT"
U="UNRETENTIVE"
# These zones are going straight to "none" policy. This is undefined behavior.
T="now-10d"
S="now-12955mi"
csktimes="-P $T -A $T -P sync $S"
setup going-straight-to-none.kasp
echo "$zone" >>zones
CSK=$($KEYGEN -k default $csktimes $zone 2>keygen.out.$zone.1)
$SETTIME -s -g $O -k $O $TactN -z $O $TactN -r $O $TactN -d $O $TactN "$CSK" >settime.out.$zone.1 2>&1
cat template.db.in "${CSK}.key" >"$infile"
private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >>"$infile"
cp $infile $zonefile
$SIGNER -S -z -x -s now-1h -e now+2w -o $zone -O raw -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1
setup going-straight-to-none-dynamic.kasp
echo "$zone" >>zones
CSK=$($KEYGEN -k default $csktimes $zone 2>keygen.out.$zone.1)
$SETTIME -s -g $O -k $O $TactN -z $O $TactN -r $O $TactN -d $O $TactN "$CSK" >settime.out.$zone.1 2>&1
cat template.db.in "${CSK}.key" >"$infile"
private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >>"$infile"
cp $infile $zonefile
$SIGNER -S -z -x -s now-1h -e now+2w -o $zone -O full -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1

22
bin/tests/system/rollover-straight2none/tests_rollover_straight2none_initial.py
View file

@ -22,6 +22,28 @@ from rollover.common import (
DURATION,
DEFAULT_CONFIG,
)
from rollover.setup import (
configure_root,
configure_tld,
configure_straight2none,
)
def bootstrap():
data = {
"tlds": [],
"trust_anchors": [],
}
tlds = []
tld_name = "kasp"
delegations = configure_straight2none(tld_name)
tld = configure_tld(tld_name, delegations)
tlds.append(tld)
data["tlds"].append(tld_name)
ta = configure_root(tlds)
data["trust_anchors"].append(ta)
return data
@pytest.mark.parametrize(

22
bin/tests/system/rollover-straight2none/tests_rollover_straight2none_reconfig.py
View file

@ -22,6 +22,28 @@ from rollover.common import (
DURATION,
DEFAULT_CONFIG,
)
from rollover.setup import (
configure_root,
configure_tld,
configure_straight2none,
)
def bootstrap():
data = {
"tlds": [],
"trust_anchors": [],
}
tlds = []
tld_name = "kasp"
delegations = configure_straight2none(tld_name)
tld = configure_tld(tld_name, delegations)
tlds.append(tld)
data["tlds"].append(tld_name)
ta = configure_root(tlds)
data["trust_anchors"].append(ta)
return data
@pytest.fixture(scope="module", autouse=True)

39
bin/tests/system/rollover/setup.py
View file

@ -1355,6 +1355,45 @@ def configure_going_insecure(tld: str, reconfig: bool = False) -> List[Zone]:
return zones
def configure_straight2none(tld: str) -> List[Zone]:
# These zones are going straight to "none" policy. This is undefined behavior.
zones = []
keygen = CmdHelper("KEYGEN", "-k default")
settime = CmdHelper("SETTIME", "-s")
TpubN = "now-10d"
TsbmN = "now-12955mi"
keytimes = f"-P {TpubN} -A {TpubN} -P sync {TsbmN}"
zonename = f"going-straight-to-none.{tld}"
zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
isctest.log.info(f"setup {zonename}")
# Key generation.
csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TpubN} -r OMNIPRESENT {TpubN} -z OMNIPRESENT {TpubN} -d OMNIPRESENT {TpubN} {csk_name}",
cwd="ns3",
)
# Signing.
render_and_sign_zone(zonename, [csk_name], extra_options="-z")
zonename = f"going-straight-to-none-dynamic.{tld}"
zones.append(
Zone(zonename, f"{zonename}.db.signed", Nameserver("ns3", "10.53.0.3"))
)
isctest.log.info(f"setup {zonename}")
# Key generation.
csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
settime(
f"-g OMNIPRESENT -k OMNIPRESENT {TpubN} -r OMNIPRESENT {TpubN} -z OMNIPRESENT {TpubN} -d OMNIPRESENT {TpubN} {csk_name}",
cwd="ns3",
)
# Signing.
render_and_sign_zone(zonename, [csk_name], extra_options="-z -O full")
return zones
def configure_ksk_doubleksk(tld: str) -> List[Zone]:
# The zones at ksk-doubleksk.$tld represent the various steps of a KSK
# Double-KSK rollover.