From 6feac68b5050e445b2e46b364ab7a0490e57ae52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 26 Apr 2021 07:16:38 +0200 Subject: [PATCH 1/2] Test "tkey-gssapi-credential" conditionally If "tkey-gssapi-credential" is set in the configuration and GSSAPI support is not available, named will refuse to start. As the test system framework does not support starting named instances conditionally, ensure that "tkey-gssapi-credential" is only present in named.conf if GSSAPI support is available. --- bin/tests/system/nsupdate/ns10/named.conf.in | 2 +- bin/tests/system/nsupdate/ns9/named.conf.in | 2 +- bin/tests/system/nsupdate/setup.sh | 19 +++++++++++++++++-- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/bin/tests/system/nsupdate/ns10/named.conf.in b/bin/tests/system/nsupdate/ns10/named.conf.in index 0e2fb06782..28fa5b5a29 100644 --- a/bin/tests/system/nsupdate/ns10/named.conf.in +++ b/bin/tests/system/nsupdate/ns10/named.conf.in @@ -20,7 +20,7 @@ options { recursion no; notify yes; minimal-responses no; - tkey-gssapi-credential "DNS/ns10.example.com@EXAMPLE.COM"; + @TKEY_CONFIGURATION@ }; key rndc_key { diff --git a/bin/tests/system/nsupdate/ns9/named.conf.in b/bin/tests/system/nsupdate/ns9/named.conf.in index f95ea4ed26..e80f6775af 100644 --- a/bin/tests/system/nsupdate/ns9/named.conf.in +++ b/bin/tests/system/nsupdate/ns9/named.conf.in @@ -20,7 +20,7 @@ options { recursion no; notify yes; minimal-responses no; - tkey-gssapi-credential "DNS/ns9.example.com@EXAMPLE.COM"; + @TKEY_CONFIGURATION@ }; key rndc_key { diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh index 6ef54ac1a3..be8c7f8adf 100644 --- a/bin/tests/system/nsupdate/setup.sh +++ b/bin/tests/system/nsupdate/setup.sh @@ -23,8 +23,23 @@ copy_setports ns5/named.conf.in ns5/named.conf copy_setports ns6/named.conf.in ns6/named.conf copy_setports ns7/named.conf.in ns7/named.conf copy_setports ns8/named.conf.in ns8/named.conf -copy_setports ns9/named.conf.in ns9/named.conf -copy_setports ns10/named.conf.in ns10/named.conf + +# If "tkey-gssapi-credential" is set in the configuration and GSSAPI support is +# not available, named will refuse to start. As the test system framework does +# not support starting named instances conditionally, ensure that +# "tkey-gssapi-credential" is only present in named.conf if GSSAPI support is +# available. +copy_setports ns9/named.conf.in ns9/named.conf.in.tkey +copy_setports ns10/named.conf.in ns10/named.conf.in.tkey +if $FEATURETEST --gssapi; then + sed 's|@TKEY_CONFIGURATION@|tkey-gssapi-credential "DNS/ns9.example.com@EXAMPLE.COM";|' ns9/named.conf.in.tkey > ns9/named.conf + sed 's|@TKEY_CONFIGURATION@|tkey-gssapi-credential "DNS/ns10.example.com@EXAMPLE.COM";|' ns10/named.conf.in.tkey > ns10/named.conf +else + sed 's|@TKEY_CONFIGURATION@||' ns9/named.conf.in.tkey > ns9/named.conf + sed 's|@TKEY_CONFIGURATION@||' ns10/named.conf.in.tkey > ns10/named.conf +fi +rm -f ns9/named.conf.in.tkey +rm -f ns10/named.conf.in.tkey copy_setports verylarge.in verylarge From a3957af864eeebd925ee18c10d305024d4d99fc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Mon, 26 Apr 2021 07:16:38 +0200 Subject: [PATCH 2/2] Test "--without-gssapi" in GitLab CI GitLab CI pipelines do not currently include a Linux job that would have GSSAPI support disabled. Add the "--without-gssapi" option to the ./configure invocation on Debian 9 to address that deficiency and also to continuously test that build-time switch. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 42e27fd229..1d87440cd9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -640,7 +640,7 @@ gcc:stretch:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -O2" - EXTRA_CONFIGURE: "--without-cmocka" + EXTRA_CONFIGURE: "--without-cmocka --without-gssapi" <<: *debian_stretch_amd64_image <<: *build_job