diff --git a/REUSE.toml b/REUSE.toml index fc576197ed..5712308670 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -91,7 +91,7 @@ path = [ "bin/tests/system/nsupdate/CA/index.txt.attr", "bin/tests/system/nsupdate/CA/serial", "bin/tests/system/nsupdate/commandlist", - "bin/tests/system/nsupdate/verylarge.in", + "bin/tests/system/nsupdate/verylarge.j2", "bin/tests/system/org.isc.bind.system.plist", "bin/tests/system/pipelined/input", "bin/tests/system/pipelined/inputb", diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.j2 similarity index 91% rename from bin/tests/system/nsupdate/ns1/named.conf.in rename to bin/tests/system/nsupdate/ns1/named.conf.j2 index 7b5194f70d..20a6019cd5 100644 --- a/bin/tests/system/nsupdate/ns1/named.conf.in +++ b/bin/tests/system/nsupdate/ns1/named.conf.j2 @@ -11,7 +11,9 @@ * information regarding copyright ownership. */ +{% if FEATURE_FIPS_DH == "1" %} include "tls.conf"; +{% endif %} options { query-source address 10.53.0.1; @@ -27,7 +29,15 @@ options { minimal-responses no; update-quota 1; dnssec-validation no; - include "tls.options"; + +{% if FEATURE_FIPS_DH == "1" %} + tls-port @TLSPORT@; + listen-on tls ephemeral { 10.53.0.1; }; + listen-on port @EXTRAPORT1@ tls tls-forward-secrecy { 10.53.0.1; }; + listen-on port @EXTRAPORT2@ tls tls-forward-secrecy-mutual-tls { 10.53.0.1; }; + listen-on port @EXTRAPORT3@ tls tls-expired { 10.53.0.1; }; +{% endif %} + }; acl named-acl { diff --git a/bin/tests/system/nsupdate/ns1/tls.conf.in b/bin/tests/system/nsupdate/ns1/tls.conf.j2 similarity index 100% rename from bin/tests/system/nsupdate/ns1/tls.conf.in rename to bin/tests/system/nsupdate/ns1/tls.conf.j2 diff --git a/bin/tests/system/nsupdate/ns1/tls.options.in b/bin/tests/system/nsupdate/ns1/tls.options.in deleted file mode 100644 index 52f514b5f4..0000000000 --- a/bin/tests/system/nsupdate/ns1/tls.options.in +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * SPDX-License-Identifier: MPL-2.0 - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -tls-port @TLSPORT@; -listen-on tls ephemeral { 10.53.0.1; }; -listen-on port @EXTRAPORT1@ tls tls-forward-secrecy { 10.53.0.1; }; -listen-on port @EXTRAPORT2@ tls tls-forward-secrecy-mutual-tls { 10.53.0.1; }; -listen-on port @EXTRAPORT3@ tls tls-expired { 10.53.0.1; }; diff --git a/bin/tests/system/nsupdate/ns10/named.conf.in b/bin/tests/system/nsupdate/ns10/named.conf.j2 similarity index 91% rename from bin/tests/system/nsupdate/ns10/named.conf.in rename to bin/tests/system/nsupdate/ns10/named.conf.j2 index 51a0b4f587..314a413b09 100644 --- a/bin/tests/system/nsupdate/ns10/named.conf.in +++ b/bin/tests/system/nsupdate/ns10/named.conf.j2 @@ -26,7 +26,13 @@ options { notify yes; minimal-responses no; dnssec-validation no; - @TKEY_CONFIGURATION@ + +{% if FEATURE_GSSAPI == "1" %} +{% raw %} + tkey-gssapi-credential "DNS/ns10.example.com@EXAMPLE.COM"; +{% endraw %} +{% endif %} + }; key rndc_key { diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.j2 similarity index 100% rename from bin/tests/system/nsupdate/ns2/named.conf.in rename to bin/tests/system/nsupdate/ns2/named.conf.j2 diff --git a/bin/tests/system/nsupdate/ns3/named.conf.in b/bin/tests/system/nsupdate/ns3/named.conf.j2 similarity index 100% rename from bin/tests/system/nsupdate/ns3/named.conf.in rename to bin/tests/system/nsupdate/ns3/named.conf.j2 diff --git a/bin/tests/system/nsupdate/ns5/named.conf.in b/bin/tests/system/nsupdate/ns5/named.conf.j2 similarity index 100% rename from bin/tests/system/nsupdate/ns5/named.conf.in rename to bin/tests/system/nsupdate/ns5/named.conf.j2 diff --git a/bin/tests/system/nsupdate/ns6/named.conf.in b/bin/tests/system/nsupdate/ns6/named.conf.j2 similarity index 100% rename from bin/tests/system/nsupdate/ns6/named.conf.in rename to bin/tests/system/nsupdate/ns6/named.conf.j2 diff --git a/bin/tests/system/nsupdate/ns7/named1.conf.in b/bin/tests/system/nsupdate/ns7/named.conf.j2 similarity index 100% rename from bin/tests/system/nsupdate/ns7/named1.conf.in rename to bin/tests/system/nsupdate/ns7/named.conf.j2 diff --git a/bin/tests/system/nsupdate/ns7/named2.conf.in b/bin/tests/system/nsupdate/ns7/named2.conf.j2 similarity index 100% rename from bin/tests/system/nsupdate/ns7/named2.conf.in rename to bin/tests/system/nsupdate/ns7/named2.conf.j2 diff --git a/bin/tests/system/nsupdate/ns8/named.conf.in b/bin/tests/system/nsupdate/ns8/named.conf.j2 similarity index 100% rename from bin/tests/system/nsupdate/ns8/named.conf.in rename to bin/tests/system/nsupdate/ns8/named.conf.j2 diff --git a/bin/tests/system/nsupdate/ns9/named.conf.in b/bin/tests/system/nsupdate/ns9/named.conf.j2 similarity index 91% rename from bin/tests/system/nsupdate/ns9/named.conf.in rename to bin/tests/system/nsupdate/ns9/named.conf.j2 index 07e38d2d41..271de2d5c4 100644 --- a/bin/tests/system/nsupdate/ns9/named.conf.in +++ b/bin/tests/system/nsupdate/ns9/named.conf.j2 @@ -24,7 +24,13 @@ options { notify yes; minimal-responses no; dnssec-validation no; - @TKEY_CONFIGURATION@ + +{% if FEATURE_GSSAPI == "1" %} +{% raw %} + tkey-gssapi-credential "DNS/ns9.example.com@EXAMPLE.COM"; +{% endraw %} +{% endif %} + }; key rndc_key { diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh index 38942ba297..299330773a 100644 --- a/bin/tests/system/nsupdate/setup.sh +++ b/bin/tests/system/nsupdate/setup.sh @@ -13,40 +13,6 @@ . ../conf.sh -if $FEATURETEST --have-fips-dh; then - copy_setports ns1/tls.conf.in ns1/tls.conf - copy_setports ns1/tls.options.in ns1/tls.options -else - : >ns1/tls.conf - : >ns1/tls.options -fi -copy_setports ns1/named.conf.in ns1/named.conf -copy_setports ns2/named.conf.in ns2/named.conf -copy_setports ns3/named.conf.in ns3/named.conf -copy_setports ns5/named.conf.in ns5/named.conf -copy_setports ns6/named.conf.in ns6/named.conf -copy_setports ns7/named1.conf.in ns7/named.conf -copy_setports ns8/named.conf.in ns8/named.conf - -# If "tkey-gssapi-credential" is set in the configuration and GSSAPI support is -# not available, named will refuse to start. As the test system framework does -# not support starting named instances conditionally, ensure that -# "tkey-gssapi-credential" is only present in named.conf if GSSAPI support is -# available. -copy_setports ns9/named.conf.in ns9/named.conf.in.tkey -copy_setports ns10/named.conf.in ns10/named.conf.in.tkey -if $FEATURETEST --gssapi; then - sed 's|@TKEY_CONFIGURATION@|tkey-gssapi-credential "DNS/ns9.example.com@EXAMPLE.COM";|' ns9/named.conf.in.tkey >ns9/named.conf - sed 's|@TKEY_CONFIGURATION@|tkey-gssapi-credential "DNS/ns10.example.com@EXAMPLE.COM";|' ns10/named.conf.in.tkey >ns10/named.conf -else - sed 's|@TKEY_CONFIGURATION@||' ns9/named.conf.in.tkey >ns9/named.conf - sed 's|@TKEY_CONFIGURATION@||' ns10/named.conf.in.tkey >ns10/named.conf -fi -rm -f ns9/named.conf.in.tkey -rm -f ns10/named.conf.in.tkey - -copy_setports verylarge.in verylarge - cp -f ns1/example1.db ns1/example.db sed 's/example.nil/other.nil/g' ns1/example1.db >ns1/other.db sed 's/example.nil/unixtime.nil/g' ns1/example1.db >ns1/unixtime.db diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index 2e6f8c823a..7afe114677 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -2179,7 +2179,7 @@ EOF status=1 } - copy_setports ns7/named2.conf.in ns7/named.conf + cp ns7/named2.conf ns7/named.conf rndc_reload ns7 10.53.0.7 n=$((n + 1)) diff --git a/bin/tests/system/nsupdate/verylarge.in b/bin/tests/system/nsupdate/verylarge.j2 similarity index 100% rename from bin/tests/system/nsupdate/verylarge.in rename to bin/tests/system/nsupdate/verylarge.j2