upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-10 23:00:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Handle non-zero return codes in kasp test

Browse source 
(cherry picked from commit ede8ea889b)
This commit is contained in:
Tom Krizek 2023-06-22 17:57:10 +02:00
parent b7ef365cff
commit e302ee1cc7
No known key found for this signature in database
GPG key ID: 01623B9B652A20A7
2 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
bin/tests/system/kasp.sh
View file

@ -242,6 +242,8 @@ set_keyrole() {
test "$2" = "csk" && key_set "$1" "KSK" "yes"
test "$2" = "csk" && key_set "$1" "ZSK" "yes"
test "$2" = "csk" && key_set "$1" "FLAGS" "257"
return 0
}
set_keylifetime() {
key_set "$1" "EXPECT" "yes"
@ -379,7 +381,7 @@ check_key() {
[ -s "$STATE_FILE" ] || ret=1
fi
[ "$ret" -eq 0 ] || _log_error "${BASE_FILE} files missing"
[ "$ret" -eq 0 ] || return
[ "$ret" -eq 0 ] || return 0
# Retrieve creation date.
grep "; Created:" "$KEY_FILE" > "${ZONE}.${KEY_ID}.${_alg_num}.created" || _log_error "mismatch created comment in $KEY_FILE"
@ -454,6 +456,8 @@ check_key() {
grep "DSChange: " "$STATE_FILE" > /dev/null || _log_error "mismatch ds change in $STATE_FILE"
fi
fi
return 0
}
# Check the key timing metadata for key $1.
@ -656,7 +660,7 @@ key_unused() {
[ -s "$KEY_FILE" ] || ret=1
[ -s "$PRIVATE_FILE" ] || ret=1
[ -s "$STATE_FILE" ] || ret=1
[ "$ret" -eq 0 ] || return
[ "$ret" -eq 0 ] || return 0
# Treat keys that have been removed from the zone as unused.
_check_removed=1
@ -686,6 +690,8 @@ key_unused() {
grep "Retired: " "$STATE_FILE" > /dev/null && _log_error "unexpected retired in $STATE_FILE"
grep "Revoked: " "$STATE_FILE" > /dev/null && _log_error "unexpected revoked in $STATE_FILE"
grep "Removed: " "$STATE_FILE" > /dev/null && _log_error "unexpected removed in $STATE_FILE"
return 0
}
# Test: dnssec-verify zone $1.

2
bin/tests/system/kasp/tests.sh
View file

@ -2166,7 +2166,7 @@ dnssec_verify
n=$((n+1))
echo_i "check that rndc dnssec -rollover fails if key is inactive ($n)"
ret=0
rndccmd "$SERVER" dnssec -rollover -key $(key_get KEY4 ID) "$ZONE" > rndc.dnssec.rollover.out.$ZONE.$n
rndccmd "$SERVER" dnssec -rollover -key $(key_get KEY4 ID) "$ZONE" > rndc.dnssec.rollover.out.$ZONE.$n || ret=1
grep "key is not actively signing" rndc.dnssec.rollover.out.$ZONE.$n > /dev/null || log_error "bad error message"
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))