Add a CI job to merge tags back to the respective base branch in tag pipelines.
Backport of MR !11001
Merge branch 'backport-andoni/add-merge-tag-to-tag-pipeline-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11025
The nsX are utility fixtures which can be used instead of the servers
fixture, which requires longer syntax(i.e. servers["nsX"]).
---
This MR is basically backporting pytest utility fixtures which were introduced to newer branches in !10717. This is a minimal change which only aims to facilitate easier test backports to ~"v9.18" in the future, without changing any of the existing tests.
Merge branch 'nicki/pytest-nsX-fixtures-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11015
There's currently an issue with the shotgun workflow that's being
investigated. Until it's resolved, there's no point in creating the
shotgun jobs as they'll just fail.
Backport of MR !11005
Merge branch 'backport-nicki/ci-temporarily-disable-shotgun-jobs-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11009
There's currently an issue with the shotgun workflow that's being
investigated. Until it's resolved, there's no point in creating the
shotgun jobs as they'll just fail.
(cherry picked from commit 2669463b43)
Trigger selected CI jobs on MR automatically only if there are related
code changes. Otherwise, offer an option to run the jobs manually in
MRs. For other sources, like schedules, tags etc., execute the jobs as
usual.
Backport of MR !10987
Merge branch 'backport-nicki/ci-restrict-rules-changes-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10993
Trigger selected CI jobs on MR automatically only if there are related
code changes. Otherwise, offer an option to run the jobs manually in
MRs. For other sources, like schedules, tags etc., execute the jobs as
usual.
(cherry picked from commit 02c58d9baa)
Use .sh(.in) file extension consistently for shell scripts
to allow more reliable detection of shell scripts based on their file
extension.
(cherry picked from commit 2d690499dd)
When running with TSAN in CI, the test ocassionally fails on:
exceeded time limit waiting for literal 'keymgr: purgekeys.kasp done' in ns4/named.run
The line is actually present in the logs, but it take slightly longer
than 3 seconds to appear. Increase the wait_for_log timeout of the kasp test to 10
seconds to avoid such issues.
---
Example of failure: https://gitlab.isc.org/isc-projects/bind9/-/jobs/6176192
Merge branch 'nicki/kasp-shell-test-increase-log-timeout' into 'bind-9.18'
See merge request isc-projects/bind9!10976
When running with TSAN in CI, the test ocassionally fails on:
'exceeded time limit waiting for literal 'keymgr: purgekeys.kasp done'
in ns4/named.run'
The line is actually present in the logs, but it take slightly longer
than 3 seconds to appear. Increase the wait_for_log timeout of the kasp
test to 10 seconds to avoid such issues.
Sphinx's smartquotes feature was rewriting -- to en-dash, "" to proper
English quotes etc. This was messing up syntax at unpredictable places.
Disable this feature instead of attempting to escape all the places in
the manual.
(cherry picked from commit 66e58d3315)
The new order hopefully reflects likelihood of someone reading from start
to the end:
DNSSEC Guide
Manual Pages
General DNS Reference Information
Release Notes
Changelog
A Brief History of the DNS and BIND
(cherry picked from commit ed0db245be)
The RRSIGs for glue records were not being cached correctly for CD=1 queries. This has been fixed.
Closes#5502
Backport of MR !10938
Merge branch 'backport-5502-fix-missing-rrsig-with-cd-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10957
The code to test whether to store the RRSIGs on DNS_R_UNCHANGED
with CD=1 was failing because the comparison methods of the two
rdatatset instances were not compatible. Move the testing into
dns_db_addrdataset(), and request it by setting the DNS_ADD_EQUALOK
option. If the option is set and the old and new rrsets compare
as equal, dns_db_addrdataset() returns ISC_R_SUCCESS instead of
DNS_R_UNCHANGED.
(cherry picked from commit b954a1df43)
Update to REUSE Specification 3.2+ that uses REUSE.toml instead of DEP5
based specification.
Backport of MR !10945
Merge branch 'backport-ondrej/cover-reuse-dep5-to-toml-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10950
The randomized order of the records in the rrset is not uniform across
all permutations. Clarify this in the documentation.
Closes#5485
Backport of MR !10909
Merge branch 'backport-ondrej/clarify-rrset-order-random-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10936
The randomized order of the records in the rrset is not uniform across
all permutations. Clarify this in the documentation.
(cherry picked from commit 369c8dc388)
Closes#5444
Backport of MR !10795
Merge branch 'backport-5444-add-hhit-and-brid-records-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10933
When an IPv6 rpz prefix entry is entered incorrectly the log
message was just displaying the prefix rather than the full
entry. This has been corrected.
Closes#5491
Backport of MR !10890
Merge branch 'backport-5491-rpz-canonical-warning-displays-zone-entry-incorrectly-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10931
Do not insert a NUL into ip_str too early as the full value
is needed later. Only insert the NUL immediately before
displaying just the prefix string.
(cherry picked from commit 283da99f02)
Mark the :any:`tkey-domain` statement as deprecated since it is only
used by code implementing TKEY Mode 2 (Diffie-Hellman), which was
removed from newer BIND 9 branches.
See #4204
Merge branch '4204-deprecate-tkey-domain' into 'bind-9.18'
See merge request isc-projects/bind9!10783
Mark the "tkey-domain" statement as deprecated since it is only used by
code implementing TKEY Mode 2 (Diffie-Hellman), which was removed from
newer BIND 9 branches.
The :any:`tkey-gssapi-keytab` statement allows GSS-TSIG to be set up in
a simpler and more reliable way than using the
:any:`tkey-gssapi-credential` statement and setting environment
variables (e.g. ``KRB5_KTNAME``). Therefore, the
:any:`tkey-gssapi-credential` statement has been deprecated;
:any:`tkey-gssapi-keytab` should be used instead.
For configurations currently using a combination of both
:any:`tkey-gssapi-keytab` *and* :any:`tkey-gssapi-credential`, the
latter should be dropped and the keytab pointed to by
:any:`tkey-gssapi-keytab` should now only contain the credential
previously specified by :any:`tkey-gssapi-credential`.
See #4204
Backport of MR !10782
Merge branch 'backport-4204-deprecate-tkey-gssapi-credential-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10925
The "tkey-gssapi-keytab" statement enables GSS-TSIG to be set up in a
simpler and more reliable way than using the "tkey-gssapi-credential"
statement and setting environment variables (e.g. KRB5_KTNAME).
Mark the "tkey-gssapi-credential" statement as deprecated to eventually
only have one method for setting up GSS-TSIG in named. Do not mention
"tkey-gssapi-credential" in the section of the ARM on dynamic updates.
(cherry picked from commit 6de435c528)
Clang 20 was spuriously warning about the possibility of passing a NULL file pointer
to `fprintf()`, which uses the 'nonnull' attribute. To silence the warning, the functions
calling `fprintf()` have been marked with the same attribute to assure that NULL can't be
passed to them in the first place.
Close#5487
Backport of MR !10888
Merge branch 'backport-5487-mark-passed-file-pointer-as-nonnull-in-dnssec-signzone-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10914
Clang 20 is complaining about passing NULL to an argument with 'nonnull'
attribute. Mark these two functions with the same attribute to assure
that these two function also don't accept NULL as an argument.
(cherry picked from commit 9e350c1774)
Clarify that forwarding points to a resolver and stub to auths.
Add cross-links. Rewrite stub zone type description.
(cherry picked from commit e84b98a9fc)
Under certain circumstances, BIND 9 can return SERVFAIL when updating
existing entries in the cache with new NS, A, AAAA, or DS records with 0-TTL.
Closes#5294
Backport of MR !10897
Merge branch 'backport-5294-preserve-ZEROTTL-on-cache-update-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10899
Under certain circumstances, cache entries with equivalent rdataset
might not get replaced. Previously such entry would get preserved
regardless of the new TTL and expire time on the existing header would
get updated when the expire time was less than the expire time on the
existing header. Change the logic to preserve the existing header only
if the new expire time is larger than the existing one and replace the
existing cache entry when the new expire time is less than the existing
one.
Co-authored-by: Jinmei Tatuya <jtatuya@infoblox.com>
(cherry picked from commit 9f7ba584cf)
Previously, BIND 9 would drop the ZEROTTL attribute when updating
previously cached NS entry with ZEROTTL attribute set.
Co-authored-by: Jinmei Tatuya <jtatuya@infoblox.com>
(cherry picked from commit 982ca161c2)
Add and apply InsertBraces statement to add missing curly braces around one-line statements and use ControlStatementsExceptControlMacros for SpaceBeforeParens to remove space between foreach macro and the brace, e.g. `FOREACH (x) {` becomes `FOREACH(x) {`.
Backport of MR !10863
Merge branch 'backport-ondrej/update-clang-format-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!10865
