mirror of
https://github.com/isc-projects/bind9.git
synced 2026-03-18 08:32:17 -04:00
6ad794a8cd
Include MD5 feature detection in featuretest tool and use it in some places. When RHEL distribution or Fedora ELN is in FIPS mode, then MD5 algorithm is unavailable completely and even hmac-md5 algorithm usage will always fail. Work that around by checking MD5 works and if not, skipping its usage. Those changes were dragged as downstream patch bind-9.11-fips-tests.patch in Fedora and RHEL.
65 lines
2.1 KiB
Bash
65 lines
2.1 KiB
Bash
#!/bin/sh
|
|
|
|
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
. ../conf.sh
|
|
|
|
$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns2/nil.db
|
|
$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns2/other.db
|
|
$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns2/static.db
|
|
|
|
$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns4/example.db
|
|
|
|
$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns6/huge.zone.db
|
|
|
|
cp ns7/test.db.in ns7/test.db
|
|
cp ns7/include.db.in ns7/include.db
|
|
|
|
# we make the huge zone less huge if we're running under
|
|
# TSAN, to give the test a fighting chance not to time out.
|
|
size=1000000
|
|
if $FEATURETEST --tsan; then
|
|
size=250000
|
|
fi
|
|
awk 'END { for (i = 1; i <= '${size}'; i++)
|
|
printf "host%d IN A 10.53.0.6\n", i; }' < /dev/null >> ns6/huge.zone.db
|
|
|
|
copy_setports ns2/named.conf.in ns2/named.conf
|
|
copy_setports ns2/secondkey.conf.in ns2/secondkey.conf
|
|
copy_setports ns3/named.conf.in ns3/named.conf
|
|
copy_setports ns4/named.conf.in ns4/named.conf
|
|
copy_setports ns5/named.conf.in ns5/named.conf
|
|
copy_setports ns6/named.conf.in ns6/named.conf
|
|
copy_setports ns7/named.conf.in ns7/named.conf
|
|
|
|
make_key () {
|
|
$RNDCCONFGEN -k key$1 -A $3 -s 10.53.0.4 -p $2 \
|
|
> ns4/key${1}.conf 2> /dev/null
|
|
grep -E -v '(^# Start|^# End|^# Use|^[^#])' ns4/key$1.conf | cut -c3- | \
|
|
sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
|
|
}
|
|
|
|
$FEATURETEST --md5 && make_key 1 ${EXTRAPORT1} hmac-md5
|
|
make_key 2 ${EXTRAPORT2} hmac-sha1
|
|
make_key 3 ${EXTRAPORT3} hmac-sha224
|
|
make_key 4 ${EXTRAPORT4} hmac-sha256
|
|
make_key 5 ${EXTRAPORT5} hmac-sha384
|
|
make_key 6 ${EXTRAPORT6} hmac-sha512
|
|
|
|
cat >> ns4/named.conf <<- EOF
|
|
|
|
controls {
|
|
inet 10.53.0.4 port ${EXTRAPORT7}
|
|
allow { any; } keys { "key1"; "key2"; "key3";
|
|
"key4"; "key5"; "key6"; };
|
|
};
|
|
EOF
|