Merging upstream version 1:9.16.48.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-27 23:51:28 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-27 23:51:28 +0000
commit: 754c7de1e91eeb28c6d3766900ead0c3e44fdb85 (patch)
tree: 51433c0e38731dc9ecd342555a56f876980b1834 /bin/tests/system/autosign/ns3
parent: Adding debian version 1:9.16.44-1~deb11u1. (diff)
download: bind9-754c7de1e91eeb28c6d3766900ead0c3e44fdb85.tar.xz
bind9-754c7de1e91eeb28c6d3766900ead0c3e44fdb85.zip
2 files changed, 148 insertions, 147 deletions
diff --git a/bin/tests/system/autosign/ns3/keygen.sh b/bin/tests/system/autosign/ns3/keygen.sh
index 53547d3..ef0bb23 100644
--- a/bin/tests/system/autosign/ns3/keygen.sh
+++ b/bin/tests/system/autosign/ns3/keygen.sh
@@ -16,43 +16,43 @@ SYSTEMTESTTOP=../..
 
 SYSTESTDIR=autosign
 
-dumpit () {
-	echo_d "${debug}: dumping ${1}"
-	cat "${1}" | cat_d
+dumpit() {
+  echo_d "${debug}: dumping ${1}"
+  cat "${1}" | cat_d
 }
 
-setup () {
-	echo_i "setting up zone: $1"
-	debug="$1"
-	zone="$1"
-	zonefile="${zone}.db"
-	infile="${zonefile}.in"
-	n=$((${n:-0} + 1))
+setup() {
+  echo_i "setting up zone: $1"
+  debug="$1"
+  zone="$1"
+  zonefile="${zone}.db"
+  infile="${zonefile}.in"
+  n=$((${n:-0} + 1))
 }
 
 setup secure.example
 cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 #  NSEC3/NSEC test zone
 #
 setup secure.nsec3.example
 cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 #  NSEC3/NSEC3 test zone
 #
 setup nsec3.nsec3.example
 cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 #  Jitter/NSEC3 test zone
@@ -60,10 +60,9 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 setup jitter.nsec3.example
 cp $infile $zonefile
 count=1
-while [ $count -le 1000 ]
-do
-    echo "label${count} IN TXT label${count}" >> $zonefile
-    count=$((count + 1))
+while [ $count -le 1000 ]; do
+  echo "label${count} IN TXT label${count}" >>$zonefile
+  count=$((count + 1))
 done
 # Don't create keys just yet, because the scenario we want to test
 # is an unsigned zone that has a NSEC3PARAM record added with
@@ -74,98 +73,100 @@ done
 #
 setup optout.nsec3.example
 cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # A nsec3 zone (non-optout).
 #
 setup nsec3.example
-cat $infile dsset-*.${zone}$TP > $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+cat $infile dsset-*.${zone}$TP >$zonefile
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # An NSEC3 zone, with NSEC3 parameters set prior to signing
 #
 setup autonsec3.example
-cat $infile > $zonefile
-ksk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-echo $ksk > ../autoksk.key
-zsk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 $zone 2> kg.out) || dumpit kg.out
-echo $zsk > ../autozsk.key
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+cat $infile >$zonefile
+ksk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+echo $ksk >../autoksk.key
+zsk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 $zone 2>kg.out) || dumpit kg.out
+echo $zsk >../autozsk.key
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 #  OPTOUT/NSEC test zone
 #
 setup secure.optout.example
 cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 #  OPTOUT/NSEC3 test zone
 #
 setup nsec3.optout.example
 cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 #  OPTOUT/OPTOUT test zone
 #
 setup optout.optout.example
 cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # A optout nsec3 zone.
 #
 setup optout.example
-cat $infile dsset-*.${zone}$TP > $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+cat $infile dsset-*.${zone}$TP >$zonefile
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # A RSASHA256 zone.
 #
 setup rsasha256.example
 cp $infile $zonefile
-ksk=$($KEYGEN -q -a RSASHA256 -b 2048 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a RSASHA256 -b 2048 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a RSASHA256 -b 2048 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a RSASHA256 -b 2048 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # A RSASHA512 zone.
 #
 setup rsasha512.example
 cp $infile $zonefile
-ksk=$($KEYGEN -q -a RSASHA512 -b 2048 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a RSASHA512 -b 2048 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a RSASHA512 -b 2048 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a RSASHA512 -b 2048 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # NSEC-only zone. A zone using NSEC-only DNSSEC algorithms.
 # None of these algorithms are supported for signing in FIPS mode
 # as they are MD5 and SHA1 based.
 #
-if (cd ..; SYSTEMTESTTOP=.. $SHELL ../testcrypto.sh -q RSASHA1)
-then
-    setup nsec-only.example
-    cp $infile $zonefile
-    ksk=$($KEYGEN -q -a RSASHA1 -fk $zone 2> kg.out) || dumpit kg.out
-    $KEYGEN -q -a RSASHA1 $zone > kg.out 2>&1 || dumpit kg.out
-    $DSFROMKEY $ksk.key > dsset-${zone}$TP
+if (
+  cd ..
+  SYSTEMTESTTOP=.. $SHELL ../testcrypto.sh -q RSASHA1
+); then
+  setup nsec-only.example
+  cp $infile $zonefile
+  ksk=$($KEYGEN -q -a RSASHA1 -fk $zone 2>kg.out) || dumpit kg.out
+  $KEYGEN -q -a RSASHA1 $zone >kg.out 2>&1 || dumpit kg.out
+  $DSFROMKEY $ksk.key >dsset-${zone}$TP
 else
-    echo_i "skip: nsec-only.example - signing with RSASHA1 not supported"
+  echo_i "skip: nsec-only.example - signing with RSASHA1 not supported"
 fi
 
 #
@@ -175,52 +176,51 @@ fi
 setup oldsigs.example
 cp $infile $zonefile
 count=1
-while [ $count -le 1000 ]
-do
-    echo "label${count} IN TXT label${count}" >> $zonefile
-    count=$((count + 1))
+while [ $count -le 1000 ]; do
+  echo "label${count} IN TXT label${count}" >>$zonefile
+  count=$((count + 1))
 done
-$KEYGEN -q -a $DEFAULT_ALGORITHM -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM $zone > kg.out 2>&1 || dumpit kg.out
-$SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile.signed $zonefile > s.out || dumpit s.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM $zone >kg.out 2>&1 || dumpit kg.out
+$SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile.signed $zonefile >s.out || dumpit s.out
 mv $zonefile.signed $zonefile
 
 #
 # NSEC3->NSEC transition test zone.
 #
 setup nsec3-to-nsec.example
-$KEYGEN -q -a $DEFAULT_ALGORITHM -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM $zone > kg.out 2>&1 || dumpit kg.out
-$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > s.out || dumpit s.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM $zone >kg.out 2>&1 || dumpit kg.out
+$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile >s.out || dumpit s.out
 
 #
 # secure-to-insecure transition test zone; used to test removal of
 # keys via nsupdate
 #
 setup secure-to-insecure.example
-$KEYGEN -a $DEFAULT_ALGORITHM -q -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -q $zone > kg.out 2>&1 || dumpit kg.out
-$SIGNER -S -o $zone -f $zonefile $infile > s.out || dumpit s.out
+$KEYGEN -a $DEFAULT_ALGORITHM -q -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -q $zone >kg.out 2>&1 || dumpit kg.out
+$SIGNER -S -o $zone -f $zonefile $infile >s.out || dumpit s.out
 
 #
 # another secure-to-insecure transition test zone; used to test
 # removal of keys on schedule.
 #
 setup secure-to-insecure2.example
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-echo $ksk > ../del1.key
-zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2> kg.out) || dumpit kg.out
-echo $zsk > ../del2.key
-$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out || dumpit s.out
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+echo $ksk >../del1.key
+zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2>kg.out) || dumpit kg.out
+echo $zsk >../del2.key
+$SIGNER -S -3 beef -o $zone -f $zonefile $infile >s.out || dumpit s.out
 
 #
 # Introducing a pre-published key test.
 #
 setup prepub.example
 infile="secure-to-insecure2.example.db.in"
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out || dumpit s.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$SIGNER -S -3 beef -o $zone -f $zonefile $infile >s.out || dumpit s.out
 
 #
 # Key TTL tests.
@@ -228,46 +228,46 @@ $SIGNER -S -3 beef -o $zone -f $zonefile $infile > s.out || dumpit s.out
 
 # no default key TTL; DNSKEY should get SOA TTL
 setup ttl1.example
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
 cp $infile $zonefile
 
 # default key TTL should be used
 setup ttl2.example
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -L 60 $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 60 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -L 60 $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 60 $zone >kg.out 2>&1 || dumpit kg.out
 cp $infile $zonefile
 
 # mismatched key TTLs, should use shortest
 setup ttl3.example
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -L 30 $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 60 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -L 30 $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 60 $zone >kg.out 2>&1 || dumpit kg.out
 cp $infile $zonefile
 
 # existing DNSKEY RRset, should retain TTL
 setup ttl4.example
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 30 -fk $zone > kg.out 2>&1 || dumpit kg.out
-cat ${infile} K${zone}.+*.key > $zonefile
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 180 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 30 -fk $zone >kg.out 2>&1 || dumpit kg.out
+cat ${infile} K${zone}.+*.key >$zonefile
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -L 180 $zone >kg.out 2>&1 || dumpit kg.out
 
 #
 # A zone with a DNSKEY RRset that is published before it's activated
 #
 setup delay.example
-ksk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-echo $ksk > ../delayksk.key
-zsk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 $zone 2> kg.out) || dumpit kg.out
-echo $zsk > ../delayzsk.key
+ksk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+echo $ksk >../delayksk.key
+zsk=$($KEYGEN -G -q -a $DEFAULT_ALGORITHM -3 $zone 2>kg.out) || dumpit kg.out
+echo $zsk >../delayzsk.key
 
 #
 # A zone with signatures that are already expired, and the private KSK
 # is missing.
 #
 setup noksk.example
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2> kg.out) || dumpit kg.out
-$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out || dumpit s.out
-echo $ksk > ../noksk-ksk.key
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2>kg.out) || dumpit kg.out
+$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in >s.out || dumpit s.out
+echo $ksk >../noksk-ksk.key
 rm -f ${ksk}.private
 
 #
@@ -275,11 +275,11 @@ rm -f ${ksk}.private
 # is missing.
 #
 setup nozsk.example
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2> kg.out) || dumpit kg.out
-$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out || dumpit s.out
-echo $ksk > ../nozsk-ksk.key
-echo $zsk > ../nozsk-zsk.key
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2>kg.out) || dumpit kg.out
+$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in >s.out || dumpit s.out
+echo $ksk >../nozsk-ksk.key
+echo $zsk >../nozsk-zsk.key
 rm -f ${zsk}.private
 
 #
@@ -287,77 +287,77 @@ rm -f ${zsk}.private
 # is inactive.
 #
 setup inaczsk.example
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2> kg.out) || dumpit kg.out
-$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in > s.out || dumpit s.out
-echo $ksk > ../inaczsk-ksk.key
-echo $zsk > ../inaczsk-zsk.key
-$SETTIME -I now $zsk > st.out 2>&1 || dumpit st.out
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+zsk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone 2>kg.out) || dumpit kg.out
+$SIGNER -S -P -s now-1mo -e now-1mi -o $zone -f $zonefile ${zonefile}.in >s.out || dumpit s.out
+echo $ksk >../inaczsk-ksk.key
+echo $zsk >../inaczsk-zsk.key
+$SETTIME -I now $zsk >st.out 2>&1 || dumpit st.out
 
 #
 # A zone that is set to 'auto-dnssec maintain' during a reconfig
 #
 setup reconf.example
 cp secure.example.db.in $zonefile
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
 
 #
 # A zone which generates CDS and CDNSEY RRsets automatically
 #
 setup sync.example
 cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -P sync now $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
-echo ns3/$ksk > ../sync.key
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -P sync now $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
+echo ns3/$ksk >../sync.key
 
 #
 # A zone that generates CDS and CDNSKEY and uses dnssec-dnskey-kskonly
 #
 setup kskonly.example
 cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -P sync now $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk -P sync now $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # A zone that has a published inactive key that is autosigned.
 #
 setup inacksk2.example
 cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -Pnow -A now+3600 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -Pnow -A now+3600 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # A zone that has a published inactive key that is autosigned.
 #
 setup inaczsk2.example
 cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -P now -A now+3600 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -P now -A now+3600 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # A zone that starts with a active KSK + ZSK and a inactive ZSK.
 #
 setup inacksk3.example
 cp $infile $zonefile
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -P now -A now+3600 -fk $zone > kg.out 2>&1 || dumpit kg.out
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -P now -A now+3600 -fk $zone >kg.out 2>&1 || dumpit kg.out
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # A zone that starts with a active KSK + ZSK and a inactive ZSK.
 #
 setup inaczsk3.example
 cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -P now -A now+3600 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q -P now -A now+3600 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # A zone that starts with an active KSK + ZSK and an inactive ZSK, with the
@@ -365,28 +365,28 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup delzsk.example
 cp $infile $zonefile
-ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone > kg.out 2>&1 || dumpit kg.out
+ksk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -a $DEFAULT_ALGORITHM -3 -q $zone >kg.out 2>&1 || dumpit kg.out
 zsk=$($KEYGEN -a $DEFAULT_ALGORITHM -3 -q -I now-1w $zone 2>kg.out) || dumpit kg.out
-echo $zsk > ../delzsk.key
+echo $zsk >../delzsk.key
 
 #
 # Check that NSEC3 are correctly signed and returned from below a DNAME
 #
 setup dname-at-apex-nsec3.example
 cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # Check that dynamically added CDS (DELETE) is kept in the zone after signing.
 #
 setup cds-delete.example
 cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
 
 #
 # Check that dynamically added CDNSKEY (DELETE) is kept in the zone after
@@ -394,6 +394,6 @@ $DSFROMKEY $ksk.key > dsset-${zone}$TP
 #
 setup cdnskey-delete.example
 cp $infile $zonefile
-ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2> kg.out) || dumpit kg.out
-$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone > kg.out 2>&1 || dumpit kg.out
-$DSFROMKEY $ksk.key > dsset-${zone}$TP
+ksk=$($KEYGEN -q -a $DEFAULT_ALGORITHM -3 -fk $zone 2>kg.out) || dumpit kg.out
+$KEYGEN -q -a $DEFAULT_ALGORITHM -3 $zone >kg.out 2>&1 || dumpit kg.out
+$DSFROMKEY $ksk.key >dsset-${zone}$TP
diff --git a/bin/tests/system/autosign/ns3/named.conf.in b/bin/tests/system/autosign/ns3/named.conf.in
index a1f1f0d..65d18c6 100644
--- a/bin/tests/system/autosign/ns3/named.conf.in
+++ b/bin/tests/system/autosign/ns3/named.conf.in
@@ -167,6 +167,7 @@ zone "nsec3-to-nsec.example" {
 	type primary;
 	file "nsec3-to-nsec.example.db";
 	allow-update { any; };
+	max-journal-size 10M;
 	auto-dnssec maintain;
 };
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-27 23:51:28 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-27 23:51:28 +0000
commit	754c7de1e91eeb28c6d3766900ead0c3e44fdb85 (patch)
tree	51433c0e38731dc9ecd342555a56f876980b1834 /bin/tests/system/autosign/ns3
parent	Adding debian version 1:9.16.44-1~deb11u1. (diff)
download	bind9-754c7de1e91eeb28c6d3766900ead0c3e44fdb85.tar.xz bind9-754c7de1e91eeb28c6d3766900ead0c3e44fdb85.zip