diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 23:51:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 23:51:29 +0000 |
commit | 113ad32e9cd2dcda12f12aa8a72d56b73ff4f4cc (patch) | |
tree | 76bbb508aac2452b17d73bcd162adc8cc7602e69 /bin/tests/system/mirror/ns2 | |
parent | Releasing progress-linux version 1:9.16.44-1~deb11u1progress6u1. (diff) | |
download | bind9-113ad32e9cd2dcda12f12aa8a72d56b73ff4f4cc.tar.xz bind9-113ad32e9cd2dcda12f12aa8a72d56b73ff4f4cc.zip |
Merging upstream version 1:9.16.48.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/tests/system/mirror/ns2')
-rw-r--r-- | bin/tests/system/mirror/ns2/sign.sh | 70 |
1 files changed, 35 insertions, 35 deletions
diff --git a/bin/tests/system/mirror/ns2/sign.sh b/bin/tests/system/mirror/ns2/sign.sh index 2c48f22..bb602fd 100644 --- a/bin/tests/system/mirror/ns2/sign.sh +++ b/bin/tests/system/mirror/ns2/sign.sh @@ -17,16 +17,16 @@ SYSTEMTESTTOP=../.. keys_to_trust="" for zonename in sub.example example initially-unavailable; do - zone=$zonename - infile=$zonename.db.in - zonefile=$zonename.db + zone=$zonename + infile=$zonename.db.in + zonefile=$zonename.db - keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -f KSK $zone 2> /dev/null) - keyname2=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2> /dev/null) + keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -f KSK $zone 2>/dev/null) + keyname2=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) - cat $infile $keyname1.key $keyname2.key > $zonefile + cat $infile $keyname1.key $keyname2.key >$zonefile - $SIGNER -P -g -o $zone $zonefile > /dev/null + $SIGNER -P -g -o $zone $zonefile >/dev/null done # Only add the key for "initially-unavailable" to the list of keys trusted by @@ -40,9 +40,9 @@ zone=verify-csk infile=verify.db.in zonefile=verify-csk.db -keyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2> /dev/null) -cat $infile $keyname.key > $zonefile -$SIGNER -P -o $zone $zonefile > /dev/null +keyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) +cat $infile $keyname.key >$zonefile +$SIGNER -P -o $zone $zonefile >/dev/null keys_to_trust="$keys_to_trust $keyname" # Prepare remaining zones used in the test. @@ -51,30 +51,30 @@ UPDATED_SERIAL_BAD=$((ORIGINAL_SERIAL + 1)) UPDATED_SERIAL_GOOD=$((ORIGINAL_SERIAL + 2)) for variant in addzone axfr ixfr load reconfig untrusted; do - zone=verify-$variant - infile=verify.db.in - zonefile=verify-$variant.db - - keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -f KSK $zone 2> /dev/null) - keyname2=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2> /dev/null) - - cat $infile $keyname1.key $keyname2.key > $zonefile - - # Prepare a properly signed version of the zone ("*.original.signed"). - $SIGNER -P -o $zone $zonefile > /dev/null - cp $zonefile.signed $zonefile.original.signed - # Prepare a version of the zone with a bogus SOA RRSIG ("*.bad.signed"). - sed "s/${ORIGINAL_SERIAL}/${UPDATED_SERIAL_BAD}/;" $zonefile.signed > $zonefile.bad.signed - # Prepare another properly signed version of the zone ("*.good.signed"). - sed "s/${ORIGINAL_SERIAL}/${UPDATED_SERIAL_GOOD}/;" $zonefile > $zonefile.good - $SIGNER -P -o $zone $zonefile.good > /dev/null - rm -f $zonefile.good - - # Except for the "verify-untrusted" zone, declare the KSK used for - # signing the zone to be a trust anchor for ns3. - if [ "$variant" != "untrusted" ]; then - keys_to_trust="$keys_to_trust $keyname1" - fi + zone=verify-$variant + infile=verify.db.in + zonefile=verify-$variant.db + + keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -f KSK $zone 2>/dev/null) + keyname2=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) + + cat $infile $keyname1.key $keyname2.key >$zonefile + + # Prepare a properly signed version of the zone ("*.original.signed"). + $SIGNER -P -o $zone $zonefile >/dev/null + cp $zonefile.signed $zonefile.original.signed + # Prepare a version of the zone with a bogus SOA RRSIG ("*.bad.signed"). + sed "s/${ORIGINAL_SERIAL}/${UPDATED_SERIAL_BAD}/;" $zonefile.signed >$zonefile.bad.signed + # Prepare another properly signed version of the zone ("*.good.signed"). + sed "s/${ORIGINAL_SERIAL}/${UPDATED_SERIAL_GOOD}/;" $zonefile >$zonefile.good + $SIGNER -P -o $zone $zonefile.good >/dev/null + rm -f $zonefile.good + + # Except for the "verify-untrusted" zone, declare the KSK used for + # signing the zone to be a trust anchor for ns3. + if [ "$variant" != "untrusted" ]; then + keys_to_trust="$keys_to_trust $keyname1" + fi done -keyfile_to_static_ds $keys_to_trust > trusted-mirror.conf +keyfile_to_static_ds $keys_to_trust >trusted-mirror.conf |