diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 23:51:28 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 23:51:28 +0000 |
commit | 754c7de1e91eeb28c6d3766900ead0c3e44fdb85 (patch) | |
tree | 51433c0e38731dc9ecd342555a56f876980b1834 /bin/tests/system/verify/tests.sh | |
parent | Adding debian version 1:9.16.44-1~deb11u1. (diff) | |
download | bind9-754c7de1e91eeb28c6d3766900ead0c3e44fdb85.tar.xz bind9-754c7de1e91eeb28c6d3766900ead0c3e44fdb85.zip |
Merging upstream version 1:9.16.48.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/tests/system/verify/tests.sh')
-rw-r--r-- | bin/tests/system/verify/tests.sh | 152 |
1 files changed, 75 insertions, 77 deletions
diff --git a/bin/tests/system/verify/tests.sh b/bin/tests/system/verify/tests.sh index cda891a..fb8cc40 100644 --- a/bin/tests/system/verify/tests.sh +++ b/bin/tests/system/verify/tests.sh @@ -13,99 +13,97 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh -failed () { - cat verify.out.$n | sed 's/^/D:/'; - echo_i "failed"; - status=1; +failed() { + cat verify.out.$n | sed 's/^/D:/' + echo_i "failed" + status=1 } n=0 status=0 -for file in zones/*.good -do - n=`expr $n + 1` - zone=`expr "$file" : 'zones/\(.*\).good'` - echo_i "checking supposedly good zone: $zone ($n)" - ret=0 - case $zone in - zsk-only.*) only=-z;; - ksk-only.*) only=-z;; - *) only=;; - esac - $VERIFY ${only} -o $zone $file > verify.out.$n 2>&1 || ret=1 - [ $ret = 0 ] || failed +for file in zones/*.good; do + n=$(expr $n + 1) + zone=$(expr "$file" : 'zones/\(.*\).good') + echo_i "checking supposedly good zone: $zone ($n)" + ret=0 + case $zone in + zsk-only.*) only=-z ;; + ksk-only.*) only=-z ;; + *) only= ;; + esac + $VERIFY ${only} -o $zone $file >verify.out.$n 2>&1 || ret=1 + [ $ret = 0 ] || failed done -for file in zones/*.bad -do - n=`expr $n + 1` - zone=`expr "$file" : 'zones/\(.*\).bad'` - echo_i "checking supposedly bad zone: $zone ($n)" - ret=0 - dumpit=0 - case $zone in - zsk-only.*) only=-z;; - ksk-only.*) only=-z;; - *) only=;; - esac - expect1= expect2= - case $zone in - *.dnskeyonly) - expect1="DNSKEY is not signed" - ;; - *.expired) - expect1="signature has expired" - expect2="No self-signed .*DNSKEY found" - ;; - *.ksk-expired) - expect1="signature has expired" - expect2="No self-signed .*DNSKEY found" - ;; - *.out-of-zone-nsec|*.below-bottom-of-zone-nsec|*.below-dname-nsec) - expect1="unexpected NSEC RRset at" - ;; - *.nsec.broken-chain) - expect1="Bad NSEC record for.*, next name mismatch" - ;; - *.bad-bitmap) - expect1="bit map mismatch" - ;; - *.missing-empty) - expect1="Missing NSEC3 record for"; - ;; - unsigned) - expect1="Zone contains no DNSSEC keys" - ;; - *.extra-nsec3) - expect1="Expected and found NSEC3 chains not equal"; - ;; - *) - dumpit=1 - ;; - esac - $VERIFY ${only} -o $zone $file > verify.out.$n 2>&1 && ret=1 - grep "${expect1:-.}" verify.out.$n > /dev/null || ret=1 - grep "${expect2:-.}" verify.out.$n > /dev/null || ret=1 - [ $ret = 0 ] || failed - [ $dumpit = 1 ] && cat verify.out.$n +for file in zones/*.bad; do + n=$(expr $n + 1) + zone=$(expr "$file" : 'zones/\(.*\).bad') + echo_i "checking supposedly bad zone: $zone ($n)" + ret=0 + dumpit=0 + case $zone in + zsk-only.*) only=-z ;; + ksk-only.*) only=-z ;; + *) only= ;; + esac + expect1= expect2= + case $zone in + *.dnskeyonly) + expect1="DNSKEY is not signed" + ;; + *.expired) + expect1="signature has expired" + expect2="No self-signed .*DNSKEY found" + ;; + *.ksk-expired) + expect1="signature has expired" + expect2="No self-signed .*DNSKEY found" + ;; + *.out-of-zone-nsec | *.below-bottom-of-zone-nsec | *.below-dname-nsec) + expect1="unexpected NSEC RRset at" + ;; + *.nsec.broken-chain) + expect1="Bad NSEC record for.*, next name mismatch" + ;; + *.bad-bitmap) + expect1="bit map mismatch" + ;; + *.missing-empty) + expect1="Missing NSEC3 record for" + ;; + unsigned) + expect1="Zone contains no DNSSEC keys" + ;; + *.extra-nsec3) + expect1="Expected and found NSEC3 chains not equal" + ;; + *) + dumpit=1 + ;; + esac + $VERIFY ${only} -o $zone $file >verify.out.$n 2>&1 && ret=1 + grep "${expect1:-.}" verify.out.$n >/dev/null || ret=1 + grep "${expect2:-.}" verify.out.$n >/dev/null || ret=1 + [ $ret = 0 ] || failed + [ $dumpit = 1 ] && cat verify.out.$n done -n=`expr $n + 1` +n=$(expr $n + 1) echo_i "checking error message when -o is not used and a SOA record not at top of zone is found ($n)" ret=0 # When -o is not used, origin is set to zone file name, which should cause an error in this case -$VERIFY zones/ksk+zsk.nsec.good > verify.out.$n 2>&1 && ret=1 -grep "not at top of zone" verify.out.$n > /dev/null || ret=1 -grep "use -o to specify a different zone origin" verify.out.$n > /dev/null || ret=1 +$VERIFY zones/ksk+zsk.nsec.good >verify.out.$n 2>&1 && ret=1 +grep "not at top of zone" verify.out.$n >/dev/null || ret=1 +grep "use -o to specify a different zone origin" verify.out.$n >/dev/null || ret=1 [ $ret = 0 ] || failed -n=`expr $n + 1` +n=$(expr $n + 1) echo_i "checking error message when an invalid -o is specified and a SOA record not at top of zone is found ($n)" ret=0 -$VERIFY -o invalid.origin zones/ksk+zsk.nsec.good > verify.out.$n 2>&1 && ret=1 -grep "not at top of zone" verify.out.$n > /dev/null || ret=1 -grep "use -o to specify a different zone origin" verify.out.$n > /dev/null && ret=1 +$VERIFY -o invalid.origin zones/ksk+zsk.nsec.good >verify.out.$n 2>&1 && ret=1 +grep "not at top of zone" verify.out.$n >/dev/null || ret=1 +grep "use -o to specify a different zone origin" verify.out.$n >/dev/null && ret=1 [ $ret = 0 ] || failed echo_i "exit status: $status" |