summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/conf.sh.common
diff options
context:
space:
mode:
Diffstat (limited to 'bin/tests/system/conf.sh.common')
-rw-r--r--bin/tests/system/conf.sh.common744
1 files changed, 744 insertions, 0 deletions
diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common
new file mode 100644
index 0000000..e87acca
--- /dev/null
+++ b/bin/tests/system/conf.sh.common
@@ -0,0 +1,744 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+testsock6() {
+ if test -n "$PERL" && $PERL -e "use IO::Socket::INET6;" 2> /dev/null
+ then
+ $PERL "$TOP/bin/tests/system/testsock6.pl" "$@"
+ else
+ false
+ fi
+}
+
+export LANG=C
+
+. ${TOP}/version
+
+#
+# Common lists of system tests to run.
+#
+# The following tests are hard-coded to use ports 5300 and 9953. For
+# this reason, these must be run sequentially.
+#
+# Sequential tests that only run on unix/linux should be added to
+# SEQUENTIAL_UNIX in conf.sh.in; those that only run on windows should
+# be added to SEQUENTIAL_WINDOWS in conf.sh.win32.
+#
+SEQUENTIAL_COMMON="ecdsa eddsa tkey"
+
+#
+# These tests can use ports assigned by the caller (other than 5300
+# and 9953). Because separate blocks of ports can be used for teach
+# test, these tests can be run in parallel.
+#
+# Parallel tests that only run on unix/linux should be added to
+# PARALLEL_UNIX in conf.sh.in; those that only run on windows should
+# be added to PARALLEL_WINDOWS in conf.sh.win32.
+#
+# Note: some of the longer-running tests such as serve-stale and
+# rpzrecurse are scheduled first, in order to get more benefit from
+# parallelism.
+#
+PARALLEL_COMMON="dnssec rpzrecurse serve-stale dupsigs \
+acl \
+additional \
+addzone \
+allow-query \
+auth \
+autosign \
+builtin \
+cacheclean \
+case \
+catz \
+cds \
+chain \
+checkconf \
+checkds \
+checknames \
+checkzone \
+database \
+digdelv \
+dlz \
+dlzexternal \
+dns64 \
+dscp \
+dsdigest \
+dyndb \
+ednscompliance \
+emptyzones \
+fetchlimit \
+filter-aaaa \
+formerr \
+forward \
+geoip2 \
+glue \
+idna \
+inline \
+integrity \
+ixfr \
+journal \
+kasp \
+keepalive \
+keymgr2kasp \
+legacy \
+limits \
+masterfile \
+masterformat \
+metadata \
+mirror \
+mkeys \
+names \
+notify \
+nsec3 \
+nslookup \
+nsupdate \
+nzd2nzf \
+padding \
+pending \
+pipelined \
+qmin \
+reclimit \
+redirect \
+resolver \
+rndc \
+rootkeysentinel \
+rpz \
+rrchecker \
+rrl \
+rrsetorder \
+rsabigexponent \
+runtime \
+sfcache \
+shutdown \
+smartsign \
+sortlist \
+spf \
+staticstub \
+statistics \
+statschannel \
+stress \
+stub \
+synthfromdnssec \
+timeouts \
+tcp \
+tools \
+tsig \
+tsiggss \
+ttl \
+unknown \
+upforwd \
+verify \
+views \
+wildcard \
+xfer \
+xferquota \
+zero \
+zonechecks"
+
+#
+# Set up color-coded test output
+#
+if [ ${SYSTEMTEST_FORCE_COLOR:-0} -eq 1 ] || test -t 1 && type tput > /dev/null 2>&1 && tput setaf 7 > /dev/null 2>&1 ; then
+ export COLOR_END=`tput setaf 4` # blue
+ export COLOR_FAIL=`tput setaf 1` # red
+ export COLOR_INFO=`tput bold` # bold
+ export COLOR_NONE=`tput sgr0`
+ export COLOR_PASS=`tput setaf 2` # green
+ export COLOR_START=`tput setaf 4` # blue
+ export COLOR_WARN=`tput setaf 3` # yellow
+else
+ # set to empty strings so printf succeeds
+ export COLOR_END=''
+ export COLOR_FAIL=''
+ export COLOR_INFO=''
+ export COLOR_NONE=''
+ export COLOR_PASS=''
+ export COLOR_START=''
+ export COLOR_WARN=''
+fi
+
+export SYSTESTDIR="`basename $PWD`"
+
+if type printf > /dev/null 2>&1
+then
+ echofail () {
+ printf "${COLOR_FAIL}%s${COLOR_NONE}\n" "$*"
+ }
+ echowarn () {
+ printf "${COLOR_WARN}%s${COLOR_NONE}\n" "$*"
+ }
+ echopass () {
+ printf "${COLOR_PASS}%s${COLOR_NONE}\n" "$*"
+ }
+ echoinfo () {
+ printf "${COLOR_INFO}%s${COLOR_NONE}\n" "$*"
+ }
+ echostart () {
+ printf "${COLOR_START}%s${COLOR_NONE}\n" "$*"
+ }
+ echoend () {
+ printf "${COLOR_END}%s${COLOR_NONE}\n" "$*"
+ }
+ echo_i() {
+ printf '%s\n' "$*" | while IFS= read -r __LINE ; do
+ echoinfo "I:$SYSTESTDIR:$__LINE"
+ done
+ }
+
+ echo_ic() {
+ printf '%s\n' "$*" | while IFS= read -r __LINE ; do
+ echoinfo "I:$SYSTESTDIR: $__LINE"
+ done
+ }
+
+ echo_d() {
+ printf '%s\n' "$*" | while IFS= read -r __LINE ; do
+ echoinfo "D:$SYSTESTDIR:$__LINE"
+ done
+ }
+else
+ echofail () {
+ echo "$*"
+ }
+ echowarn () {
+ echo "$*"
+ }
+ echopass () {
+ echo "$*"
+ }
+ echoinfo () {
+ echo "$*"
+ }
+ echostart () {
+ echo "$*"
+ }
+ echoend () {
+ echo "$*"
+ }
+
+ echo_i() {
+ echo "$@" | while IFS= read -r __LINE ; do
+ echoinfo "I:$SYSTESTDIR:$__LINE"
+ done
+ }
+
+ echo_ic() {
+ echo "$@" | while IFS= read -r __LINE ; do
+ echoinfo "I:$SYSTESTDIR: $__LINE"
+ done
+ }
+
+ echo_d() {
+ echo "$@" | while IFS= read -r __LINE ; do
+ echoinfo "D:$SYSTESTDIR:$__LINE"
+ done
+ }
+fi
+
+cat_i() {
+ while IFS= read -r __LINE ; do
+ echoinfo "I:$SYSTESTDIR:$__LINE"
+ done
+}
+
+cat_d() {
+ while IFS= read -r __LINE ; do
+ echoinfo "D:$SYSTESTDIR:$__LINE"
+ done
+}
+
+digcomp() {
+ output=`$PERL $SYSTEMTESTTOP/digcomp.pl "$@"`
+ result=$?
+ [ -n "$output" ] && { echo "digcomp failed:"; echo "$output"; } | cat_i
+ return $result
+}
+
+start_server() {
+ $PERL "$TOP_SRCDIR/bin/tests/system/start.pl" "$SYSTESTDIR" "$@"
+}
+
+stop_server() {
+ $PERL "$TOP_SRCDIR/bin/tests/system/stop.pl" "$SYSTESTDIR" "$@"
+}
+
+send() {
+ $PERL "$TOP_SRCDIR/bin/tests/system/send.pl" "$@"
+}
+
+#
+# Useful variables in test scripts
+#
+
+# The following script sets the following algorithm-related variables. These
+# are selected randomly at runtime from a list of supported algorithms. The
+# randomization is deterministic and remains stable for a period of time for a
+# given platform.
+#
+# Default algorithm for testing.
+# DEFAULT_ALGORITHM
+# DEFAULT_ALGORITHM_NUMBER
+# DEFAULT_BITS
+#
+# This is an alternative algorithm for test cases that require more than one
+# algorithm (for example algorithm rollover). Must be different from
+# DEFAULT_ALGORITHM.
+# ALTERNATIVE_ALGORITHM
+# ALTERNATIVE_ALGORITHM_NUMBER
+# ALTERNATIVE_BITS
+#
+# This is an algorithm that is used for tests against the "disable-algorithms"
+# configuration option. Must be different from above algorithms.
+# DISABLED_ALGORITHM
+# DISABLED_ALGORITHM_NUMBER
+# DISABLED_BITS
+#
+# There are multiple algoritms sets to choose from (see get_algorithms.py). To
+# override the default choice, set the ALGORITHM_SET env var (see mkeys system
+# test for example).
+if test -x "$PYTHON" && test -x "$KEYGEN"; then
+ eval "$($PYTHON "$TOP_SRCDIR/bin/tests/system/get_algorithms.py")"
+else
+ # 9.16 workarounds
+ # - for ./configure which calls bin/tests/system/cleanall.sh, which
+ # includes this file before $KEYGEN is compiled
+ # - for our Windows CI which lacks Python
+ DEFAULT_ALGORITHM=ECDSAP256SHA256
+ DEFAULT_ALGORITHM_NUMBER=13
+ DEFAULT_BITS=256
+ ALTERNATIVE_ALGORITHM=RSASHA256
+ ALTERNATIVE_ALGORITHM_NUMBER=8
+ ALTERNATIVE_BITS=1280
+ DISABLED_ALGORITHM=ECDSAP384SHA384
+ DISABLED_ALGORITHM_NUMBER=14
+ DISABLED_BITS=384
+fi
+
+# Default HMAC algorithm.
+export DEFAULT_HMAC=hmac-sha256
+
+#
+# Useful functions in test scripts
+#
+
+# assert_int_equal: compare two integer variables, $1 and $2
+#
+# If $1 and $2 are equal, return 0; if $1 and $2 are not equal, report
+# the error using the description of the tested variable provided in $3
+# and return 1.
+assert_int_equal() {
+ found="$1"
+ expected="$2"
+ description="$3"
+
+ if [ "${expected}" -ne "${found}" ]; then
+ echo_i "incorrect ${description}: got ${found}, expected ${expected}"
+ return 1
+ fi
+
+ return 0
+}
+
+# keyfile_to_keys_section: helper function for keyfile_to_*_keys() which
+# converts keyfile data into a key-style trust anchor configuration
+# section using the supplied parameters
+keyfile_to_keys() {
+ section_name=$1
+ key_prefix=$2
+ shift
+ shift
+ echo "$section_name {"
+ for keyname in $*; do
+ awk '!/^; /{
+ printf "\t\""$1"\" "
+ printf "'"$key_prefix "'"
+ printf $4 " " $5 " " $6 " \""
+ for (i=7; i<=NF; i++) printf $i
+ printf "\";\n"
+ }' $keyname.key
+ done
+ echo "};"
+}
+
+# keyfile_to_dskeys_section: helper function for keyfile_to_*_dskeys()
+# converts keyfile data into a DS-style trust anchor configuration
+# section using the supplied parameters
+keyfile_to_dskeys() {
+ section_name=$1
+ key_prefix=$2
+ shift
+ shift
+ echo "$section_name {"
+ for keyname in $*; do
+ $DSFROMKEY $keyname.key | \
+ awk '!/^; /{
+ printf "\t\""$1"\" "
+ printf "'"$key_prefix "'"
+ printf $4 " " $5 " " $6 " \""
+ for (i=7; i<=NF; i++) printf $i
+ printf "\";\n"
+ }'
+ done
+ echo "};"
+}
+
+# keyfile_to_trusted_keys: convert key data contained in the keyfile(s)
+# provided to a "trust-keys" section suitable for including in a
+# resolver's configuration file
+keyfile_to_trusted_keys() {
+ keyfile_to_keys "trusted-keys" "" $*
+}
+
+# keyfile_to_static_keys: convert key data contained in the keyfile(s)
+# provided to a *static-key* "trust-anchors" section suitable for including in
+# a resolver's configuration file
+keyfile_to_static_keys() {
+ keyfile_to_keys "trust-anchors" "static-key" $*
+}
+
+# keyfile_to_initial_keys: convert key data contained in the keyfile(s)
+# provided to an *initial-key* "trust-anchors" section suitable for including
+# in a resolver's configuration file
+keyfile_to_initial_keys() {
+ keyfile_to_keys "trust-anchors" "initial-key" $*
+}
+
+# keyfile_to_static_ds_keys: convert key data contained in the keyfile(s)
+# provided to a *static-ds* "trust-anchors" section suitable for including in a
+# resolver's configuration file
+keyfile_to_static_ds() {
+ keyfile_to_dskeys "trust-anchors" "static-ds" $*
+}
+
+# keyfile_to_initial_ds_keys: convert key data contained in the keyfile(s)
+# provided to an *initial-ds* "trust-anchors" section suitable for including
+# in a resolver's configuration file
+keyfile_to_initial_ds() {
+ keyfile_to_dskeys "trust-anchors" "initial-ds" $*
+}
+
+# keyfile_to_key_id: convert a key file name to a key ID
+#
+# For a given key file name (e.g. "Kexample.+013+06160") provided as $1,
+# print the key ID with leading zeros stripped ("6160" for the
+# aforementioned example).
+keyfile_to_key_id() {
+ echo "$1" | sed "s/.*+0\{0,4\}//"
+}
+
+# private_type_record: write a private type record recording the state of the
+# signing process
+#
+# For a given zone ($1), algorithm number ($2) and key file ($3), print the
+# private type record with default type value of 65534, indicating that the
+# signing process for this key is completed.
+private_type_record() {
+ _zone=$1
+ _algorithm=$2
+ _keyfile=$3
+
+ _id=$(keyfile_to_key_id "$_keyfile")
+
+ printf "%s. 0 IN TYPE65534 %s 5 %02x%04x0000\n" "$_zone" "\\#" "$_algorithm" "$_id"
+}
+
+# nextpart*() - functions for reading files incrementally
+#
+# These functions aim to facilitate looking for (or waiting for)
+# messages which may be logged more than once throughout the lifetime of
+# a given named instance by outputting just the part of the file which
+# has been appended since the last time we read it.
+#
+# Calling some of these functions causes temporary *.prev files to be
+# created that need to be cleaned up manually (usually by a given system
+# test's clean.sh script).
+#
+# Note that unlike other nextpart*() functions, nextpartread() is not
+# meant to be directly used in system tests; its sole purpose is to
+# reduce code duplication below.
+#
+# A quick usage example:
+#
+# $ echo line1 > named.log
+# $ echo line2 >> named.log
+# $ nextpart named.log
+# line1
+# line2
+# $ echo line3 >> named.log
+# $ nextpart named.log
+# line3
+# $ nextpart named.log
+# $ echo line4 >> named.log
+# $ nextpartpeek named.log
+# line4
+# $ nextpartpeek named.log
+# line4
+# $ nextpartreset named.log
+# $ nextpartpeek named.log
+# line1
+# line2
+# line3
+# line4
+# $ nextpart named.log
+# line1
+# line2
+# line3
+# line4
+# $ nextpart named.log
+# $
+
+# nextpartreset: reset the marker used by nextpart() and nextpartpeek()
+# so that it points to the start of the given file
+nextpartreset() {
+ echo "0" > $1.prev
+}
+
+# nextpartread: read everything that's been appended to a file since the
+# last time nextpart() was called and print it to stdout, print the
+# total number of lines read from that file so far to file descriptor 3
+nextpartread() {
+ [ -f $1.prev ] || nextpartreset $1
+ prev=`cat $1.prev`
+ awk "NR > $prev "'{ print }
+ END { print NR > "/dev/stderr" }' $1 2>&3
+}
+
+# nextpart: read everything that's been appended to a file since the
+# last time nextpart() was called
+nextpart() {
+ nextpartread $1 3> $1.prev.tmp
+ mv $1.prev.tmp $1.prev
+}
+
+# nextpartpeek: read everything that's been appended to a file since the
+# last time nextpart() was called
+nextpartpeek() {
+ nextpartread $1 3> /dev/null
+}
+
+# _search_log: look for message $1 in file $2 with nextpart().
+_search_log() (
+ msg="$1"
+ file="$2"
+ nextpart "$file" | grep -F -e "$msg" > /dev/null
+)
+
+# _search_log_peek: look for message $1 in file $2 with nextpartpeek().
+_search_log_peek() (
+ msg="$1"
+ file="$2"
+ nextpartpeek "$file" | grep -F -e "$msg" > /dev/null
+)
+
+# wait_for_log: wait until message $2 in file $3 appears. Bail out after
+# $1 seconds. This needs to be used in conjunction with a prior call to
+# nextpart() or nextpartreset() on the same file to guarantee the offset is
+# set correctly. Tests using wait_for_log() are responsible for cleaning up
+# the created <file>.prev files.
+wait_for_log() (
+ timeout="$1"
+ msg="$2"
+ file="$3"
+ retry_quiet "$timeout" _search_log "$msg" "$file" && return 0
+ echo_i "exceeded time limit waiting for '$msg' in $file"
+ return 1
+)
+
+# wait_for_log_peek: similar to wait_for_log() but peeking, so the file offset
+# does not change.
+wait_for_log_peek() (
+ timeout="$1"
+ msg="$2"
+ file="$3"
+ retry_quiet "$timeout" _search_log_peek "$msg" "$file" && return 0
+ echo_i "exceeded time limit waiting for '$msg' in $file"
+ return 1
+)
+
+# _retry: keep running a command until it succeeds, up to $1 times, with
+# one-second intervals, optionally printing a message upon every attempt
+_retry() {
+ __retries="${1}"
+ shift
+
+ while :; do
+ if "$@"; then
+ return 0
+ fi
+ __retries=$((__retries-1))
+ if [ "${__retries}" -gt 0 ]; then
+ if [ "${__retry_quiet}" -ne 1 ]; then
+ echo_i "retrying"
+ fi
+ sleep 1
+ else
+ return 1
+ fi
+ done
+}
+
+# retry: call _retry() in verbose mode
+retry() {
+ __retry_quiet=0
+ _retry "$@"
+}
+
+# retry_quiet: call _retry() in silent mode
+retry_quiet() {
+ __retry_quiet=1
+ _retry "$@"
+}
+
+# _repeat: keep running command up to $1 times, unless it fails
+_repeat() (
+ __retries="${1}"
+ shift
+ while :; do
+ if ! "$@"; then
+ return 1
+ fi
+ __retries=$((__retries-1))
+ if [ "${__retries}" -le 0 ]; then
+ break
+ fi
+ done
+ return 0
+)
+
+rndc_reload() {
+ $RNDC -c ../common/rndc.conf -s $2 -p ${CONTROLPORT} reload $3 2>&1 | sed 's/^/'"I:$SYSTESTDIR:$1"' /'
+ # reloading single zone is synchronous, if we're reloading whole server
+ # we need to wait for reload to finish
+ if [ -z "$3" ]; then
+ for __try in 0 1 2 3 4 5 6 7 8 9; do
+ $RNDC -c ../common/rndc.conf -s $2 -p ${CONTROLPORT} status | grep "reload/reconfig in progress" > /dev/null || break
+ sleep 1
+ done
+ fi
+}
+
+rndc_reconfig() {
+ $RNDC -c ../common/rndc.conf -s $2 -p ${CONTROLPORT} reconfig 2>&1 | sed 's/^/'"I:$SYSTESTDIR:$1"' /'
+ for __try in 0 1 2 3 4 5 6 7 8 9; do
+ $RNDC -c ../common/rndc.conf -s $2 -p ${CONTROLPORT} status | grep "reload/reconfig in progress" > /dev/null || break
+ sleep 1
+ done
+}
+
+# rndc_dumpdb: call "rndc dumpdb [...]" and wait until it completes
+#
+# The first argument is the name server instance to send the command to, in the
+# form of "nsX" (where "X" is the instance number), e.g. "ns5". The remaining
+# arguments, if any, are appended to the rndc command line after "dumpdb".
+#
+# Control channel configuration for the name server instance to send the
+# command to must match the contents of bin/tests/system/common/rndc.conf.
+#
+# rndc output is stored in a file called rndc.out.test${n}; the "n" variable is
+# required to be set by the calling tests.sh script.
+#
+# Return 0 if the dump completes successfully; return 1 if rndc returns an exit
+# code other than 0 or if the "; Dump complete" string does not appear in the
+# dump within 10 seconds.
+rndc_dumpdb() {
+ __ret=0
+ __dump_complete=0
+ __server="${1}"
+ __ip="10.53.0.$(echo "${__server}" | tr -c -d "0-9")"
+
+ shift
+ ${RNDC} -c ../common/rndc.conf -p "${CONTROLPORT}" -s "${__ip}" dumpdb "$@" > "rndc.out.test${n}" 2>&1 || __ret=1
+
+ for _ in 0 1 2 3 4 5 6 7 8 9
+ do
+ if grep '^; Dump complete$' "${__server}/named_dump.db" > /dev/null; then
+ mv "${__server}/named_dump.db" "${__server}/named_dump.db.test${n}"
+ __dump_complete=1
+ break
+ fi
+ sleep 1
+ done
+
+ if [ ${__dump_complete} -eq 0 ]; then
+ echo_i "timed out waiting for 'rndc dumpdb' to finish"
+ __ret=1
+ fi
+
+ return ${__ret}
+}
+
+# get_dig_xfer_stats: extract transfer statistics from dig output stored
+# in $1, converting them to a format used by some system tests.
+get_dig_xfer_stats() {
+ LOGFILE="$1"
+ sed -n "s/^;; XFR size: .*messages \([0-9][0-9]*\).*/messages=\1/p" "${LOGFILE}"
+ sed -n "s/^;; XFR size: \([0-9][0-9]*\) records.*/records=\1/p" "${LOGFILE}"
+ sed -n "s/^;; XFR size: .*bytes \([0-9][0-9]*\).*/bytes=\1/p" "${LOGFILE}"
+}
+
+# get_named_xfer_stats: from named log file $1, extract transfer
+# statistics for the last transfer for peer $2 and zone $3 (from a log
+# message which has to contain the string provided in $4), converting
+# them to a format used by some system tests.
+get_named_xfer_stats() {
+ LOGFILE="$1"
+ PEER="`echo $2 | sed 's/\./\\\\./g'`"
+ ZONE="`echo $3 | sed 's/\./\\\\./g'`"
+ MESSAGE="$4"
+ grep " ${PEER}#.*${MESSAGE}:" "${LOGFILE}" | \
+ sed -n "s/.* '${ZONE}\/.* \([0-9][0-9]*\) messages.*/messages=\1/p" | tail -1
+ grep " ${PEER}#.*${MESSAGE}:" "${LOGFILE}" | \
+ sed -n "s/.* '${ZONE}\/.* \([0-9][0-9]*\) records.*/records=\1/p" | tail -1
+ grep " ${PEER}#.*${MESSAGE}:" "${LOGFILE}" | \
+ sed -n "s/.* '${ZONE}\/.* \([0-9][0-9]*\) bytes.*/bytes=\1/p" | tail -1
+}
+
+# copy_setports - Copy Configuration File and Replace Ports
+#
+# Convenience function to copy a configuration file, replacing the tokens
+# QUERYPORT, CONTROLPORT and EXTRAPORT[1-8] with the values of the equivalent
+# environment variables. (These values are set by "run.sh", which calls the
+# scripts invoking this function.)
+#
+# Usage:
+# copy_setports infile outfile
+#
+copy_setports() {
+ # The indirect method of handling the substitution of the PORT variables
+ # (defining "atsign" then substituting for it in the "sed" statement) is
+ # required to prevent the "Configure" script (in the win32utils/ directory)
+ # from replacing the <at>PORT<at> substitution tokens when it processes
+ # this file and produces conf.sh.
+ atsign="@"
+ sed -e "s/${atsign}PORT${atsign}/${PORT}/g" \
+ -e "s/${atsign}EXTRAPORT1${atsign}/${EXTRAPORT1}/g" \
+ -e "s/${atsign}EXTRAPORT2${atsign}/${EXTRAPORT2}/g" \
+ -e "s/${atsign}EXTRAPORT3${atsign}/${EXTRAPORT3}/g" \
+ -e "s/${atsign}EXTRAPORT4${atsign}/${EXTRAPORT4}/g" \
+ -e "s/${atsign}EXTRAPORT5${atsign}/${EXTRAPORT5}/g" \
+ -e "s/${atsign}EXTRAPORT6${atsign}/${EXTRAPORT6}/g" \
+ -e "s/${atsign}EXTRAPORT7${atsign}/${EXTRAPORT7}/g" \
+ -e "s/${atsign}EXTRAPORT8${atsign}/${EXTRAPORT8}/g" \
+ -e "s/${atsign}CONTROLPORT${atsign}/${CONTROLPORT}/g" \
+ -e "s/${atsign}DEFAULT_ALGORITHM${atsign}/${DEFAULT_ALGORITHM}/g" \
+ -e "s/${atsign}DEFAULT_ALGORITHM_NUMBER${atsign}/${DEFAULT_ALGORITHM_NUMBER}/g" \
+ -e "s/${atsign}DEFAULT_BITS${atsign}/${DEFAULT_BITS}/g" \
+ -e "s/${atsign}ALTERNATIVE_ALGORITHM${atsign}/${ALTERNATIVE_ALGORITHM}/g" \
+ -e "s/${atsign}ALTERNATIVE_ALGORITHM_NUMBER${atsign}/${ALTERNATIVE_ALGORITHM_NUMBER}/g" \
+ -e "s/${atsign}ALTERNATIVE_BITS${atsign}/${ALTERNATIVE_BITS}/g" \
+ -e "s/${atsign}DEFAULT_HMAC${atsign}/${DEFAULT_HMAC}/g" \
+ -e "s/${atsign}DISABLED_ALGORITHM${atsign}/${DISABLED_ALGORITHM}/g" \
+ -e "s/${atsign}DISABLED_ALGORITHM_NUMBER${atsign}/${DISABLED_ALGORITHM_NUMBER}/g" \
+ -e "s/${atsign}DISABLED_BITS${atsign}/${DISABLED_BITS}/g" \
+ $1 > $2
+}