diff options
Diffstat (limited to 'bin/tests/system/dupsigs')
| -rw-r--r-- | bin/tests/system/dupsigs/ns1/reset_keys.sh | 53 | ||||
| -rw-r--r-- | bin/tests/system/dupsigs/setup.sh | 5 | ||||
| -rw-r--r-- | bin/tests/system/dupsigs/tests.sh | 41 |
3 files changed, 50 insertions, 49 deletions
diff --git a/bin/tests/system/dupsigs/ns1/reset_keys.sh b/bin/tests/system/dupsigs/ns1/reset_keys.sh index 4faa0bb..9db5c27 100644 --- a/bin/tests/system/dupsigs/ns1/reset_keys.sh +++ b/bin/tests/system/dupsigs/ns1/reset_keys.sh @@ -19,32 +19,31 @@ rm -rf keys/signing.test mkdir -p keys/signing.test timetodnssec() { - $PERL -e 'my ($S,$M,$H,$d,$m,$y,$x) = gmtime(@ARGV[0]); + $PERL -e 'my ($S,$M,$H,$d,$m,$y,$x) = gmtime(@ARGV[0]); printf("%04u%02u%02u%02u%02u%02u\n", $y+1900,$m+1,$d,$H,$M,$S);' ${1} } KEYDIR=keys/signing.test -KSK=`$KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone` - -ZSK0=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK1=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK2=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK3=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK4=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK5=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK6=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK7=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK8=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` -ZSK9=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +KSK=$($KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone) + +ZSK0=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK1=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK2=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK3=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK4=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK5=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK6=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK7=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK8=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) +ZSK9=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) # clear all times on all keys -for FILEN in keys/signing.test/*.key -do - $SETTIME -P none -A none -R none -I none -D none $FILEN +for FILEN in keys/signing.test/*.key; do + $SETTIME -P none -A none -R none -I none -D none $FILEN done -BASE=`date +%s` -BASET=`timetodnssec $BASE` +BASE=$(date +%s) +BASET=$(timetodnssec $BASE) # reset the publish and activation time on the KSK $SETTIME -P $BASET -A $BASET $KEYDIR/$KSK @@ -53,25 +52,25 @@ $SETTIME -P $BASET -A $BASET $KEYDIR/$KSK $SETTIME -P $BASET -A $BASET $KEYDIR/$ZSK0 # schedule the first roll -R1=`expr $BASE + 50` -R1T=`timetodnssec $R1` +R1=$(expr $BASE + 50) +R1T=$(timetodnssec $R1) $SETTIME -I $R1T $KEYDIR/$ZSK0 $SETTIME -P $BASET -A $R1T $KEYDIR/$ZSK1 # schedule the second roll (which includes the delete of the first key) -R2=`expr $R1 + 50` -R2T=`timetodnssec $R2` +R2=$(expr $R1 + 50) +R2T=$(timetodnssec $R2) DT=$R2 -DTT=`timetodnssec $DT` +DTT=$(timetodnssec $DT) $SETTIME -D $DTT $KEYDIR/$ZSK0 $SETTIME -I $R2T $KEYDIR/$ZSK1 $SETTIME -P $R1T -A $R2T $KEYDIR/$ZSK2 # schedule the third roll -R3=`expr $R2 + 25` -R3T=`timetodnssec $R3` +R3=$(expr $R2 + 25) +R3T=$(timetodnssec $R3) $SETTIME -D $R3T $KEYDIR/$ZSK1 $SETTIME -I $R3T $KEYDIR/$ZSK2 @@ -92,8 +91,8 @@ exit # this isn't long enough for the signing to complete and would result in # duplicate signatures, see # https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/231#note_9597 -R4=`expr $R3 + 10` -R4T=`timetodnssec $R4` +R4=$(expr $R3 + 10) +R4T=$(timetodnssec $R4) $SETTIME -D $R4T $KEYDIR/$ZSK2 $SETTIME -I $R4T $KEYDIR/$ZSK3 diff --git a/bin/tests/system/dupsigs/setup.sh b/bin/tests/system/dupsigs/setup.sh index f687543..fd418c9 100644 --- a/bin/tests/system/dupsigs/setup.sh +++ b/bin/tests/system/dupsigs/setup.sh @@ -21,4 +21,7 @@ test -r $RANDFILE || $GENRANDOM 800 $RANDFILE copy_setports ns1/named.conf.in ns1/named.conf cp -f ns1/signing.test.db.in ns1/signing.test.db -(cd ns1; $SHELL ./reset_keys.sh) +( + cd ns1 + $SHELL ./reset_keys.sh +) diff --git a/bin/tests/system/dupsigs/tests.sh b/bin/tests/system/dupsigs/tests.sh index dfc88ce..63dea57 100644 --- a/bin/tests/system/dupsigs/tests.sh +++ b/bin/tests/system/dupsigs/tests.sh @@ -25,20 +25,20 @@ status=0 # - 2 x 500 signatures for a{0000-0499}.signing.test. # # for a total of 1009. -fully_signed () { - $DIG axfr signing.test -p ${PORT} @10.53.0.1 > "dig.out.ns1.axfr" - awk 'BEGIN { lines = 0 } +fully_signed() { + $DIG axfr signing.test -p ${PORT} @10.53.0.1 >"dig.out.ns1.axfr" + awk 'BEGIN { lines = 0 } $4 == "RRSIG" {lines++} - END { if (lines != 1009) exit(1) }' < "dig.out.ns1.axfr" + END { if (lines != 1009) exit(1) }' <"dig.out.ns1.axfr" } # Wait for the last NSEC record in the zone to be signed. This is a lightweight # alternative to avoid many AXFR requests while waiting for the zone to be # fully signed. _wait_for_last_nsec_signed() { - $DIG +dnssec a0499.signing.test -p ${PORT} @10.53.0.1 nsec > "dig.out.ns1.wait" || return 1 - grep "signing.test\..*IN.*RRSIG.*signing.test" "dig.out.ns1.wait" > /dev/null || return 1 - return 0 + $DIG +dnssec a0499.signing.test -p ${PORT} @10.53.0.1 nsec >"dig.out.ns1.wait" || return 1 + grep "signing.test\..*IN.*RRSIG.*signing.test" "dig.out.ns1.wait" >/dev/null || return 1 + return 0 } echo_i "wait for the zone to be fully signed" @@ -46,24 +46,23 @@ retry_quiet 60 _wait_for_last_nsec_signed retry_quiet 10 fully_signed || status=1 if [ $status != 0 ]; then echo_i "failed"; fi -start=`date +%s` +start=$(date +%s) now=$start end=$((start + 140)) while [ $now -lt $end ] && [ $status -eq 0 ]; do - et=$((now - start)) - echo_i "............... $et ............" - $JOURNALPRINT ns1/signing.test.db.signed.jnl | $PERL check_journal.pl | cat_i - $DIG axfr signing.test -p ${PORT} @10.53.0.1 > dig.out.at$et - awk '$4 == "RRSIG" { print $11 }' dig.out.at$et | sort | uniq -c | cat_i - lines=`awk '$4 == "RRSIG" { print}' dig.out.at$et | wc -l` - if [ ${et} -ne 0 -a ${lines} -ne 1009 ] - then - echo_i "failed" - status=$((status + 1)) - fi - sleep 5 - now=`date +%s` + et=$((now - start)) + echo_i "............... $et ............" + $JOURNALPRINT ns1/signing.test.db.signed.jnl | $PERL check_journal.pl | cat_i + $DIG axfr signing.test -p ${PORT} @10.53.0.1 >dig.out.at$et + awk '$4 == "RRSIG" { print $11 }' dig.out.at$et | sort | uniq -c | cat_i + lines=$(awk '$4 == "RRSIG" { print}' dig.out.at$et | wc -l) + if [ ${et} -ne 0 -a ${lines} -ne 1009 ]; then + echo_i "failed" + status=$((status + 1)) + fi + sleep 5 + now=$(date +%s) done echo_i "exit status: $status" |