#!/bin/sh # Copyright (C) Internet Systems Consortium, Inc. ("ISC") # # SPDX-License-Identifier: MPL-2.0 # # This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, you can obtain one at https://mozilla.org/MPL/2.0/. # # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh status=0 n=1 matchall () { match_result=ok file=$1 while IFS="," read expect matchline; do [ -z "$matchline" ] && continue matches=`grep "$matchline" $file | wc -l` [ "$matches" -ne "$expect" ] && { echo "'$matchline': expected $expect found $matches" return 1 } done << EOF $2 EOF return 0 } echo_i "checking for DNSSEC key coverage issues" ret=0 for dir in [0-9][0-9]-*; do ret=0 echo_i "$dir ($n)" kargs= cargs= kmatch= cmatch= kret= cret=0 warn= error= ok= . $dir/expect # use policy.conf if available policy="" if [ -e "$dir/policy.conf" ]; then policy="-c $dir/policy.conf" if grep -e "-c policy.conf" $dir/expect > /dev/null then echo_i "fix $dir/expect: multiple policy files" ret=1 fi else policy="-c policy.conf" fi # run keymgr to update keys if [ "$CYGWIN" ]; then $KEYMGR $policy -K $dir -g `cygpath -w $KEYGEN` \ -s `cygpath -w $SETTIME` $kargs > keymgr.$n 2>&1 else $KEYMGR $policy -K $dir -g $KEYGEN \ -s $SETTIME $kargs > keymgr.$n 2>&1 fi # check that return code matches expectations found=$? if [ $found -ne $kret ]; then echo "keymgr retcode was $found expected $kret" ret=1 fi # check for matches in keymgr output matchall keymgr.$n "$kmatch" || ret=1 # now check coverage $COVERAGE -K $dir $cargs > coverage.$n 2>&1 # check that return code matches expectations found=$? if [ $found -ne $cret ]; then echo "coverage retcode was $found expected $cret" ret=1 fi # check for correct number of errors found=`grep ERROR coverage.$n | wc -l` if [ $found -ne $error ]; then echo "error count was $found expected $error" ret=1 fi # check for correct number of warnings found=`grep WARNING coverage.$n | wc -l` if [ $found -ne $warn ]; then echo "warning count was $found expected $warn" ret=1 fi # check for correct number of OKs found=`grep "No errors found" coverage.$n | wc -l` if [ $found -ne $ok ]; then echo "good count was $found expected $ok" ret=1 fi # check for matches in coverage output matchall coverage.$n "$cmatch" || ret=1 if [ -f $dir/extra.sh ]; then cd $dir . ./extra.sh cd .. fi n=`expr $n + 1` if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` done echo_i "checking domains ending in . ($n)" ret=0 $KEYMGR -g $KEYGEN -s $SETTIME . > keymgr.1.$n 2>&1 nkeys=`grep dnssec-keygen keymgr.1.$n | wc -l` [ "$nkeys" -eq 2 ] || ret=1 $KEYMGR -g $KEYGEN -s $SETTIME . > keymgr.2.$n 2>&1 nkeys=`grep dnssec-keygen keymgr.2.$n | wc -l` [ "$nkeys" -eq 0 ] || ret=1 $KEYMGR -g $KEYGEN -s $SETTIME example.com. > keymgr.3.$n 2>&1 nkeys=`grep dnssec-keygen keymgr.3.$n | wc -l` [ "$nkeys" -eq 2 ] || ret=1 $KEYMGR -g $KEYGEN -s $SETTIME example.com. > keymgr.4.$n 2>&1 nkeys=`grep dnssec-keygen keymgr.4.$n | wc -l` [ "$nkeys" -eq 0 ] || ret=1 status=`expr $status + $ret` n=`expr $n + 1` echo_i "checking policy.conf parser ($n)" ret=0 PYTHONPATH="../../../python:$PYTHONPATH" ${PYTHON} testpolicy.py policy.sample > policy.out $DOS2UNIX policy.out > /dev/null 2>&1 cmp -s policy.good policy.out || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` n=`expr $n + 1` echo_i "exit status: $status" [ $status -eq 0 ] || exit 1