From f907be17e9e25a809c602f2a54c3f8c2d6ad2b51 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 10 Apr 2024 21:05:44 +0200 Subject: Adding debian version 3.3.4-1. Signed-off-by: Daniel Baumann --- debian/tests/authoritative-server | 150 ++++++++++++++++++++++++++++++++++++++ debian/tests/control | 13 ++++ debian/tests/kdig | 14 ++++ 3 files changed, 177 insertions(+) create mode 100755 debian/tests/authoritative-server create mode 100644 debian/tests/control create mode 100755 debian/tests/kdig (limited to 'debian/tests') diff --git a/debian/tests/authoritative-server b/debian/tests/authoritative-server new file mode 100755 index 0000000..028dfbf --- /dev/null +++ b/debian/tests/authoritative-server @@ -0,0 +1,150 @@ +#!/bin/bash + +# Author: Daniel Kahn Gillmor +# 2018-11-02 +# License: GPLv3+ + +# error on exit +set -e +# for handling jobspecs: +set -m + +if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then + d="$(mktemp -d)" + remove="$d" +else + d="$AUTOPKGTEST_ARTIFACTS" +fi +ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}" +port="${PORT:-8123}" +knotc="${KNOTC:-/usr/sbin/knotc}" +knotd="${KNOTD:-/usr/sbin/knotd}" +keymgr="${KEYMGR:-/usr/sbin/keymgr}" +kdig="${KDIG:-$(command -v kdig)}" +kzonecheck="${KZONECHECK:-$(command -v kzonecheck)}" +test_address="${TEST_ADDRESS:-192.0.2.199}" + +declare -a knot_conf="--config=$d/knot.conf" +declare -a knot_args=("$knot_conf" --verbose) + +printf "%s + %s roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n knot args: %s\n" "$knotd" "$kdig" "$d" "$ip" "${knot_args[*]}" + +section() { + printf "\n%s\n" "$1" + sed 's/./-/g' <<<"$1" +} + +cleanup () { + section "cleaning up" + find "$d" -ls + "${knotc}" "${knot_args[@]}" stop + wait %1 + tail -n +1 -v "$d"/*.err + if [ "$remove" ]; then + printf "\ncleaning up working directory %s\n" "$remove" + rm -rf "$remove" + fi +} +trap cleanup EXIT + +section "set up config file and zonefile" + +user=$(id -nu) +group=$(id -ng) +cat > "$d/knot.conf" < "$d/example.net.zone" < "$d/knotd.err" & + +# FIXME: this is an annoying poll -- would be better if we could be +# alerted when the daemon is done setting up the socket, but i don't +# want to "--daemonize" if i can avoid it because i want the shell to +# remain in direct supervision of all its processes +tried=0 +while [ $tried -lt 10 ] ; do + if "${knotc}" "${knot_args[@]}" status 2>&1; then + break; + fi + sleep 0.5 + tried=$(( $tried + 1 )) +done +if [ $tried -ge 10 ]; then + printf "failed to use %s\n" "${knotc}" >&2 + exit 1 +fi + +section "querying knot" +"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net +answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" +if ! [ "$answer" = "$test_address" ]; then + printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 + exit 1 +fi +answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" +if ! [ "$answer2" = "" ]; then + printf "test2.example.net gave unexpected answer!\n got: %s\n" "$answer2" >&2 + exit 1 +fi + +section "modifying zone" +printf "test2 1D IN A $test_address\n" >>"$d/example.net.zone" +sed -i 's/^@ 1D IN SOA.*/@ 1D IN SOA a.ns hostmaster 2018110100 3h 15m 1w 1d/' "$d/example.net.zone" +"${knotc}" "${knot_args[@]}" reload +sleep 1 + +section "querying again" +"${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net +answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" +if ! [ "$answer" = "$test_address" ]; then + printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 + exit 1 +fi +answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" +if ! [ "$answer2" = "$test_address" ]; then + printf "test2.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer2" >&2 + exit 1 +fi + +section "querying DNSSEC" +"${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec +if ! "${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec 2>&1 | grep -q "RRSIG[[:space:]]*DNSKEY"; then + printf "DNSSEC query not successful" >&2 + exit 1 +fi + +section "listing keys with keymgr" +"${keymgr}" "$knot_conf" -e example.net. list +if ! "${keymgr}" "$knot_conf" -e example.net. list 2>&1 | grep -q "ksk=yes"; then + printf "keymgr did not list KSK as expected" >&2 + exit 1 +fi diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..e8b3dcb --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,13 @@ +Tests: kdig +Restrictions: skippable +Depends: + ca-certificates, + iputils-ping, + knot-dnsutils, + +Tests: authoritative-server +Depends: + findutils, + knot, + knot-dnsutils, + knot-dnssecutils, diff --git a/debian/tests/kdig b/debian/tests/kdig new file mode 100755 index 0000000..f1dbe5a --- /dev/null +++ b/debian/tests/kdig @@ -0,0 +1,14 @@ +#!/bin/bash + +set -e + +# Skip the test if no internet access +ping -c1 1.1.1.1 2>&1 || exit 77 + +expected=198.41.0.4 +answer=$(kdig +short +tls-ca @1.1.1.1 -q a.root-servers.net. -t A 2>&1 || true) + +if [ "$answer" != "$expected" ]; then + printf "expected: %s\ngot: %s\n" "$expected" "$answer" >&2 + kdig -d +tls-ca @1.1.1.1 -q a.root-servers.net. -t A +fi -- cgit v1.2.3