From ef03469fec14f1f0358b690934fc173d744f4e7d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:26:01 +0200 Subject: Adding debian version 5.6.0-1. Signed-off-by: Daniel Baumann --- debian/tests/control | 6 +++ debian/tests/roundtrip | 134 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 140 insertions(+) create mode 100644 debian/tests/control create mode 100755 debian/tests/roundtrip (limited to 'debian/tests') diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..949d99b --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,6 @@ +Tests: roundtrip +Depends: gnutls-bin, + knot-dnsutils, + knot-resolver, + socat +Restrictions: needs-root, skip-not-installable diff --git a/debian/tests/roundtrip b/debian/tests/roundtrip new file mode 100755 index 0000000..42c7519 --- /dev/null +++ b/debian/tests/roundtrip @@ -0,0 +1,134 @@ +#!/bin/bash + +# Author: Daniel Kahn Gillmor +# 2018-08-30 +# License: GPLv3+ + +# error on exit +set -e +# for handling jobspecs: +set -m + +if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then + d="$(mktemp -d)" + remove="$d" +else + d="$AUTOPKGTEST_ARTIFACTS" +fi +ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}" +kresd="${KRESD:-/usr/sbin/kresd}" +kdig="${KDIG:-$(command -v kdig)}" + +declare -a kresd_args=(--addr="$ip@8053" --tls="$ip@8853" --noninteractive --config="$d/kresd.conf" --verbose --verbose --verbose) +if [ -n "$MODULE_DIR" ]; then + kresd_args+=(-m "$MODULE_DIR") +fi + +printf "%s + %s roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n kresd args: %s\n" "$kresd" "$kdig" "$d" "$ip" "${kresd_args[*]}" + +section() { + printf "\n%s\n" "$1" + sed 's/./-/g' <<<"$1" +} + +cleanup () { + section "cleaning up" + find "$d" -ls + tail -n +1 -v "$d"/*.err + ctrl_socket=/run/knot-resolver/control/1 + if [ -S "$ctrl_socket" ]; then + echo 'quit()' | socat STDIO "UNIX-CONNECT:$ctrl_socket" + wait %1 + else + pkill -KILL kresd ; true + fi + + if [ "$remove" ]; then + printf "\ncleaning up working directory %s\n" "$remove" + rm -rf "$remove" + fi +} +trap cleanup EXIT + +section "make Certificate Authority key and certificate" +cat > "$d/ca.template" < "$d/ee.template" < "$d/kresd.conf" < iterate' } +net.tls("$d/ee-cert.pem", "$d/ee-key.pem") +hints["monkeys.example"] = "127.15.23.5" + +local path = '/run/knot-resolver/control/1' +local ok, err = pcall(net.listen, path, nil, { kind = 'control' }) +if not ok then + warn('bind to '..path..' failed '..err) +end +EOF +"$kresd" "${kresd_args[@]}" "$d" 2> "$d/kresd.err" & + +sleep 1 + +section "test UDP with kdig" +x=$("$kdig" +short +time=2 +retry=0 @"$ip:8053" monkeys.example) +[ "$x" = "127.15.23.5" ] +echo "successful UDP request to $ip on port 8053" + +section "test TCP with kdig" +x=$("$kdig" +short +tcp @"$ip:8053" monkeys.example) +[ "$x" = "127.15.23.5" ] +echo "successful TCP request to $ip on port 8053" + +section "test opportunistic DNS-over-TLS with kdig" +x=$("$kdig" +short +tls @"$ip:8853" monkeys.example) +[ "$x" = "127.15.23.5" ] +echo "successful opportunistic DNS-over-TLS request to $ip on port 8853" + +section "test strict DNS-over-TLS with kdig" +x=$("$kdig" +short +tls +tls-ca="$d/ca-cert.pem" +tls-hostname=test.example @"$ip:8853" monkeys.example) +[ "$x" = "127.15.23.5" ] +echo "successful strict DNS-over-TLS request to $ip on port 8853" + +section "test invalid name with strict DNS-over-TLS with kdig" +# Kdig returns non-zero code if error since version 2.7.5 +x=$("$kdig" +tls +tls-ca="$d/ca-cert.pem" +tls-hostname=notright.example @"$ip:8853" monkeys.example 2>"$d/badname.err" || true) +if [ "$x" ]; then + printf >&2 "got: %s\nShould not have succeeded since name did not match!" "$x" + false +fi +echo "successful strict DNS-over-TLS request failure when name mismatch to $ip on port 8853" + +section "test bad authority with strict DNS-over-TLS with kdig" +# Kdig returns non-zero code if error since version 2.7.5 +x=$("$kdig" +tls-ca="$d/bogus-cert.pem" +tls-hostname=test.example @"$ip:8853" monkeys.example 2>"$d/badca.err" || true) +if [ "$x" ]; then + printf >&2 "got: %s\nShould not have succeeded since authority was wrong!" "$x" + false +fi +echo "successful strict DNS-over-TLS request failure to $ip on port 8853" -- cgit v1.2.3