#!/bin/bash # Author: Daniel Kahn Gillmor # 2018-11-02 # License: GPLv3+ # error on exit set -e # for handling jobspecs: set -m if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then d="$(mktemp -d)" remove="$d" else d="$AUTOPKGTEST_ARTIFACTS" fi ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}" port="${PORT:-8123}" knotc="${KNOTC:-/usr/sbin/knotc}" knotd="${KNOTD:-/usr/sbin/knotd}" keymgr="${KEYMGR:-/usr/sbin/keymgr}" kdig="${KDIG:-$(command -v kdig)}" kzonecheck="${KZONECHECK:-$(command -v kzonecheck)}" test_address="${TEST_ADDRESS:-192.0.2.199}" declare -a knot_conf="--config=$d/knot.conf" declare -a knot_args=("$knot_conf" --verbose) printf "%s + %s roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n knot args: %s\n" "$knotd" "$kdig" "$d" "$ip" "${knot_args[*]}" section() { printf "\n%s\n" "$1" sed 's/./-/g' <<<"$1" } cleanup () { section "cleaning up" find "$d" -ls "${knotc}" "${knot_args[@]}" stop wait %1 tail -n +1 -v "$d"/*.err if [ "$remove" ]; then printf "\ncleaning up working directory %s\n" "$remove" rm -rf "$remove" fi } trap cleanup EXIT section "set up config file and zonefile" user=$(id -nu) group=$(id -ng) cat > "$d/knot.conf" < "$d/example.net.zone" < "$d/knotd.err" & # FIXME: this is an annoying poll -- would be better if we could be # alerted when the daemon is done setting up the socket, but i don't # want to "--daemonize" if i can avoid it because i want the shell to # remain in direct supervision of all its processes tried=0 while [ $tried -lt 10 ] ; do if "${knotc}" "${knot_args[@]}" status 2>&1; then break; fi sleep 0.5 tried=$(( $tried + 1 )) done if [ $tried -ge 10 ]; then printf "failed to use %s\n" "${knotc}" >&2 exit 1 fi section "querying knot" "${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" if ! [ "$answer" = "$test_address" ]; then printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 exit 1 fi answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" if ! [ "$answer2" = "" ]; then printf "test2.example.net gave unexpected answer!\n got: %s\n" "$answer2" >&2 exit 1 fi section "modifying zone" printf "test2 1D IN A $test_address\n" >>"$d/example.net.zone" sed -i 's/^@ 1D IN SOA.*/@ 1D IN SOA a.ns hostmaster 2018110100 3h 15m 1w 1d/' "$d/example.net.zone" "${knotc}" "${knot_args[@]}" reload sleep 1 section "querying again" "${kdig}" -p "${port}" @"${ip}" -t A test.example.net test2.example.net answer="$("${kdig}" +short -p "${port}" @"${ip}" -t A test.example.net)" if ! [ "$answer" = "$test_address" ]; then printf "test.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer" >&2 exit 1 fi answer2="$("${kdig}" +short -p "${port}" @"${ip}" -t A test2.example.net)" if ! [ "$answer2" = "$test_address" ]; then printf "test2.example.net mismatch!\nexpected: %s\n got: %s\n" "$test_address" "$answer2" >&2 exit 1 fi section "querying DNSSEC" "${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec if ! "${kdig}" -p "${port}" @"${ip}" -t DNSKEY example.net. +dnssec 2>&1 | grep -q "RRSIG[[:space:]]*DNSKEY"; then printf "DNSSEC query not successful" >&2 exit 1 fi section "listing keys with keymgr" "${keymgr}" "$knot_conf" -e example.net. list if ! "${keymgr}" "$knot_conf" -e example.net. list 2>&1 | grep -q "ksk=yes"; then printf "keymgr did not list KSK as expected" >&2 exit 1 fi