From: George Thessalonikefs Date: Wed, 5 Oct 2022 00:44:50 +0000 (+0200) Subject: - Make ede.tdir test more predictable by using static data. X-Git-Tag: release-1.17.0rc1~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f609a45354cd3e8aa2a6a12190aed043a0fbbd05;p=thirdparty%2Funbound.git - Make ede.tdir test more predictable by using static data. --- diff --git a/doc/Changelog b/doc/Changelog index 6823a60ba..bd2b33ff2 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 5 October 2022: George - Use DEBUG_TDIR from environment in mini_tdir.sh for debugging. - Fix string comparison in mini_tdir.sh. + - Make ede.tdir test more predictable by using static data. 4 October 2022: George - Merge #764: Leniency for target discovery when under load (for diff --git a/testdata/ede.tdir/bogus/clean.sh b/testdata/ede.tdir/bogus/clean.sh deleted file mode 100755 index 54128f807..000000000 --- a/testdata/ede.tdir/bogus/clean.sh +++ /dev/null @@ -1 +0,0 @@ -rm -f K* piece1 base expired notyetincepted trust-anchors dnssec-failures.test.signed dnskey-failures.test.signed nsec-failures.test.signed rrsig-failures.test.signed diff --git a/testdata/ede.tdir/bogus/dnskey-failures.test.signed b/testdata/ede.tdir/bogus/dnskey-failures.test.signed new file mode 100644 index 000000000..69bfde48b --- /dev/null +++ b/testdata/ede.tdir/bogus/dnskey-failures.test.signed @@ -0,0 +1,7 @@ +dnskey-failures.test. 3600 IN SOA ns.dnskey-failures.test. hostmaster.dnskey-failures.test. 1 14400 1800 2419200 300 +dnskey-failures.test. 3600 IN RRSIG SOA 13 2 3600 20010201000000 20001230000000 45928 dnskey-failures.test. NKixvGKa0WHSI8oE5THI1hjm5nExVkryUmW15VoNZ3pwqUYexGWLIlfuYsTaDE5GVEtPpSKbA+PlYDk19EsLNQ== +dnskey-failures.test. 3600 IN A 192.0.2.1 +dnskey-failures.test. 3600 IN RRSIG A 13 2 3600 20010201000000 20001230000000 45928 dnskey-failures.test. FCEvbVL3TkzO7jWeOz7E/A3Q64QkpegVazS4OL+ybxN2o8OzXdCJN3QbCGdFP26/Rbj089ThDCZ0+OormAk1dw== +dnskey-failures.test. 3600 IN RRSIG DNSKEY 13 2 3600 20010201000000 20001230000000 45928 dnskey-failures.test. pEjWVsJbFiQBvwNGV3v0nVirMJDOYKXqC4IX9dFuRTnoWSb95anvB08pgaZ1ie+thk6YC1fX2fUTRKRFr3vHnA== +dnskey-failures.test. 300 IN NSEC dnskey-failures.test. A SOA RRSIG NSEC DNSKEY +dnskey-failures.test. 300 IN RRSIG NSEC 13 2 300 20010201000000 20001230000000 45928 dnskey-failures.test. /vAazBDetA5+np+fE7V6f9W+faEQT3ETGueNNhFPjUsPF1dU9Gglu4PZ15fWOxsk0DPWHNmTMF70ZCGQJ2k+fw== diff --git a/testdata/ede.tdir/bogus/dnssec-failures.test.signed b/testdata/ede.tdir/bogus/dnssec-failures.test.signed new file mode 100644 index 000000000..ed8f5d9d9 --- /dev/null +++ b/testdata/ede.tdir/bogus/dnssec-failures.test.signed @@ -0,0 +1,25 @@ +dnssec-failures.test. 3600 IN SOA ns.dnssec-failures.test. hostmaster.dnssec-failures.test. 1 14400 1800 2419200 300 +dnssec-failures.test. 3600 IN RRSIG SOA 13 2 3600 20010201000000 20001230000000 53876 dnssec-failures.test. K37BIR/jLR4tN1JtTx3MwzgozslvnFtwUquCSfiBykCcKIv6wErSI9Gnw/tjH0tXrLI1eoLa5oWkgtxy0KKybg== +dnssec-failures.test. 3600 IN NS ns.dnssec-failures.test. +dnssec-failures.test. 3600 IN RRSIG NS 13 2 3600 20010201000000 20001230000000 53876 dnssec-failures.test. JP6mYQORwnwwv+2q9UxpeeaVs5/171y3lyc1FKAY3FHmFqjd4Uo0byW8jgk/BrJyVkaDeZbjvuZq+BED0codpw== +dnssec-failures.test. 3600 IN DNSKEY 257 3 13 mx6xe39HZrYCpyC+9YmquHIf1WdWYaDqOfcpXg2Gtv5VJGS/WSO14txlUoKjYCldyRwcg9wT6JAwikpkzWS6UQ== ;{id = 53876 (ksk), size = 256b} +dnssec-failures.test. 3600 IN RRSIG DNSKEY 13 2 3600 20010201000000 20001230000000 53876 dnssec-failures.test. F760TrogHIBkenX7nGr6LEvocTcGAZamfAaiftIkwprBp21/LZ+qotGsFu9YWsxlGqB3KAINXYATjS6AEJfGEQ== +dnssec-failures.test. 300 IN NSEC expired.dnssec-failures.test. NS SOA RRSIG NSEC DNSKEY +dnssec-failures.test. 300 IN RRSIG NSEC 13 2 300 20010201000000 20001230000000 53876 dnssec-failures.test. Zk+RW0mbLSzwvSYuNQJhNdd4XmtQv47CiLtHbqOyS8/xt5Pt87T0v1UxnCkZAlA+VTEWbJkasq06ER1wMuTetA== +expired.dnssec-failures.test. 300 IN RRSIG NSEC 13 3 300 20010201000000 20001230000000 53876 dnssec-failures.test. UAhzOVumQZ2PVspwJS5NyOjZypIaQXfHMiXGEUYaZ161IfQdB3coBx2vF8MHdqbePOl6Z4oa51ltITMlBL+Stw== +missingrrsigs.dnssec-failures.test. 3600 IN TXT "Signatures missing" +missingrrsigs.dnssec-failures.test. 300 IN NSEC notyetincepted.dnssec-failures.test. TXT RRSIG NSEC +missingrrsigs.dnssec-failures.test. 300 IN RRSIG NSEC 13 3 300 20010201000000 20001230000000 53876 dnssec-failures.test. 4phKld6eMt4cxA4w6I1i29uAbdfbwFrkpRGLBWwerUgDbOdDwUm1de6t4QhBys7DtoZb3wIS+DLJYjBNbz7Sig== +notyetincepted.dnssec-failures.test. 300 IN RRSIG NSEC 13 3 300 20010201000000 20001230000000 53876 dnssec-failures.test. ix6Gg9uUZ0A56IQXbDJuBQ3vIm6QipuvzQTKd2wF6kZuEW/53wuy4ROBDIQ4IgnQD17vG8tJNeDOCfj0hh8+dQ== +ns.dnssec-failures.test. 3600 IN A 192.0.2.1 +ns.dnssec-failures.test. 3600 IN RRSIG A 13 3 3600 20010201000000 20001230000000 53876 dnssec-failures.test. PbcykgJEHG218vCkj9pD8W5JVqyCD9VRNOy3SHqCTvWGVAApasdZ7n5wzNVpHdKrqlTpyLwf6z6vv4NMYbEQdw== +ns.dnssec-failures.test. 300 IN NSEC sigsinvalid.dnssec-failures.test. A RRSIG NSEC +ns.dnssec-failures.test. 300 IN RRSIG NSEC 13 3 300 20010201000000 20001230000000 53876 dnssec-failures.test. SEO+C116gcmI0sY4lnIM4DQrUxqyaGIIqlvhxyGrzF9jJopRZB8gflQcYPy5qhIwGZJoEMB+SO4er4LCaS8NwA== +sigsinvalid.dnssec-failures.test. 3600 IN TXT "Signatures INVALID" +sigsinvalid.dnssec-failures.test. 3600 IN RRSIG TXT 13 3 3600 20010201000000 20001230000000 53876 dnssec-failures.test. 3XFjjPt+UyY4ZIj8PAINTtOTh7sk4OIAO5akFDQhqgB/Wv6f7dWdqvl8Y2RIqdh0WQz+nGPRMktS8exA3FKW4Q== +sigsinvalid.dnssec-failures.test. 300 IN NSEC dnssec-failures.test. TXT RRSIG NSEC +sigsinvalid.dnssec-failures.test. 300 IN RRSIG NSEC 13 3 300 20010201000000 20001230000000 53876 dnssec-failures.test. gmft6HYmqZalLwmdnuWBqJod3JD5fRoGqiwYXVFxySm2bHPvz8J9xSe7RdTSONXPUc+7mE8IHYff/gGW7gctqw== +expired.dnssec-failures.test. 3600 IN TXT "Expired" +expired.dnssec-failures.test. 3600 IN RRSIG TXT 13 3 3600 20001230000000 20001201000000 53876 dnssec-failures.test. 8zosYGmmGGcGcBuWaf3oL3TE/hpKDrddtm7ZQGndjmqkZ8CVg6RwFb+8YLqcG5du3Si0rmTuZId+qBOV/pnViA== +notyetincepted.dnssec-failures.test. 3600 IN TXT "Not yet incepted" +notyetincepted.dnssec-failures.test. 3600 IN RRSIG TXT 13 3 3600 20010201000000 20010103000000 53876 dnssec-failures.test. lmk0+oEdnnKa1oujIsMeimuElrKvrUSlBknsfSNqOo07VxJxT2R4qkKc95oiEmeSWHcVTOrXxEhtl4kAAactPg== diff --git a/testdata/ede.tdir/bogus/make-broken-zone.sh b/testdata/ede.tdir/bogus/make-broken-zone.sh index 67b4fcfb2..f93df3978 100755 --- a/testdata/ede.tdir/bogus/make-broken-zone.sh +++ b/testdata/ede.tdir/bogus/make-broken-zone.sh @@ -1,21 +1,28 @@ #!/usr/bin/env bash -# create oudated zones -CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom dnssec-failures.test` -echo $CSK +# This script was used to generate the broken signed zones used for testing. -echo ". IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d" | \ - cat $CSK.ds - > bogus/trust-anchors +# Override the current date; it is used in Unbound's configuration also. +NOW=20010101 # differentiate for MacOS with "gdate" DATE=date which gdate > /dev/null 2>&1 && DATE=gdate -ONEMONTHAGO=`$DATE -d 'now - 1 month' +%Y%m%d` -YESTERDAY=`$DATE -d 'now - 2 days' +%Y%m%d` -TOMORROW=`$DATE -d 'now + 2 days' +%Y%m%d` +ONEMONTHAGO=`$DATE -d "$NOW - 1 month" +%Y%m%d` +ONEMONTH=`$DATE -d "$NOW + 1 month" +%Y%m%d` +YESTERDAY=`$DATE -d "$NOW - 2 days" +%Y%m%d` +TOMORROW=`$DATE -d "$NOW + 2 days" +%Y%m%d` + +# Root trust anchor +echo ". IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d" > bogus/trust-anchors + +# create oudated zones +CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom dnssec-failures.test` +echo $CSK +cat $CSK.ds >> bogus/trust-anchors -ldns-signzone -i $YESTERDAY -f - bogus/dnssec-failures.test $CSK | \ +ldns-signzone -i $YESTERDAY -e $ONEMONTH -f - bogus/dnssec-failures.test $CSK | \ grep -v '^missingrrsigs\.dnssec-failures\.test\..*IN.*RRSIG.*TXT' | \ sed 's/Signatures invalid/Signatures INVALID/g' | \ grep -v '^notyetincepted\.dnssec-failures\.test\..*IN.*TXT' | \ @@ -25,7 +32,7 @@ ldns-signzone -i $YESTERDAY -f - bogus/dnssec-failures.test $CSK | \ ldns-signzone -i $ONEMONTHAGO -e $YESTERDAY -f - bogus/dnssec-failures.test $CSK | \ grep -v '[ ]NSEC[ ]' | \ grep '^expired\.dnssec-failures\.test\..*IN.*TXT' > expired -ldns-signzone -i $TOMORROW -f - bogus/dnssec-failures.test $CSK | \ +ldns-signzone -i $TOMORROW -e $ONEMONTH -f - bogus/dnssec-failures.test $CSK | \ grep -v '[ ]NSEC[ ]' | \ grep '^notyetincepted\.dnssec-failures\.test\..*IN.*TXT' > notyetincepted @@ -33,34 +40,35 @@ cat base expired notyetincepted > bogus/dnssec-failures.test.signed # cleanup old zone keys rm -f $CSK.* + # create zone with DNSKEY missing CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom dnskey-failures.test` echo $CSK cat $CSK.ds >> bogus/trust-anchors -ldns-signzone -f tmp.signed bogus/dnskey-failures.test $CSK +ldns-signzone -i $YESTERDAY -e $ONEMONTH -f tmp.signed bogus/dnskey-failures.test $CSK grep -v ' DNSKEY ' tmp.signed > bogus/dnskey-failures.test.signed - # cleanup old zone keys rm -f $CSK.* + # create zone with NSEC missing CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom nsec-failures.test` echo $CSK cat $CSK.ds >> bogus/trust-anchors -ldns-signzone -f tmp.signed bogus/nsec-failures.test $CSK +ldns-signzone -i $YESTERDAY -e $ONEMONTH -f tmp.signed bogus/nsec-failures.test $CSK grep -v ' NSEC ' tmp.signed > bogus/nsec-failures.test.signed - # cleanup old zone keys rm -f $CSK.* + # create zone with RRSIGs missing CSK=`ldns-keygen -a ECDSAP256SHA256 -k -r /dev/urandom rrsig-failures.test` echo $CSK cat $CSK.ds >> bogus/trust-anchors -ldns-signzone -f tmp.signed bogus/rrsig-failures.test $CSK +ldns-signzone -i $YESTERDAY -e $ONEMONTH -f tmp.signed bogus/rrsig-failures.test $CSK grep -v ' RRSIG ' tmp.signed > bogus/rrsig-failures.test.signed # cleanup diff --git a/testdata/ede.tdir/bogus/nsec-failures.test.signed b/testdata/ede.tdir/bogus/nsec-failures.test.signed new file mode 100644 index 000000000..b63138613 --- /dev/null +++ b/testdata/ede.tdir/bogus/nsec-failures.test.signed @@ -0,0 +1,7 @@ +nsec-failures.test. 3600 IN SOA ns.nsec-failures.test. hostmaster.nsec-failures.test. 1 14400 1800 2419200 300 +nsec-failures.test. 3600 IN RRSIG SOA 13 2 3600 20010201000000 20001230000000 12342 nsec-failures.test. ZdnRF2uI0IDJsHTXsd4TclX9gUEkxjp19LykHuI3DaCKe3bY8uTETta8i73hlKWJWeRjmgQojIsi9tBlivOwjQ== +nsec-failures.test. 3600 IN A 192.0.2.1 +nsec-failures.test. 3600 IN RRSIG A 13 2 3600 20010201000000 20001230000000 12342 nsec-failures.test. /JccCtWkuQgSF81gv6DPsxaicmlJoGAhVpCpR4JGgVz3tZMhIp+iXUGeI+CkBofw9G/MK66Hk937JRmMh9UTvQ== +nsec-failures.test. 3600 IN DNSKEY 257 3 13 41tJnzHY0o3WKid0ZsIo6S5SJdC1JiW0H/KizsAD2phHdi1AIDiBclL+nG2lKvPjMoX2hcMfd8h9DfU99HR3kg== ;{id = 12342 (ksk), size = 256b} +nsec-failures.test. 3600 IN RRSIG DNSKEY 13 2 3600 20010201000000 20001230000000 12342 nsec-failures.test. Y23xTzxdqQBjFsWLlqCRgPKT7raPcP0lAy2tR8trW5+vUAhBePXdVixp4AjoxEqXsLLalAtnJnc4QgH7+HO6PA== +nsec-failures.test. 300 IN RRSIG NSEC 13 2 300 20010201000000 20001230000000 12342 nsec-failures.test. KfpncqGIzIPNB2ExkH22/z0jAPmq8jTTjDkLte29iKqR9t3bSZlcS0MQ2QB7Z6tgks8fo7Zpc9+BvaDq7Y6ONg== diff --git a/testdata/ede.tdir/bogus/rrsig-failures.test.signed b/testdata/ede.tdir/bogus/rrsig-failures.test.signed new file mode 100644 index 000000000..222bdc0c6 --- /dev/null +++ b/testdata/ede.tdir/bogus/rrsig-failures.test.signed @@ -0,0 +1,4 @@ +rrsig-failures.test. 3600 IN SOA ns.rrsig-failures.test. hostmaster.rrsig-failures.test. 1 14400 1800 2419200 300 +rrsig-failures.test. 3600 IN A 192.0.2.1 +rrsig-failures.test. 3600 IN DNSKEY 257 3 13 rIMJ4/qnOb91GuxKzAYiCdPNdEtUhyt+mi1Jz+NPP0rJQdGOhXr37LpctEiKK4isabCXcwYlVtFdDPopa4RufA== ;{id = 13838 (ksk), size = 256b} +rrsig-failures.test. 300 IN NSEC rrsig-failures.test. A SOA RRSIG NSEC DNSKEY diff --git a/testdata/ede.tdir/bogus/trust-anchors b/testdata/ede.tdir/bogus/trust-anchors new file mode 100644 index 000000000..bd20c8702 --- /dev/null +++ b/testdata/ede.tdir/bogus/trust-anchors @@ -0,0 +1,5 @@ +. IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d +dnssec-failures.test. IN DS 53876 13 2 e0207223d847e0d8f3bd2afcf887f727178777a94563b94e1d0be8ca2f070d9a +dnskey-failures.test. IN DS 45928 13 2 9295d5c0d9296599809ce968f994a974d4da7752266ee124ead4ce980c006c20 +nsec-failures.test. IN DS 12342 13 2 b0a994fe4ff12a706b2a47a794601b254a8d28e040832ad6e39e96dbf7736ca2 +rrsig-failures.test. IN DS 13838 13 2 b083d59d2e7ac370e1103bc5ada2a921e4e65745ea8550350b6fcb57eba9f917 diff --git a/testdata/ede.tdir/ede.conf b/testdata/ede.tdir/ede.conf index 13730d42f..639899d13 100644 --- a/testdata/ede.tdir/ede.conf +++ b/testdata/ede.tdir/ede.conf @@ -11,6 +11,7 @@ server: val-log-level: 2 trust-anchor-file: "bogus/trust-anchors" + val-override-date: "20010101020202" module-config: "respip validator iterator" diff --git a/testdata/ede.tdir/ede.pre b/testdata/ede.tdir/ede.pre index e5a0667b0..57e15cc5a 100644 --- a/testdata/ede.tdir/ede.pre +++ b/testdata/ede.tdir/ede.pre @@ -4,7 +4,9 @@ # use .tpkg.var.test for in test variable passing [ -f .tpkg.var.test ] && source .tpkg.var.test +PRE="../.." . ../common.sh + get_random_port 2 UNBOUND_PORT=$RND_PORT UNBOUND_PORT2=$(($RND_PORT + 1)) @@ -16,11 +18,7 @@ sed -e 's/@PORT\@/'$UNBOUND_PORT'/' < ede.conf > temp.conf sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < temp.conf > ub.conf sed -e 's/@PORT2\@/'$UNBOUND_PORT2'/' < ede-auth.conf > ub2.conf -# create broken dnssec zone -bogus/make-broken-zone.sh - # start unbound in the background -PRE="../.." $PRE/unbound -d -c ub.conf > unbound.log 2>&1 & UNBOUND_PID=$! echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test @@ -30,8 +28,6 @@ $PRE/unbound -d -c ub2.conf > unbound2.log 2>&1 & UNBOUND_PID2=$! echo "UNBOUND_PID2=$UNBOUND_PID2" >> .tpkg.var.test - cat .tpkg.var.test wait_unbound_up unbound.log wait_unbound_up unbound2.log -