git.ipfire.org Git - thirdparty/bind9.git/commit

author	Matthijs Mekking <matthijs@isc.org>
	Wed, 19 Mar 2025 13:37:28 +0000 (14:37 +0100)
committer	Matthijs Mekking <matthijs@isc.org>
	Wed, 18 Jun 2025 12:20:45 +0000 (12:20 +0000)
commit	ffccf1fe8bdc132875333081f61efeead351aa53
tree	7b977429801cc81f8ae430b4913984281476d183	tree \| snapshot
parent	62adf9957f8cdde85737ac9b299a950dd3cd9655	commit \| diff

Convert going insecure kasp test to pytest

When going insecure, we publish CDS and CDNSKEY DELETE records. Update
the check_apex function to test this.

Also, skip some tests in the 'check_rollover_step()' function. If
we change the DNSSEC Policy, keys that no longer match the policy will
be retired. When this exactly happens is hard to determine, as it
happens on the reconfigure. So for these tests, we skip the key timing
metadata checks.

Also, the zone becomes unsigned, so don't call 'check_zone_is_signed'
in those cases.

(cherry picked from commit b1d8217d1a39f798983152345f29c48ffa2427f9)

bin/tests/system/isctest/kasp.py		diff \| blob \| blame \| history
bin/tests/system/kasp/ns6/named.conf.in		diff \| blob \| blame \| history
bin/tests/system/kasp/ns6/named2.conf.in		diff \| blob \| blame \| history
bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in		diff \| blob \| blame \| history
bin/tests/system/kasp/ns6/setup.sh		diff \| blob \| blame \| history
bin/tests/system/kasp/tests.sh		diff \| blob \| blame \| history
bin/tests/system/rollover/ns6/kasp.conf.j2		diff \| blob \| blame \| history
bin/tests/system/rollover/ns6/named.conf.j2		diff \| blob \| blame \| history
bin/tests/system/rollover/ns6/named2.conf.j2		diff \| blob \| blame \| history
bin/tests/system/rollover/ns6/setup.sh		diff \| blob \| blame \| history
bin/tests/system/rollover/tests_rollover.py		diff \| blob \| blame \| history