Randomize NSEC3 salt

This should prevent the case where are are unlucky enough that static
values hash 'just right' for the test to pass, but only accidentally.

diff --git a/bin/tests/system/nsec3-answer/ns1/sign.sh b/bin/tests/system/nsec3-answer/ns1/sign.sh
index c91bbdbd64fecd5428228f01dcc22c5d5c3994d8..78e33119f6dff4fccdae6ed4c798be8fdd5f12c5 100644 (file)
--- a/bin/tests/system/nsec3-answer/ns1/sign.sh
+++ b/bin/tests/system/nsec3-answer/ns1/sign.sh
@@ -27,6 +27,8 @@ zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
 
 cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile"
 
-"$SIGNER" -3 - -o "$zone" "$zonefile" 2>&1 >"$zonefile.sign.log"
+SALT="$(printf "%04x" "$(($(date +%s) / 3600 % 65536))")"
+echo_ic "NSEC3 salt for this hour: $SALT"
+"$SIGNER" -3 "$SALT" -o "$zone" "$zonefile" 2>&1 >"$zonefile.sign.log"
 
 keyfile_to_initial_ds "$ksk" >managed-keys.conf