silence a spurious dnssec-keygen warning in the dnssec system test

the occluded-key test creates both a KEY and a DNSKEY. the second
call to dnssec-keygen calls dns_dnssec_findmatchingkeys(), which causes
a spurious warning to be printed when it sees the type KEY record.
this should be fixed in dnssec.c, but the meantime this change silences
the warning by reversing the order in which the keys are created.

(cherry picked from commit 6661db95641f3944378e4d1a52fea116725fdcd1)

diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh
index ac3317c9610ef49175fa5e46f016411b87507f19..3cc4decf7fb4ca06fdaf21c0f2da5df5ade614dc 100644 (file)
--- a/bin/tests/system/dnssec/ns3/sign.sh
+++ b/bin/tests/system/dnssec/ns3/sign.sh
@@ -598,8 +598,8 @@ infile=occluded.example.db.in
 zonefile=occluded.example.db
 kskname=`"$KEYGEN" -q -r $RANDFILE -a RSASHA256 -fk "$zone"`
 zskname=`"$KEYGEN" -q -r $RANDFILE -a RSASHA256 "$zone"`
-keyname=`"$KEYGEN" -q -r $RANDFILE -a RSASHA1 -n ENTITY -T KEY "delegation.$zone"`
 dnskeyname=`"$KEYGEN" -q -r $RANDFILE -a RSASHA256 -fk "delegation.$zone"`
+keyname=`"$KEYGEN" -q -r $RANDFILE -a RSASHA1 -n ENTITY -T KEY "delegation.$zone"`
 $DSFROMKEY "$dnskeyname.key" > "dsset-delegation.${zone}$TP"
 cat "$infile" "${kskname}.key" "${zskname}.key" "${keyname}.key" \
     "${dnskeyname}.key" "dsset-delegation.${zone}$TP" >"$zonefile"