From: Evan Hunt <each@isc.org>
Date: Fri, 28 Mar 2025 02:59:53 +0000 (-0700)
Subject: Fix out-of-tree test
X-Git-Tag: v9.21.7~14^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25690af358716306ff530d9ca0985d4a373e75da;p=thirdparty%2Fbind9.git

Fix out-of-tree test

A recent change to the dnssec system test depended on a file
that is only in the source tree, not in the build tree, and was
therefore not available in out-of-tree builds.
---

diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh
index 63d2c58ff9f..90286fb3e6f 100644
--- a/bin/tests/system/dnssec/ns1/sign.sh
+++ b/bin/tests/system/dnssec/ns1/sign.sh
@@ -65,3 +65,9 @@ cp managed.conf ../ns4/managed.conf
 #
 
 keyfile_to_key_id "$ksk" >managed.key.id
+
+#
+# Also generate a broken trusted-keys file for the dnssec test.
+#
+broken=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" .)
+keyfile_to_static_ds "$broken" >../ns4/broken.conf
diff --git a/bin/tests/system/dnssec/ns4/named5.conf.in b/bin/tests/system/dnssec/ns4/named5.conf.in
index 16c81264e1b..dae14c328b0 100644
--- a/bin/tests/system/dnssec/ns4/named5.conf.in
+++ b/bin/tests/system/dnssec/ns4/named5.conf.in
@@ -27,11 +27,12 @@ options {
 
 };
 
-# Note: This is deliberately wrong! The bind.keys file contains
-# the real DNS root key, so it won't work with the local toy
-# root zones used in the tests. This is to test a forwarder
-# talking to a resolver with a misconfigured trust anchor.
-include "../../../../../bind.keys";
+# Note: This contains a deliberately incorrect key,
+# so it won't work with the root zones used in the tests;
+# all signed data should SERVFAIL. This is to test the case
+# of a validating forwarder talking to a resolver that has
+# a misconfigured trust anchor.
+include "broken.conf";
 
 key rndc_key {
 	secret "1234abcd8765";
diff --git a/bin/tests/system/dnssec/tests_sh_dnssec.py b/bin/tests/system/dnssec/tests_sh_dnssec.py
index 91a8ba24eb6..ac952824525 100644
--- a/bin/tests/system/dnssec/tests_sh_dnssec.py
+++ b/bin/tests/system/dnssec/tests_sh_dnssec.py
@@ -147,6 +147,7 @@ pytestmark = pytest.mark.extra_artifacts(
         "ns3/upper.example.db",
         "ns3/upper.example.db.lower",
         "ns3/ds-unsupported.example.db",
+        "ns4/broken.conf",
         "ns4/managed.conf",
         "ns4/managed-keys.bind",
         "ns4/named.secroots",