From: Ondřej Surý Date: Thu, 7 Nov 2019 09:07:14 +0000 (+0100) Subject: Clean the rest of the shellcheck errors X-Git-Tag: v9.15.6~24^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91498f8b9b2c79174281be5b1b4e66f5272dd3f8;p=thirdparty%2Fbind9.git Clean the rest of the shellcheck errors --- diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh index 61a5a7c98b6..8fede0f1128 100644 --- a/bin/tests/system/kasp/tests.sh +++ b/bin/tests/system/kasp/tests.sh @@ -105,15 +105,15 @@ key_clear "KEY3" # Call dig with default options. dig_with_opts() { if [ -n "$TSIG" ]; then - "$DIG" +tcp +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" -y "$TSIG" "$@" + "$DIG" +tcp +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" -y "$TSIG" "$@" else - "$DIG" +tcp +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@" + "$DIG" +tcp +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@" fi } # RNDC. rndccmd() { - "$RNDC" -c "$SYSTEMTESTTOP/common/rndc.conf" -p "$CONTROLPORT" -s "$@" + "$RNDC" -c "$SYSTEMTESTTOP/common/rndc.conf" -p "$CONTROLPORT" -s "$@" } # Print IDs of keys used for generating RRSIG records for RRsets of type $1 @@ -131,11 +131,11 @@ get_keyids() { _dir=$1 _zone=$2 _algorithm=$(printf "%03d" "$3") - _start="${_dir}/K${_zone}.+${_algorithm}+" + _start="K${_zone}.+${_algorithm}+" _end=".key" if [ "$_algorithm" -ne 0 ]; then - ls "${_start}"*${_end} | sed "s/$_dir\/K${_zone}.+${_algorithm}+\([0-9]\{5\}\)${_end}/\1/" + find "${_dir}" -mindepth 1 -maxdepth 1 -name "${_start}*${_end}" | sed "s/$_dir\/K${_zone}.+${_algorithm}+\([0-9]\{5\}\)${_end}/\1/" fi } @@ -181,10 +181,10 @@ key_properties() { key_set "$1" "ROLE" "$2" key_set "$1" "KSK" "no" key_set "$1" "ZSK" "no" - test "$2" == "ksk" && key_set "$1" "KSK" "yes" - test "$2" == "zsk" && key_set "$1" "ZSK" "yes" - test "$2" == "csk" && key_set "$1" "KSK" "yes" - test "$2" == "csk" && key_set "$1" "ZSK" "yes" + test "$2" = "ksk" && key_set "$1" "KSK" "yes" + test "$2" = "zsk" && key_set "$1" "ZSK" "yes" + test "$2" = "csk" && key_set "$1" "KSK" "yes" + test "$2" = "csk" && key_set "$1" "ZSK" "yes" key_set "$1" "LIFETIME" "$3" key_set "$1" "ALG_NUM" "$4" key_set "$1" "ALG_STR" "$5" @@ -469,7 +469,7 @@ n=$((n+1)) echo_i "check that 'dnssec-keygen -k' (configured policy) creates valid files ($n)" ret=0 $KEYGEN -K keys -k "$POLICY" -l kasp.conf "$ZONE" > "keygen.out.$POLICY.test$n" 2>/dev/null || ret=1 -lines=$(cat "keygen.out.$POLICY.test$n" | wc -l) +lines=$(wc -l < "keygen.out.$POLICY.test$n") test "$lines" -eq 4 || log_error "wrong number of keys created for policy kasp: $lines" # Temporarily don't log errors because we are searching multiple files. _log=0 @@ -477,7 +477,7 @@ _log=0 key_properties "KEY1" "csk" "31536000" "13" "ECDSAP256SHA256" "256" "yes" "yes" key_timings "KEY1" "none" "none" "none" "none" "none" key_states "KEY1" "none" "none" "none" "none" "none" -id=$(get_keyids "$DIR" "$ZONE" $(key_get KEY1 ALG_NUM)) +id=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") check_key "KEY1" "$id" test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -494,7 +494,7 @@ key_properties "KEY3" "zsk" "16070400" "8" "RSASHA256" "2000" "yes" "no" key_timings "KEY3" "none" "none" "none" "none" "none" key_states "KEY3" "none" "none" "none" "none" "none" -ids=$(get_keyids "$DIR" "$ZONE" $(key_get KEY1 ALG_NUM)) +ids=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") for id in $ids; do # There are three key files with the same algorithm. # Check them until a match is found. @@ -520,9 +520,9 @@ key_properties "KEY1" "csk" "0" "13" "ECDSAP256SHA256" "256" "yes" "yes" key_timings "KEY1" "none" "none" "none" "none" "none" key_states "KEY1" "none" "none" "none" "none" "none" $KEYGEN -k "$POLICY" "$ZONE" > "keygen.out.$POLICY.test$n" 2>/dev/null || ret=1 -lines=$(cat keygen.out.default.test$n | wc -l) +lines=$(wc -l < "keygen.out.default.test$n") test "$lines" -eq 1 || log_error "wrong number of keys created for policy default: $lines" -id=$(get_keyids "$DIR" "$ZONE" $(key_get KEY1 ALG_NUM)) +id=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") check_key "KEY1" "$id" test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -535,9 +535,9 @@ key_properties "KEY1" "csk" "0" "13" "ECDSAP256SHA256" "256" "yes" "yes" key_timings "KEY1" "none" "none" "none" "none" "none" key_states "KEY1" "none" "none" "none" "none" "none" $KEYGEN -k "$POLICY" "$ZONE" > "keygen.out.$POLICY.test$n" 2>/dev/null || ret=1 -lines=$(cat "keygen.out.$POLICY.test$n" | wc -l) +lines=$(wc -l < "keygen.out.$POLICY.test$n") test "$lines" -eq 1 || log_error "wrong number of keys created for policy default: $lines" -id=$(get_keyids "$DIR" "$ZONE" $(key_get KEY1 ALG_NUM)) +id=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") check_key "KEY1" "$id" test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -611,12 +611,12 @@ i=0 while [ $i -lt 30 ] do ret=0 - for z in $(cat ns3/zones) + while read -r zone do - dig_with_opts "$z" @10.53.0.3 nsec > "dig.out.ns3.test$n.$z" || ret=1 - grep "NS SOA" "dig.out.ns3.test$n.$z" > /dev/null || ret=1 - grep "$z\..*IN.*RRSIG" "dig.out.ns3.test$n.$z" > /dev/null || ret=1 - done + dig_with_opts "$zone" @10.53.0.3 nsec > "dig.out.ns3.test$n.$zone" || ret=1 + grep "NS SOA" "dig.out.ns3.test$n.$zone" > /dev/null || ret=1 + grep "$zone\..*IN.*RRSIG" "dig.out.ns3.test$n.$zone" > /dev/null || ret=1 + done < ns3/zones i=$((i+1)) if [ $ret = 0 ]; then break; fi echo_i "waiting ... ($i)" @@ -640,7 +640,7 @@ key_states "KEY1" "omnipresent" "rumoured" "rumoured" "rumoured" "hidden" n=$((n+1)) echo_i "check key is created for zone ${ZONE} ($n)" ret=0 -id=$(get_keyids "$DIR" "$ZONE" $(key_get KEY1 ALG_NUM)) +id=$(get_keyids "$DIR" "$ZONE" "$(key_get KEY1 ALG_NUM)") check_key "KEY1" "$id" test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -819,25 +819,25 @@ check_signatures() { _file=$2 _role=$3 - if [ "$_role" = "$KSK" ]; then - _expect_type=$EXPECT_KRRSIG - elif [ "$_role" = "$ZSK" ]; then - _expect_type=$EXPECT_ZRRSIG + if [ "$_role" = "KSK" ]; then + _expect_type=EXPECT_KRRSIG + elif [ "$_role" = "ZSK" ]; then + _expect_type=EXPECT_ZRRSIG fi - if [ "$(key_get KEY1 _expect_type)" = "yes" ] && [ "$(key_get KEY1 _role)" = "yes" ]; then + if [ "$(key_get KEY1 "$_expect_type")" = "yes" ] && [ "$(key_get KEY1 "$_role")" = "yes" ]; then get_keys_which_signed "$_qtype" "$_file" | grep "^$(key_get KEY1 ID)$" > /dev/null || log_error "${_qtype} RRset not signed with key $(key_get KEY1 ID)" elif [ "$(key_get KEY1 EXPECT)" = "yes" ]; then get_keys_which_signed "$_qtype" "$_file" | grep "^$(key_get KEY1 ID)$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key $(key_get KEY1 ID)" fi - if [ "$(key_get KEY2 _expect_type)" = "yes" ] && [ "$(key_get KEY2 _role)" = "yes" ]; then + if [ "$(key_get KEY2 "$_expect_type")" = "yes" ] && [ "$(key_get KEY2 "$_role")" = "yes" ]; then get_keys_which_signed "$_qtype" "$_file" | grep "^$(key_get KEY2 ID)$" > /dev/null || log_error "${_qtype} RRset not signed with key $(key_get KEY2 ID)" elif [ "$(key_get KEY2 EXPECT)" = "yes" ]; then get_keys_which_signed "$_qtype" "$_file" | grep "^$(key_get KEY2 ID)$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key $(key_get KEY2 ID)" fi - if [ "$(key_get KEY3 _expect_type)" = "yes" ] && [ "$(key_get KEY3 _role)" = "yes" ]; then + if [ "$(key_get KEY3 "$_expect_type")" = "yes" ] && [ "$(key_get KEY3 "$_role")" = "yes" ]; then get_keys_which_signed "$_qtype" "$_file" | grep "^$(key_get KEY3 ID)$" > /dev/null || log_error "${_qtype} RRset not signed with key $(key_get KEY3 ID)" elif [ "$(key_get KEY3 EXPECT)" = "yes" ]; then get_keys_which_signed "$_qtype" "$_file" | grep "^$(key_get KEY3 ID)$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key $(key_get KEY3 ID)" @@ -858,21 +858,21 @@ check_cds() { if [ "$(key_get KEY1 STATE_DS)" = "rumoured" ] || [ "$(key_get KEY1 STATE_DS)" = "omnipresent" ]; then grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY1 ID).*${_key_algnum}.*2" "dig.out.$DIR.test$n" > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY1 ID)" - check_signatures $_qtype "dig.out.$DIR.test$n" "$KSK" + check_signatures $_qtype "dig.out.$DIR.test$n" "KSK" elif [ "$(key_get KEY1 EXPECT)" = "yes" ]; then grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY1 ID).*${_key_algnum}.*2" "dig.out.$DIR.test$n" > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY1 ID)" fi if [ "$(key_get KEY2 STATE_DS)" = "rumoured" ] || [ "$(key_get KEY2 STATE_DS)" = "omnipresent" ]; then grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY2 ID).*${_key_algnum}.*2" "dig.out.$DIR.test$n" > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY2 ID)" - check_signatures $_qtype "dig.out.$DIR.test$n" "$KSK" + check_signatures $_qtype "dig.out.$DIR.test$n" "KSK" elif [ "$(key_get KEY2 EXPECT)" = "yes" ]; then grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY2 ID).*${_key_algnum}.*2" "dig.out.$DIR.test$n" > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY2 ID)" fi if [ "$(key_get KEY3 STATE_DS)" = "rumoured" ] || [ "$(key_get KEY3 STATE_DS)" = "omnipresent" ]; then grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY3 ID).*${_key_algnum}.*2" "dig.out.$DIR.test$n" > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY3 ID)" - check_signatures $_qtype "dig.out.$DIR.test$n" "$KSK" + check_signatures $_qtype "dig.out.$DIR.test$n" "KSK" elif [ "$(key_get KEY3 EXPECT)" = "yes" ]; then grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY3 ID).*${_key_algnum}.*2" "dig.out.$DIR.test$n" > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY3 ID)" fi @@ -896,7 +896,7 @@ check_apex() { if [ "$(key_get KEY1 STATE_DNSKEY)" = "rumoured" ] || [ "$(key_get KEY1 STATE_DNSKEY)" = "omnipresent" ]; then grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" "dig.out.$DIR.test$n" > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY1 ID)" - check_signatures $_qtype "dig.out.$DIR.test$n" "$KSK" + check_signatures $_qtype "dig.out.$DIR.test$n" "KSK" numkeys=$((numkeys+1)) elif [ "$(key_get KEY1 EXPECT)" = "yes" ]; then grep "${ZONE}\.*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" "dig.out.$DIR.test$n" > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY1 ID)" @@ -904,7 +904,7 @@ check_apex() { if [ "$(key_get KEY2 STATE_DNSKEY)" = "rumoured" ] || [ "$(key_get KEY2 STATE_DNSKEY)" = "omnipresent" ]; then grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" "dig.out.$DIR.test$n" > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY2 ID)" - check_signatures $_qtype "dig.out.$DIR.test$n" "$KSK" + check_signatures $_qtype "dig.out.$DIR.test$n" "KSK" numkeys=$((numkeys+1)) elif [ "$(key_get KEY2 EXPECT)" = "yes" ]; then grep "${ZONE}\.*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" "dig.out.$DIR.test$n" > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY2 ID)" @@ -912,14 +912,14 @@ check_apex() { if [ "$(key_get KEY3 STATE_DNSKEY)" = "rumoured" ] || [ "$(key_get KEY3 STATE_DNSKEY)" = "omnipresent" ]; then grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" "dig.out.$DIR.test$n" > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY3 ID)" - check_signatures $_qtype "dig.out.$DIR.test$n" "$KSK" + check_signatures $_qtype "dig.out.$DIR.test$n" "KSK" numkeys=$((numkeys+1)) elif [ "$(key_get KEY3 EXPECT)" = "yes" ]; then grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" "dig.out.$DIR.test$n" > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY3 ID)" fi lines=$(get_keys_which_signed $_qtype "dig.out.$DIR.test$n" | wc -l) - check_signatures $_qtype "dig.out.$DIR.test$n" "$KSK" + check_signatures $_qtype "dig.out.$DIR.test$n" "KSK" test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -932,7 +932,7 @@ check_apex() { grep "status: NOERROR" "dig.out.$DIR.test$n" > /dev/null || log_error "mismatch status in DNS response" grep "${ZONE}\..*${DEFAULT_TTL}.*IN.*${_qtype}.*" "dig.out.$DIR.test$n" > /dev/null || log_error "missing ${_qtype} record in response" lines=$(get_keys_which_signed $_qtype "dig.out.$DIR.test$n" | wc -l) - check_signatures $_qtype "dig.out.$DIR.test$n" "$ZSK" + check_signatures $_qtype "dig.out.$DIR.test$n" "ZSK" test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -950,7 +950,7 @@ check_subdomain() { grep "status: NOERROR" "dig.out.$DIR.test$n" > /dev/null || log_error "mismatch status in DNS response" grep "a.${ZONE}\..*${DEFAULT_TTL}.*IN.*${_qtype}.*10\.0\.0\.1" "dig.out.$DIR.test$n" > /dev/null || log_error "missing a.${ZONE} ${_qtype} record in response" lines=$(get_keys_which_signed $_qtype "dig.out.$DIR.test$n" | wc -l) - check_signatures $_qtype "dig.out.$DIR.test$n" "$ZSK" + check_signatures $_qtype "dig.out.$DIR.test$n" "ZSK" test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) } @@ -1060,13 +1060,13 @@ do dig_with_opts "a.${ZONE}" "@${SERVER}" A > "dig.out.$DIR.test$n.a" || log_error "dig a.${ZONE} A failed" grep "status: NOERROR" "dig.out.$DIR.test$n.a" > /dev/null || log_error "mismatch status in DNS response" grep "a.${ZONE}\..*${DEFAULT_TTL}.*IN.*A.*10\.0\.0\.11" "dig.out.$DIR.test$n.a" > /dev/null || log_error "missing a.${ZONE} A record in response" - check_signatures $_qtype "dig.out.$DIR.test$n.a" "$ZSK" + check_signatures $_qtype "dig.out.$DIR.test$n.a" "ZSK" dig_with_opts "d.${ZONE}" "@${SERVER}" A > "dig.out.$DIR.test$n.d" || log_error "dig d.${ZONE} A failed" grep "status: NOERROR" "dig.out.$DIR.test$n.d" > /dev/null || log_error "mismatch status in DNS response" grep "d.${ZONE}\..*${DEFAULT_TTL}.*IN.*A.*10\.0\.0\.4" "dig.out.$DIR.test$n.d" > /dev/null || log_error "missing d.${ZONE} A record in response" lines=$(get_keys_which_signed A "dig.out.$DIR.test$n.d" | wc -l) - check_signatures $_qtype "dig.out.$DIR.test$n.d" "$ZSK" + check_signatures $_qtype "dig.out.$DIR.test$n.d" "ZSK" i=$((i+1)) if [ $ret = 0 ]; then break; fi