From: Matthijs Mekking Date: Mon, 24 Feb 2025 10:36:53 +0000 (+0100) Subject: Fix a key generation issue in the tests X-Git-Tag: v9.21.7~39^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b93cb2e80e222ff610d0403262fec841e0c7a699;p=thirdparty%2Fbind9.git Fix a key generation issue in the tests The dnssec-keygen command for the ZSK generation for the zone multisigner-model2.kasp was wrong (no ZSK was generated in the setup script, but when 'named' is started, the missing ZSK was created anyway by 'dnssec-policy'. --- diff --git a/bin/tests/system/kasp/ns3/setup.sh b/bin/tests/system/kasp/ns3/setup.sh index bd7ee71dedd..6985b6f7e25 100644 --- a/bin/tests/system/kasp/ns3/setup.sh +++ b/bin/tests/system/kasp/ns3/setup.sh @@ -130,7 +130,7 @@ $KEYGEN -G -k rsasha256 -l policies/kasp.conf $zone >keygen.out.$zone.2 2>&1 zone="multisigner-model2.kasp" echo_i "setting up zone: $zone" KSK=$($KEYGEN -a $DEFAULT_ALGORITHM -f KSK -L 3600 -M 32768:65535 $zone 2>keygen.out.$zone.1) -ZSK=$($KEYGEN -a $DEFAULT_ALGORITHM -L 3600 $zone -M 32768:65535 2>keygen.out.$zone.2) +ZSK=$($KEYGEN -a $DEFAULT_ALGORITHM -L 3600 -M 32768:65535 $zone 2>keygen.out.$zone.2) cat "${KSK}.key" | grep -v ";.*" >>"${zone}.db" cat "${ZSK}.key" | grep -v ";.*" >>"${zone}.db" # Import the ZSK sets of the other providers into their DNSKEY RRset.