From: Matthijs Mekking Date: Fri, 28 Nov 2025 11:42:21 +0000 (+0100) Subject: rollover-straight2none: From setup.sh to pytest bootstrap X-Git-Tag: v9.21.17~22^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=da04c75cecd708d4076796382d80569ac9e89949;p=thirdparty%2Fbind9.git rollover-straight2none: From setup.sh to pytest bootstrap Similar to rollover-going-insecure. --- diff --git a/bin/tests/system/rollover-straight2none/ns1 b/bin/tests/system/rollover-straight2none/ns1 new file mode 120000 index 00000000000..76608beaedd --- /dev/null +++ b/bin/tests/system/rollover-straight2none/ns1 @@ -0,0 +1 @@ +../rollover/ns1 \ No newline at end of file diff --git a/bin/tests/system/rollover-straight2none/ns2 b/bin/tests/system/rollover-straight2none/ns2 new file mode 120000 index 00000000000..41a09bb648b --- /dev/null +++ b/bin/tests/system/rollover-straight2none/ns2 @@ -0,0 +1 @@ +../rollover/ns2 \ No newline at end of file diff --git a/bin/tests/system/rollover-straight2none/ns3/kasp.conf b/bin/tests/system/rollover-straight2none/ns3/kasp.conf new file mode 120000 index 00000000000..647bd04b4dd --- /dev/null +++ b/bin/tests/system/rollover-straight2none/ns3/kasp.conf @@ -0,0 +1 @@ +../../rollover-going-insecure/ns3/kasp.conf \ No newline at end of file diff --git a/bin/tests/system/rollover-straight2none/ns3/kasp.conf.j2 b/bin/tests/system/rollover-straight2none/ns3/kasp.conf.j2 deleted file mode 120000 index 909d9909ee8..00000000000 --- a/bin/tests/system/rollover-straight2none/ns3/kasp.conf.j2 +++ /dev/null @@ -1 +0,0 @@ -../../rollover-going-insecure/ns3/kasp.conf.j2 \ No newline at end of file diff --git a/bin/tests/system/rollover-straight2none/ns3/template.db.in b/bin/tests/system/rollover-straight2none/ns3/template.db.in deleted file mode 120000 index ce6d526285a..00000000000 --- a/bin/tests/system/rollover-straight2none/ns3/template.db.in +++ /dev/null @@ -1 +0,0 @@ -../../rollover/ns3/template.db.in \ No newline at end of file diff --git a/bin/tests/system/rollover-straight2none/ns3/template.db.j2.manual b/bin/tests/system/rollover-straight2none/ns3/template.db.j2.manual new file mode 120000 index 00000000000..38619a01b24 --- /dev/null +++ b/bin/tests/system/rollover-straight2none/ns3/template.db.j2.manual @@ -0,0 +1 @@ +../../rollover/ns3/template.db.j2.manual \ No newline at end of file diff --git a/bin/tests/system/rollover-straight2none/ns3/trusted.conf.j2 b/bin/tests/system/rollover-straight2none/ns3/trusted.conf.j2 new file mode 120000 index 00000000000..cb0be77b220 --- /dev/null +++ b/bin/tests/system/rollover-straight2none/ns3/trusted.conf.j2 @@ -0,0 +1 @@ +../../_common/trusted.conf.j2 \ No newline at end of file diff --git a/bin/tests/system/rollover-straight2none/setup.sh b/bin/tests/system/rollover-straight2none/setup.sh deleted file mode 100644 index 790b0e22cec..00000000000 --- a/bin/tests/system/rollover-straight2none/setup.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -e - -# Copyright (C) Internet Systems Consortium, Inc. ("ISC") -# -# SPDX-License-Identifier: MPL-2.0 -# -# This Source Code Form is subject to the terms of the Mozilla Public -# License, v. 2.0. If a copy of the MPL was not distributed with this -# file, you can obtain one at https://mozilla.org/MPL/2.0/. -# -# See the COPYRIGHT file distributed with this work for additional -# information regarding copyright ownership. - -# shellcheck source=conf.sh -. ../conf.sh - -cd "ns3" - -setup() { - zone="$1" - echo_i "setting up zone: $zone" - zonefile="${zone}.db" - infile="${zone}.db.infile" -} - -# Make lines shorter by storing key states in environment variables. -H="HIDDEN" -R="RUMOURED" -O="OMNIPRESENT" -U="UNRETENTIVE" - -# These zones are going straight to "none" policy. This is undefined behavior. -T="now-10d" -S="now-12955mi" -csktimes="-P $T -A $T -P sync $S" - -setup going-straight-to-none.kasp -echo "$zone" >>zones -CSK=$($KEYGEN -k default $csktimes $zone 2>keygen.out.$zone.1) -$SETTIME -s -g $O -k $O $TactN -z $O $TactN -r $O $TactN -d $O $TactN "$CSK" >settime.out.$zone.1 2>&1 -cat template.db.in "${CSK}.key" >"$infile" -private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >>"$infile" -cp $infile $zonefile -$SIGNER -S -z -x -s now-1h -e now+2w -o $zone -O raw -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1 - -setup going-straight-to-none-dynamic.kasp -echo "$zone" >>zones -CSK=$($KEYGEN -k default $csktimes $zone 2>keygen.out.$zone.1) -$SETTIME -s -g $O -k $O $TactN -z $O $TactN -r $O $TactN -d $O $TactN "$CSK" >settime.out.$zone.1 2>&1 -cat template.db.in "${CSK}.key" >"$infile" -private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >>"$infile" -cp $infile $zonefile -$SIGNER -S -z -x -s now-1h -e now+2w -o $zone -O full -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1 diff --git a/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_initial.py b/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_initial.py index 098108a6f54..c38e5ddd491 100644 --- a/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_initial.py +++ b/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_initial.py @@ -22,6 +22,28 @@ from rollover.common import ( DURATION, DEFAULT_CONFIG, ) +from rollover.setup import ( + configure_root, + configure_tld, + configure_straight2none, +) + + +def bootstrap(): + data = { + "tlds": [], + "trust_anchors": [], + } + + tlds = [] + tld_name = "kasp" + delegations = configure_straight2none(tld_name) + tld = configure_tld(tld_name, delegations) + tlds.append(tld) + data["tlds"].append(tld_name) + ta = configure_root(tlds) + data["trust_anchors"].append(ta) + return data @pytest.mark.parametrize( diff --git a/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_reconfig.py b/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_reconfig.py index e5fe16aa3d7..5cfb49653b5 100644 --- a/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_reconfig.py +++ b/bin/tests/system/rollover-straight2none/tests_rollover_straight2none_reconfig.py @@ -22,6 +22,28 @@ from rollover.common import ( DURATION, DEFAULT_CONFIG, ) +from rollover.setup import ( + configure_root, + configure_tld, + configure_straight2none, +) + + +def bootstrap(): + data = { + "tlds": [], + "trust_anchors": [], + } + + tlds = [] + tld_name = "kasp" + delegations = configure_straight2none(tld_name) + tld = configure_tld(tld_name, delegations) + tlds.append(tld) + data["tlds"].append(tld_name) + ta = configure_root(tlds) + data["trust_anchors"].append(ta) + return data @pytest.fixture(scope="module", autouse=True) diff --git a/bin/tests/system/rollover/setup.py b/bin/tests/system/rollover/setup.py index 60987397321..047a59dd6e4 100644 --- a/bin/tests/system/rollover/setup.py +++ b/bin/tests/system/rollover/setup.py @@ -1355,6 +1355,45 @@ def configure_going_insecure(tld: str, reconfig: bool = False) -> List[Zone]: return zones +def configure_straight2none(tld: str) -> List[Zone]: + # These zones are going straight to "none" policy. This is undefined behavior. + zones = [] + keygen = CmdHelper("KEYGEN", "-k default") + settime = CmdHelper("SETTIME", "-s") + + TpubN = "now-10d" + TsbmN = "now-12955mi" + keytimes = f"-P {TpubN} -A {TpubN} -P sync {TsbmN}" + + zonename = f"going-straight-to-none.{tld}" + zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3"))) + isctest.log.info(f"setup {zonename}") + # Key generation. + csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip() + settime( + f"-g OMNIPRESENT -k OMNIPRESENT {TpubN} -r OMNIPRESENT {TpubN} -z OMNIPRESENT {TpubN} -d OMNIPRESENT {TpubN} {csk_name}", + cwd="ns3", + ) + # Signing. + render_and_sign_zone(zonename, [csk_name], extra_options="-z") + + zonename = f"going-straight-to-none-dynamic.{tld}" + zones.append( + Zone(zonename, f"{zonename}.db.signed", Nameserver("ns3", "10.53.0.3")) + ) + isctest.log.info(f"setup {zonename}") + # Key generation. + csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip() + settime( + f"-g OMNIPRESENT -k OMNIPRESENT {TpubN} -r OMNIPRESENT {TpubN} -z OMNIPRESENT {TpubN} -d OMNIPRESENT {TpubN} {csk_name}", + cwd="ns3", + ) + # Signing. + render_and_sign_zone(zonename, [csk_name], extra_options="-z -O full") + + return zones + + def configure_ksk_doubleksk(tld: str) -> List[Zone]: # The zones at ksk-doubleksk.$tld represent the various steps of a KSK # Double-KSK rollover.