From 22d688f656d839fd4991157d0211a774d758358d Mon Sep 17 00:00:00 2001 From: Evan Hunt Date: Thu, 13 Mar 2025 19:57:24 -0700 Subject: [PATCH] Remove -n option from dnssec-keygen/keyfromlabel The -n (nametype) option for keys defaults to ZONE for DNSKEY type keys, and HOST for KEY type keys. There is currently no practical reason to use any other name type; we can simplify things by removing the option. --- bin/dnssec/dnssec-keyfromlabel.c | 38 +----- bin/dnssec/dnssec-keyfromlabel.rst | 10 +- bin/dnssec/dnssec-keygen.c | 37 +----- bin/dnssec/dnssec-keygen.rst | 10 +- bin/tests/system/checkds/ns1/setup.sh | 4 +- bin/tests/system/digdelv/ns1/sign.sh | 2 +- bin/tests/system/digdelv/ns2/sign.sh | 4 +- bin/tests/system/dnssec/ns1/sign.sh | 4 +- bin/tests/system/dnssec/ns2/sign.sh | 116 +++++++++---------- bin/tests/system/dnssec/ns3/sign.sh | 90 +++++++------- bin/tests/system/dnssec/ns5/sign.sh | 2 +- bin/tests/system/dnssec/ns6/sign.sh | 2 +- bin/tests/system/dnssec/ns7/sign.sh | 4 +- bin/tests/system/dnssec/tests.sh | 44 +++---- bin/tests/system/dsdigest/ns1/sign.sh | 4 +- bin/tests/system/dsdigest/ns2/sign.sh | 8 +- bin/tests/system/ecdsa/ns1/sign.sh | 8 +- bin/tests/system/eddsa/ns1/sign.sh | 8 +- bin/tests/system/forward/ns1/sign.sh | 4 +- bin/tests/system/glue/ns1/sign.sh | 2 +- bin/tests/system/inline/ns1/sign.sh | 4 +- bin/tests/system/inline/ns3/sign.sh | 58 +++++----- bin/tests/system/inline/ns7/sign.sh | 6 +- bin/tests/system/inline/ns8/sign.sh | 8 +- bin/tests/system/legacy/ns6/sign.sh | 4 +- bin/tests/system/legacy/ns7/sign.sh | 4 +- bin/tests/system/nsupdate/ns3/sign.sh | 8 +- bin/tests/system/nsupdate/tests.sh | 2 +- bin/tests/system/pending/ns1/sign.sh | 4 +- bin/tests/system/pending/ns2/sign.sh | 4 +- bin/tests/system/rootkeysentinel/ns1/sign.sh | 2 +- bin/tests/system/rootkeysentinel/ns2/sign.sh | 4 +- bin/tests/system/rsabigexponent/ns1/sign.sh | 2 +- bin/tests/system/sfcache/ns1/sign.sh | 2 +- bin/tests/system/sfcache/ns2/sign.sh | 4 +- bin/tests/system/sfcache/ns5/sign.sh | 2 +- bin/tests/system/staticstub/ns3/sign.sh | 8 +- bin/tests/system/staticstub/ns4/sign.sh | 4 +- bin/tests/system/synthfromdnssec/ns1/sign.sh | 12 +- bin/tests/system/tsig/tests.sh | 2 +- bin/tests/system/tsiggss/setup.sh | 2 +- bin/tests/system/upforwd/setup.sh | 4 +- bin/tests/system/wildcard/ns1/sign.sh | 20 ++-- 43 files changed, 252 insertions(+), 319 deletions(-) diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c index a3fa8078c22..7b210f18cbe 100644 --- a/bin/dnssec/dnssec-keyfromlabel.c +++ b/bin/dnssec/dnssec-keyfromlabel.c @@ -73,8 +73,6 @@ usage(void) { fprintf(stderr, " -k: generate a TYPE=KEY key\n"); fprintf(stderr, " -L ttl: default key TTL\n"); fprintf(stderr, " -M :: allowed Key ID range\n"); - fprintf(stderr, " -n nametype: ZONE | HOST | ENTITY | USER | " - "OTHER\n"); fprintf(stderr, " (DNSKEY generation defaults to ZONE\n"); fprintf(stderr, " -p protocol: default: 3 [dnssec]\n"); fprintf(stderr, " -y: permit keys that might collide\n"); @@ -108,7 +106,6 @@ usage(void) { int main(int argc, char **argv) { char *algname = NULL, *freeit = NULL; - char *nametype = NULL; const char *directory = NULL; const char *predecessor = NULL; dst_key_t *prevkey = NULL; @@ -122,7 +119,7 @@ main(int argc, char **argv) { bool oldstyle = false; isc_mem_t *mctx = NULL; int ch; - int protocol = -1, signatory = 0; + int protocol = -1; isc_result_t ret; isc_textregion_t r; char filename[255]; @@ -220,7 +217,7 @@ main(int argc, char **argv) { break; } case 'n': - nametype = isc_commandline_argument; + fatal("The -n option has been deprecated."); break; case 'p': protocol = strtol(isc_commandline_argument, &endp, 10); @@ -449,9 +446,6 @@ main(int argc, char **argv) { if (algname != NULL) { fatal("-S and -a cannot be used together"); } - if (nametype != NULL) { - fatal("-S and -n cannot be used together"); - } if (setpub || unsetpub) { fatal("-S and -P cannot be used together"); } @@ -533,38 +527,18 @@ main(int argc, char **argv) { setpub = setact = true; } - if (nametype == NULL) { - if ((options & DST_TYPE_KEY) != 0) { /* KEY */ - fatal("no nametype specified"); - } - flags |= DNS_KEYOWNER_ZONE; /* DNSKEY */ - } else if (strcasecmp(nametype, "zone") == 0) { - flags |= DNS_KEYOWNER_ZONE; - } else if ((options & DST_TYPE_KEY) != 0) { /* KEY */ - if (strcasecmp(nametype, "host") == 0 || - strcasecmp(nametype, "entity") == 0) - { - flags |= DNS_KEYOWNER_ENTITY; - } else if (strcasecmp(nametype, "user") == 0) { - /* no owner flags */ - } else { - fatal("invalid KEY nametype %s", nametype); - } - } else if (strcasecmp(nametype, "other") != 0) { /* DNSKEY */ - fatal("invalid DNSKEY nametype %s", nametype); - } - rdclass = strtoclass(classname); if (directory == NULL) { directory = "."; } - if ((options & DST_TYPE_KEY) != 0) { /* KEY */ - flags |= signatory; - } else if ((flags & DNS_KEYOWNER_ZONE) != 0) { /* DNSKEY */ + if ((options & DST_TYPE_KEY) == 0) { + flags |= DNS_KEYOWNER_ZONE; /* DNSKEY: name type ZONE */ flags |= kskflag; flags |= revflag; + } else { + flags |= DNS_KEYOWNER_ENTITY; /* KEY: name type HOST */ } if (protocol == -1) { diff --git a/bin/dnssec/dnssec-keyfromlabel.rst b/bin/dnssec/dnssec-keyfromlabel.rst index dbeb5f03664..c956cf13ec2 100644 --- a/bin/dnssec/dnssec-keyfromlabel.rst +++ b/bin/dnssec/dnssec-keyfromlabel.rst @@ -21,7 +21,7 @@ dnssec-keyfromlabel - DNSSEC key generation tool Synopsis ~~~~~~~~ -:program:`dnssec-keyfromlabel` {**-l** label} [**-3**] [**-a** algorithm] [**-A** date/offset] [**-c** class] [**-D** date/offset] [**-D** sync date/offset] [**-f** flag] [**-G**] [**-I** date/offset] [**-i** interval] [**-k**] [**-K** directory] [**-L** ttl] [**-M** tag_min:tag_max] [**-n** nametype] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-R** date/offset] [**-S** key] [**-v** level] [**-V**] [**-y**] {name} +:program:`dnssec-keyfromlabel` {**-l** label} [**-3**] [**-a** algorithm] [**-A** date/offset] [**-c** class] [**-D** date/offset] [**-D** sync date/offset] [**-f** flag] [**-G**] [**-I** date/offset] [**-i** interval] [**-k**] [**-K** directory] [**-L** ttl] [**-M** tag_min:tag_max] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-R** date/offset] [**-S** key] [**-v** level] [**-V**] [**-y**] {name} Description ~~~~~~~~~~~ @@ -70,14 +70,6 @@ Options When BIND 9 is built with OpenSSL-based PKCS#11 support, the label is an arbitrary string that identifies a particular key. -.. option:: -n nametype - - This option specifies the owner type of the key. The value of ``nametype`` must - either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY - (for a key associated with a host (KEY)), USER (for a key associated - with a user (KEY)), or OTHER (DNSKEY). These values are - case-insensitive. - .. option:: -C This option enables compatibility mode, which generates an old-style key, without any metadata. diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c index 5515c65d382..ad91fce3126 100644 --- a/bin/dnssec/dnssec-keygen.c +++ b/bin/dnssec/dnssec-keygen.c @@ -82,7 +82,6 @@ struct keygen_ctx { const char *directory; dns_keystore_t *keystore; char *algname; - char *nametype; int protocol; int size; uint16_t tag_min; @@ -167,9 +166,6 @@ usage(void) { fprintf(stderr, " ED448:\tignored\n"); fprintf(stderr, " (key size defaults are set according to\n" " algorithm and usage (ZSK or KSK)\n"); - fprintf(stderr, " -n : ZONE | HOST | ENTITY | " - "USER | OTHER\n"); - fprintf(stderr, " (DNSKEY generation defaults to ZONE)\n"); fprintf(stderr, " -c : (default: IN)\n"); fprintf(stderr, " -d (0 => max, default)\n"); fprintf(stderr, " -f : ZSK | KSK | REVOKE\n"); @@ -381,9 +377,6 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) { if (ctx->size >= 0) { fatal("-S and -b cannot be used together"); } - if (ctx->nametype != NULL) { - fatal("-S and -n cannot be used together"); - } if (ctx->setpub || ctx->unsetpub) { fatal("-S and -P cannot be used together"); } @@ -497,25 +490,10 @@ keygen(keygen_ctx_t *ctx, isc_mem_t *mctx, int argc, char **argv) { break; } - if (ctx->nametype == NULL) { - if ((ctx->options & DST_TYPE_KEY) != 0) { /* KEY */ - fatal("no nametype specified"); - } - flags |= DNS_KEYOWNER_ZONE; /* DNSKEY */ - } else if (strcasecmp(ctx->nametype, "zone") == 0) { - flags |= DNS_KEYOWNER_ZONE; - } else if ((ctx->options & DST_TYPE_KEY) != 0) { /* KEY */ - if (strcasecmp(ctx->nametype, "host") == 0 || - strcasecmp(ctx->nametype, "entity") == 0) - { - flags |= DNS_KEYOWNER_ENTITY; - } else if (strcasecmp(ctx->nametype, "user") == 0) { - /* no owner flags */ - } else { - fatal("invalid KEY nametype %s", ctx->nametype); - } - } else if (strcasecmp(ctx->nametype, "other") != 0) { /* DNSKEY */ - fatal("invalid DNSKEY nametype %s", ctx->nametype); + if ((ctx->options & DST_TYPE_KEY) == 0) { + flags |= DNS_KEYOWNER_ZONE; /* DNSKEY: name type ZONE */ + } else { + flags |= DNS_KEYOWNER_ENTITY; /* KEY: name type HOST */ } if (ctx->directory == NULL) { @@ -916,7 +894,7 @@ main(int argc, char **argv) { ctx.configfile = isc_commandline_argument; break; case 'n': - ctx.nametype = isc_commandline_argument; + fatal("The -n option has been deprecated."); break; case 'M': { unsigned long ul; @@ -1137,9 +1115,6 @@ main(int argc, char **argv) { } if (ctx.policy != NULL) { - if (ctx.nametype != NULL) { - fatal("-k and -n cannot be used together"); - } if (ctx.predecessor != NULL) { fatal("-k and -S cannot be used together"); } @@ -1158,7 +1133,7 @@ main(int argc, char **argv) { if (ctx.wantrev) { fatal("-k and -fR cannot be used together"); } - if (ctx.options & DST_TYPE_KEY) { + if ((ctx.options & DST_TYPE_KEY) != 0) { fatal("-k and -T KEY cannot be used together"); } if (ctx.use_nsec3) { diff --git a/bin/dnssec/dnssec-keygen.rst b/bin/dnssec/dnssec-keygen.rst index 097ac2a2d3c..5fda5613f67 100644 --- a/bin/dnssec/dnssec-keygen.rst +++ b/bin/dnssec/dnssec-keygen.rst @@ -21,7 +21,7 @@ dnssec-keygen: DNSSEC key generation tool Synopsis ~~~~~~~~ -:program:`dnssec-keygen` [**-3**] [**-A** date/offset] [**-a** algorithm] [**-b** keysize] [**-C**] [**-c** class] [**-D** date/offset] [**-d** bits] [**-D** sync date/offset] [**-f** flag] [**-F**] [**-G**] [**-h**] [**-I** date/offset] [**-i** interval] [**-K** directory] [**-k** policy] [**-L** ttl] [**-l** file] [**-M** tag_min:tag_max] [**-n** nametype] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-q**] [**-R** date/offset] [**-S** key] [**-s** strength] [**-T** rrtype] [**-V**] [**-v** level] {name} +:program:`dnssec-keygen` [**-3**] [**-A** date/offset] [**-a** algorithm] [**-b** keysize] [**-C**] [**-c** class] [**-D** date/offset] [**-d** bits] [**-D** sync date/offset] [**-f** flag] [**-F**] [**-G**] [**-h**] [**-I** date/offset] [**-i** interval] [**-K** directory] [**-k** policy] [**-L** ttl] [**-l** file] [**-M** tag_min:tag_max] [**-P** date/offset] [**-P** sync date/offset] [**-p** protocol] [**-q**] [**-R** date/offset] [**-S** key] [**-s** strength] [**-T** rrtype] [**-V**] [**-v** level] {name} Description ~~~~~~~~~~~ @@ -163,14 +163,6 @@ Options key tag values to be produced. This option is ignored when ``-k policy`` is specified. -.. option:: -n nametype - - This option specifies the owner type of the key. The value of ``nametype`` must - either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY - (for a key associated with a host (KEY)), USER (for a key associated - with a user (KEY)), or OTHER (DNSKEY). These values are - case-insensitive. The default is ZONE for DNSKEY generation. - .. option:: -p protocol This option sets the protocol value for the generated key, for use with diff --git a/bin/tests/system/checkds/ns1/setup.sh b/bin/tests/system/checkds/ns1/setup.sh index 97ee1c232e8..c25251b90b8 100644 --- a/bin/tests/system/checkds/ns1/setup.sh +++ b/bin/tests/system/checkds/ns1/setup.sh @@ -22,8 +22,8 @@ zonefile=root.db echo_i "ns1/setup.sh" -ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") -zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 diff --git a/bin/tests/system/digdelv/ns1/sign.sh b/bin/tests/system/digdelv/ns1/sign.sh index 442d717d15f..487bea3cfd5 100644 --- a/bin/tests/system/digdelv/ns1/sign.sh +++ b/bin/tests/system/digdelv/ns1/sign.sh @@ -20,7 +20,7 @@ set -e cp "../ns2/dsset-example." . -ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone .) +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" .) cp root.db.in root.db diff --git a/bin/tests/system/digdelv/ns2/sign.sh b/bin/tests/system/digdelv/ns2/sign.sh index 73580a6dd94..5f6d7db53c8 100644 --- a/bin/tests/system/digdelv/ns2/sign.sh +++ b/bin/tests/system/digdelv/ns2/sign.sh @@ -16,7 +16,7 @@ set -e -ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone example.) +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" example.) cp example.db.in example.db @@ -28,5 +28,5 @@ grep -Ev '^;' <"$ksk.key" | cut -f 7- -d ' ' >keydata keyfile_to_initial_keys "$ksk" >../ns3/anchor.dnskey keyfile_to_initial_ds "$ksk" >../ns3/anchor.ds -ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone example.tld.) +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" example.tld.) "$SIGNER" -Sz -f example.tld.db -o example.tld example.db.in >/dev/null 2>&1 diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh index e911c9942ab..63d2c58ff9f 100644 --- a/bin/tests/system/dnssec/ns1/sign.sh +++ b/bin/tests/system/dnssec/ns1/sign.sh @@ -38,8 +38,8 @@ cp "../ns2/dsset-inconsistent." . grep "$DEFAULT_ALGORITHM_NUMBER [12] " "../ns2/dsset-algroll." >"dsset-algroll." cp "../ns6/dsset-optout-tld." . -ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") -zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh index 66fc96a6763..08f4d89e277 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -34,8 +34,8 @@ zone=managed. infile=key.db.in zonefile=managed.db -keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone -f KSK "$zone") -keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone "$zone") +keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -f KSK "$zone") +keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" "$zone") cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile" @@ -45,8 +45,8 @@ zone=trusted. infile=key.db.in zonefile=trusted.db -keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone -f KSK "$zone") -keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone "$zone") +keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -f KSK "$zone") +keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" "$zone") cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile" @@ -70,8 +70,8 @@ for subdomain in digest-alg-unsupported ds-unsupported secure badds \ done # Sign the "example." zone. -keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone -f KSK "$zone") -keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone "$zone") +keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -f KSK "$zone") +keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" "$zone") cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile" @@ -132,8 +132,8 @@ zone=in-addr.arpa. infile=in-addr.arpa.db.in zonefile=in-addr.arpa.db -keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile" "$SIGNER" -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" >/dev/null 2>&1 @@ -144,8 +144,8 @@ zone=badparam. infile=badparam.db.in zonefile=badparam.db -keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile" @@ -159,8 +159,8 @@ zone=single-nsec3. infile=single-nsec3.db.in zonefile=single-nsec3.db -keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile" @@ -175,10 +175,10 @@ zone=algroll. infile=algroll.db.in zonefile=algroll.db -keyold1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone -f KSK "$zone") -keyold2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone "$zone") -keynew1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -keynew2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyold1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -f KSK "$zone") +keyold2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" "$zone") +keynew1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +keynew2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keynew1.key" "$keynew2.key" >"$zonefile" @@ -203,16 +203,16 @@ while [ $i -le 300 ]; do echo "host$i 10 IN NS ns.elsewhere" i=$((i + 1)) done >>"$zonefile" -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$key1.key" "$key2.key" >>"$zonefile" "$SIGNER" -3 - -A -H 1 -g -o "$zone" -k "$key1" "$zonefile" "$key2" >/dev/null 2>&1 zone=cds.secure infile=cds.secure.db.in zonefile=cds.secure.db -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") "$DSFROMKEY" -C "$key1.key" >"$key1.cds" cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >$zonefile "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 @@ -220,9 +220,9 @@ cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >$zonefile zone=cds-x.secure infile=cds.secure.db.in zonefile=cds-x.secure.db -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") "$DSFROMKEY" -C "$key2.key" >"$key2.cds" cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key2.cds" >"$zonefile" "$SIGNER" -g -x -o "$zone" "$zonefile" >/dev/null 2>&1 @@ -230,8 +230,8 @@ cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key2.cds" >"$zonefile" zone=cds-update.secure infile=cds-update.secure.db.in zonefile=cds-update.secure.db -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$key1.key" "$key2.key" >"$zonefile" "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 keyfile_to_key_id "$key1" >cds-update.secure.id @@ -239,16 +239,16 @@ keyfile_to_key_id "$key1" >cds-update.secure.id zone=cds-auto.secure infile=cds-auto.secure.db.in zonefile=cds-auto.secure.db -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") $SETTIME -P sync now "$key1" >/dev/null cat "$infile" >"$zonefile.signed" zone=cdnskey.secure infile=cdnskey.secure.db.in zonefile=cdnskey.secure.db -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") sed 's/DNSKEY/CDNSKEY/' "$key1.key" >"$key1.cds" cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >"$zonefile" "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 @@ -256,9 +256,9 @@ cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >"$zonefile" zone=cdnskey-x.secure infile=cdnskey.secure.db.in zonefile=cdnskey-x.secure.db -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") sed 's/DNSKEY/CDNSKEY/' "$key1.key" >"$key1.cds" cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key1.cds" >"$zonefile" "$SIGNER" -g -x -o "$zone" "$zonefile" >/dev/null 2>&1 @@ -266,8 +266,8 @@ cat "$infile" "$key1.key" "$key2.key" "$key3.key" "$key1.cds" >"$zonefile" zone=cdnskey-update.secure infile=cdnskey-update.secure.db.in zonefile=cdnskey-update.secure.db -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$key1.key" "$key2.key" >"$zonefile" "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 keyfile_to_key_id "$key1" >cdnskey-update.secure.id @@ -275,16 +275,16 @@ keyfile_to_key_id "$key1" >cdnskey-update.secure.id zone=cdnskey-auto.secure infile=cdnskey-auto.secure.db.in zonefile=cdnskey-auto.secure.db -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") $SETTIME -P sync now "$key1" >/dev/null cat "$infile" >"$zonefile.signed" zone=updatecheck-kskonly.secure infile=template.secure.db.in zonefile=${zone}.db -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") # Save key id's for checking active key usage keyfile_to_key_id "$key1" >$zone.ksk.id keyfile_to_key_id "$key2" >$zone.zsk.id @@ -300,8 +300,8 @@ mv $zonefile "$zonefile.signed" zone=hours-vs-days infile=hours-vs-days.db.in zonefile=hours-vs-days.db -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") $SETTIME -P sync now "$key1" >/dev/null cat "$infile" >"$zonefile.signed" @@ -311,8 +311,8 @@ cat "$infile" >"$zonefile.signed" zone=too-many-iterations infile=too-many-iterations.db.in zonefile=too-many-iterations.db -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$key1.key" "$key2.key" >"$zonefile" "$SIGNER" -P -3 - -H too-many -g -o "$zone" "$zonefile" >/dev/null 2>&1 @@ -322,10 +322,10 @@ cat "$infile" "$key1.key" "$key2.key" >"$zonefile" zone=lazy-ksk infile=lazy-ksk.db.in zonefile=lazy-ksk.db -ksk1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -ksk2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -ksk3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +ksk1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +ksk2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +ksk3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$ksk1.key" "$ksk2.key" "$ksk3.key" "$zsk.key" >"$zonefile" $DSFROMKEY "$ksk1.key" >"dsset-$zone." $DSFROMKEY "$ksk2.key" >>"dsset-$zone." @@ -364,8 +364,8 @@ rm "$rm2.private" zone=peer.peer-ns-spoof infile=peer.peer-ns-spoof.db.in zonefile=peer.peer-ns-spoof.db -ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 "$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" \ @@ -383,8 +383,8 @@ cp "$zonefile.stripped" "$zonefile.signed" zone=peer-ns-spoof infile=peer-ns-spoof.db.in zonefile=peer-ns-spoof.db -ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 @@ -394,8 +394,8 @@ cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" zone=dnskey-rrsigs-stripped infile=dnskey-rrsigs-stripped.db.in zonefile=dnskey-rrsigs-stripped.db -ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 "$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" \ @@ -411,8 +411,8 @@ cp "$zonefile.stripped" "$zonefile.signed" zone=child.ds-rrsigs-stripped infile=child.ds-rrsigs-stripped.db.in zonefile=child.ds-rrsigs-stripped.db -ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 @@ -422,8 +422,8 @@ cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" zone=ds-rrsigs-stripped infile=ds-rrsigs-stripped.db.in zonefile=ds-rrsigs-stripped.db -ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 "$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" \ @@ -439,7 +439,7 @@ cp "$zonefile.stripped" "$zonefile.signed" zone=inconsistent infile=inconsistent.db.in zonefile=inconsistent.db -key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$key1.key" "$key2.key" >"$zonefile" "$SIGNER" -3 - -g -o "$zone" "$zonefile" >/dev/null 2>&1 diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index 79cac88dc98..9960b4c5c79 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -24,7 +24,7 @@ for tld in managed trusted; do zone=secure.${tld} zonefile=${zone}.db - keyname1=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") + keyname1=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname1.key" >"$zonefile" "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" >/dev/null @@ -32,7 +32,7 @@ for tld in managed trusted; do zone=disabled.${tld} zonefile=${zone}.db - keyname2=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" -n zone "$zone") + keyname2=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" "$zone") cat "$infile" "$keyname2.key" >"$zonefile" "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" >/dev/null @@ -40,7 +40,7 @@ for tld in managed trusted; do zone=enabled.${tld} zonefile=${zone}.db - keyname3=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" -n zone "$zone") + keyname3=$("$KEYGEN" -f KSK -q -a "$DISABLED_ALGORITHM" -b "$DISABLED_BITS" "$zone") cat "$infile" "$keyname3.key" >"$zonefile" "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" >/dev/null @@ -48,7 +48,7 @@ for tld in managed trusted; do zone=unsupported.${tld} zonefile=${zone}.db - keyname4=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") + keyname4=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname4.key" >"$zonefile" "$SIGNER" -z -3 - -o "$zone" -O full -f ${zonefile}.tmp "$zonefile" >/dev/null awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${zonefile}.tmp >${zonefile}.signed @@ -61,7 +61,7 @@ for tld in managed trusted; do zone=revoked.${tld} zonefile=${zone}.db - keyname5=$("$KEYGEN" -f KSK -f REVOKE -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") + keyname5=$("$KEYGEN" -f KSK -f REVOKE -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname5.key" >"$zonefile" "$SIGNER" -z -P -3 - -o "$zone" -O full -f ${zonefile}.signed "$zonefile" >/dev/null @@ -81,9 +81,9 @@ zone=secure.example. infile=secure.example.db.in zonefile=secure.example.db -cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n host "cnameandkey.$zone") -dnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n host "dnameandkey.$zone") -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "cnameandkey.$zone") +dnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "dnameandkey.$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$cnameandkey.key" "$dnameandkey.key" "$keyname.key" >"$zonefile" @@ -95,7 +95,7 @@ zone=bogus.example. infile=bogus.example.db.in zonefile=bogus.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -105,8 +105,8 @@ zone=dynamic.example. infile=dynamic.example.db.in zonefile=dynamic.example.db -keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") -keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") +keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") +keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile" @@ -116,7 +116,7 @@ zone=keyless.example. infile=generic.example.db.in zonefile=keyless.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -137,7 +137,7 @@ zone=secure.nsec3.example. infile=secure.nsec3.example.db.in zonefile=secure.nsec3.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -150,7 +150,7 @@ zone=nsec3.nsec3.example. infile=nsec3.nsec3.example.db.in zonefile=nsec3.nsec3.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -163,7 +163,7 @@ zone=optout.nsec3.example. infile=optout.nsec3.example.db.in zonefile=optout.nsec3.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -176,7 +176,7 @@ zone=nsec3.example. infile=nsec3.example.db.in zonefile=nsec3.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -189,7 +189,7 @@ zone=secure.optout.example. infile=secure.optout.example.db.in zonefile=secure.optout.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -202,7 +202,7 @@ zone=nsec3.optout.example. infile=nsec3.optout.example.db.in zonefile=nsec3.optout.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -215,7 +215,7 @@ zone=optout.optout.example. infile=optout.optout.example.db.in zonefile=optout.optout.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -228,7 +228,7 @@ zone=optout.example. infile=optout.example.db.in zonefile=optout.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -241,7 +241,7 @@ zone=nsec3-unknown.example. infile=nsec3-unknown.example.db.in zonefile=nsec3-unknown.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -254,7 +254,7 @@ zone=optout-unknown.example. infile=optout-unknown.example.db.in zonefile=optout-unknown.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -268,7 +268,7 @@ zone=dnskey-unknown.example infile=dnskey-unknown.example.db.in zonefile=dnskey-unknown.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -287,7 +287,7 @@ zone=dnskey-unsupported.example infile=dnskey-unsupported.example.db.in zonefile=dnskey-unsupported.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -306,10 +306,10 @@ zone=digest-alg-unsupported.example. infile=digest-alg-unsupported.example.db.in zonefile=digest-alg-unsupported.example.db -cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n host "cnameandkey.$zone") -dnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n host "dnameandkey.$zone") -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") -keyname2=$("$KEYGEN" -q -a ECDSAP384SHA384 -b "$DEFAULT_BITS" -n zone "$zone") +cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "cnameandkey.$zone") +dnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "dnameandkey.$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") +keyname2=$("$KEYGEN" -q -a ECDSAP384SHA384 -b "$DEFAULT_BITS" "$zone") cat "$infile" "$cnameandkey.key" "$dnameandkey.key" "$keyname.key" "$keyname2.key" >"$zonefile" @@ -330,9 +330,9 @@ zone=ds-unsupported.example. infile=ds-unsupported.example.db.in zonefile=ds-unsupported.example.db -cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n host "cnameandkey.$zone") -dnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n host "dnameandkey.$zone") -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +cnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "cnameandkey.$zone") +dnameandkey=$("$KEYGEN" -T KEY -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "dnameandkey.$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$cnameandkey.key" "$dnameandkey.key" "$keyname.key" >"$zonefile" @@ -348,8 +348,8 @@ zone=dnskey-unsupported-2.example infile=dnskey-unsupported-2.example.db.in zonefile=dnskey-unsupported-2.example.db -ksk=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") -zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +ksk=$("$KEYGEN" -f KSK -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$ksk.key" "$zsk.key" unsupported-algorithm.key >"$zonefile" @@ -363,7 +363,7 @@ zone=dnskey-nsec3-unknown.example infile=dnskey-nsec3-unknown.example.db.in zonefile=dnskey-nsec3-unknown.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -381,7 +381,7 @@ zone=multiple.example. infile=multiple.example.db.in zonefile=multiple.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -405,7 +405,7 @@ zone=rsasha256.example. infile=rsasha256.example.db.in zonefile=rsasha256.example.db -keyname=$("$KEYGEN" -q -a RSASHA256 -n zone "$zone") +keyname=$("$KEYGEN" -q -a RSASHA256 "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -418,7 +418,7 @@ zone=rsasha512.example. infile=rsasha512.example.db.in zonefile=rsasha512.example.db -keyname=$("$KEYGEN" -q -a RSASHA512 -n zone "$zone") +keyname=$("$KEYGEN" -q -a RSASHA512 "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -497,7 +497,7 @@ cat "$infile" "$kskname.key" "$zskname.key" >"$zonefile" zone=secure.below-cname.example. infile=secure.below-cname.example.db.in zonefile=secure.below-cname.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" "$SIGNER" -P -o "$zone" "$zonefile" >/dev/null @@ -510,7 +510,7 @@ zonefile=ttlpatch.example.db signedfile=ttlpatch.example.db.signed patchedfile=ttlpatch.example.db.patched -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" "$SIGNER" -P -f $signedfile -o "$zone" "$zonefile" >/dev/null @@ -525,7 +525,7 @@ infile=split-dnssec.example.db.in zonefile=split-dnssec.example.db signedfile=split-dnssec.example.db.signed -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" echo "\$INCLUDE \"$signedfile\"" >>"$zonefile" : >"$signedfile" @@ -539,7 +539,7 @@ infile=split-smart.example.db.in zonefile=split-smart.example.db signedfile=split-smart.example.db.signed -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cp "$infile" "$zonefile" # shellcheck disable=SC2016 echo "\$INCLUDE \"$signedfile\"" >>"$zonefile" @@ -613,7 +613,7 @@ zone=badds.example. infile=bogus.example.db.in zonefile=badds.example.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" @@ -694,7 +694,7 @@ zonefile=occluded.example.db kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -fk "$zone") zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" "$zone") dnskeyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -fk "delegation.$zone") -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -n HOST -T KEY "delegation.$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -T KEY "delegation.$zone") $DSFROMKEY "$dnskeyname.key" >"dsset-delegation.${zone}." cat "$infile" "${kskname}.key" "${zskname}.key" "${keyname}.key" \ "${dnskeyname}.key" "dsset-delegation.${zone}." >"$zonefile" @@ -723,7 +723,7 @@ awk '$4 == "DNSKEY" && $5 == 257 { print }' "$zonefile" \ zone=target.peer-ns-spoof infile=target.peer-ns-spoof.db.in zonefile=target.peer-ns-spoof.db -ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") -zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" "$SIGNER" -g -o "$zone" "$zonefile" >/dev/null 2>&1 diff --git a/bin/tests/system/dnssec/ns5/sign.sh b/bin/tests/system/dnssec/ns5/sign.sh index 65105d05820..04b2d46efae 100644 --- a/bin/tests/system/dnssec/ns5/sign.sh +++ b/bin/tests/system/dnssec/ns5/sign.sh @@ -34,6 +34,6 @@ keyfile_to_initial_ds "$keyname" >revoked.conf "$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK $zone >/dev/null "$SIGNER" -S -o "$zone" -f "$zonefile" "$infile" >/dev/null 2>&1 -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" ".") keyfile_to_static_ds "$keyname" >trusted.conf diff --git a/bin/tests/system/dnssec/ns6/sign.sh b/bin/tests/system/dnssec/ns6/sign.sh index e3ff2d2bd51..103baf257eb 100644 --- a/bin/tests/system/dnssec/ns6/sign.sh +++ b/bin/tests/system/dnssec/ns6/sign.sh @@ -22,7 +22,7 @@ zone=optout-tld infile=optout-tld.db.in zonefile=optout-tld.db -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname.key" >"$zonefile" diff --git a/bin/tests/system/dnssec/ns7/sign.sh b/bin/tests/system/dnssec/ns7/sign.sh index 5e30050beca..7aaceadbb9b 100644 --- a/bin/tests/system/dnssec/ns7/sign.sh +++ b/bin/tests/system/dnssec/ns7/sign.sh @@ -22,8 +22,8 @@ zone=split-rrsig infile=split-rrsig.db.in zonefile=split-rrsig.db -k1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") -k2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +k1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") +k2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$k1.key" "$k2.key" >"$zonefile" diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 04673b361a5..845adc306d7 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -1633,9 +1633,9 @@ echo_i "check dnssec-signzone doesn't sign with prepublished zsk ($n)" ret=0 zone=prepub # Generate keys. -ksk=$("$KEYGEN" -K signer -f KSK -q -a $DEFAULT_ALGORITHM -n zone "$zone") -zsk1=$("$KEYGEN" -K signer -q -a $DEFAULT_ALGORITHM -n zone "$zone") -zsk2=$("$KEYGEN" -K signer -q -a $DEFAULT_ALGORITHM -n zone "$zone") +ksk=$("$KEYGEN" -K signer -f KSK -q -a $DEFAULT_ALGORITHM "$zone") +zsk1=$("$KEYGEN" -K signer -q -a $DEFAULT_ALGORITHM "$zone") +zsk2=$("$KEYGEN" -K signer -q -a $DEFAULT_ALGORITHM "$zone") zskid1=$(keyfile_to_key_id "$zsk1") zskid2=$(keyfile_to_key_id "$zsk2") ( @@ -1714,7 +1714,7 @@ echo_i "checking that a DS record cannot be generated for a key using an unsuppo ret=0 zone=example # Fake an unsupported algorithm key -unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${unsupportedkey}.key >${unsupportedkey}.tmp mv ${unsupportedkey}.tmp ${unsupportedkey}.key # If dnssec-dsfromkey fails, the test script will exit immediately. Prevent @@ -1742,8 +1742,8 @@ status=$((status + ret)) echo_i "checking that we can sign a zone with out-of-zone records ($n)" ret=0 zone=example -key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM -n zone $zone) -key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM -n zone $zone) +key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM $zone) +key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM $zone) ( cd signer || exit 1 cat example.db.in "$key1.key" "$key2.key" >example.db @@ -1756,8 +1756,8 @@ status=$((status + ret)) echo_i "checking that we can sign a zone (NSEC3) with out-of-zone records ($n)" ret=0 zone=example -key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM -n zone $zone) -key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM -n zone $zone) +key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM $zone) +key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM $zone) ( cd signer || exit 1 cat example.db.in "$key1.key" "$key2.key" >example.db @@ -1781,8 +1781,8 @@ status=$((status + ret)) echo_i "checking NSEC3 signing with empty nonterminals above a delegation ($n)" ret=0 zone=example -key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM -n zone $zone) -key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM -n zone $zone) +key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM $zone) +key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM $zone) ( cd signer || exit 1 cat example.db.in "$key1.key" "$key2.key" >example3.db @@ -1807,8 +1807,8 @@ status=$((status + ret)) echo_i "checking that dnssec-signzone updates originalttl on ttl changes ($n)" ret=0 zone=example -key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM -n zone $zone) -key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM -n zone $zone) +key1=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM $zone) +key2=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM $zone) ( cd signer || exit 1 cat example.db.in "$key1.key" "$key2.key" >example.db @@ -1824,10 +1824,10 @@ status=$((status + ret)) echo_i "checking dnssec-signzone keeps valid signatures from removed keys ($n)" ret=0 zone=example -key1=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM -n zone $zone) -key2=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM -n zone $zone) +key1=$($KEYGEN -K signer -q -f KSK -a $DEFAULT_ALGORITHM $zone) +key2=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM $zone) keyid2=$(keyfile_to_key_id "$key2") -key3=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM -n zone $zone) +key3=$($KEYGEN -K signer -q -a $DEFAULT_ALGORITHM $zone) keyid3=$(keyfile_to_key_id "$key3") ( cd signer || exit 1 @@ -3491,13 +3491,13 @@ until test $alg -eq 256; do continue ;; 1 | 5 | 7 | 8 | 10) # RSA algorithms - key1=$($KEYGEN -a "$alg" -b "2048" -n zone "$zone" 2>"keygen-$alg.err" || true) + key1=$($KEYGEN -a "$alg" -b "2048" "$zone" 2>"keygen-$alg.err" || true) ;; 15 | 16) - key1=$($KEYGEN -a "$alg" -n zone "$zone" 2>"keygen-$alg.err" || true) + key1=$($KEYGEN -a "$alg" "$zone" 2>"keygen-$alg.err" || true) ;; *) - key1=$($KEYGEN -a "$alg" -n zone "$zone" 2>"keygen-$alg.err" || true) + key1=$($KEYGEN -a "$alg" "$zone" 2>"keygen-$alg.err" || true) ;; esac if grep "unsupported algorithm" "keygen-$alg.err" >/dev/null; then @@ -4264,7 +4264,7 @@ test "$ret" -eq 0 || echo_i "failed" status=$((status + ret)) # Roll the ZSK. -zsk2=$("$KEYGEN" -q -P none -A none -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -K ns2 -n zone "$zone") +zsk2=$("$KEYGEN" -q -P none -A none -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -K ns2 "$zone") keyfile_to_key_id "$zsk2" >ns2/$zone.zsk.id2 ZSK_ID2=$(cat ns2/$zone.zsk.id2) ret=0 @@ -4360,7 +4360,7 @@ mv ns2/$KSK.key.bak ns2/$KSK.key mv ns2/$KSK.private.bak ns2/$KSK.private # Roll the ZSK again. -zsk3=$("$KEYGEN" -q -P none -A none -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -K ns2 -n zone "$zone") +zsk3=$("$KEYGEN" -q -P none -A none -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -K ns2 "$zone") ret=0 keyfile_to_key_id "$zsk3" >ns2/$zone.zsk.id3 ZSK_ID3=$(cat ns2/$zone.zsk.id3) @@ -4616,8 +4616,8 @@ status=$((status + ret)) echo_i "check that dnssec-keygen honours key tag ranges ($n)" ret=0 zone=settagrange -ksk=$("$KEYGEN" -f KSK -q -a $DEFAULT_ALGORITHM -n zone -M 0:32767 "$zone") -zsk=$("$KEYGEN" -q -a $DEFAULT_ALGORITHM -n zone -M 32768:65535 "$zone") +ksk=$("$KEYGEN" -f KSK -q -a $DEFAULT_ALGORITHM -M 0:32767 "$zone") +zsk=$("$KEYGEN" -q -a $DEFAULT_ALGORITHM -M 32768:65535 "$zone") kid=$(keyfile_to_key_id "$ksk") zid=$(keyfile_to_key_id "$zsk") [ $kid -ge 0 -a $kid -le 32767 ] || ret=1 diff --git a/bin/tests/system/dsdigest/ns1/sign.sh b/bin/tests/system/dsdigest/ns1/sign.sh index a4abccc5efd..7c82d48e91e 100644 --- a/bin/tests/system/dsdigest/ns1/sign.sh +++ b/bin/tests/system/dsdigest/ns1/sign.sh @@ -22,8 +22,8 @@ zonefile=root.db cp ../ns2/dsset-good. . cp ../ns2/dsset-bad. . -key1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -key2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +key1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +key2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) cat $infile $key1.key $key2.key >$zonefile diff --git a/bin/tests/system/dsdigest/ns2/sign.sh b/bin/tests/system/dsdigest/ns2/sign.sh index 37456fe2a95..24d401163a9 100644 --- a/bin/tests/system/dsdigest/ns2/sign.sh +++ b/bin/tests/system/dsdigest/ns2/sign.sh @@ -20,10 +20,10 @@ zone2=bad infile2=bad.db.in zonefile2=bad.db -keyname11=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone1) -keyname12=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone1) -keyname21=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone2) -keyname22=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone2) +keyname11=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone1) +keyname12=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone1) +keyname21=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone2) +keyname22=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone2) cat $infile1 $keyname11.key $keyname12.key >$zonefile1 cat $infile2 $keyname21.key $keyname22.key >$zonefile2 diff --git a/bin/tests/system/ecdsa/ns1/sign.sh b/bin/tests/system/ecdsa/ns1/sign.sh index ec41d20b02b..6b8fc5940f2 100644 --- a/bin/tests/system/ecdsa/ns1/sign.sh +++ b/bin/tests/system/ecdsa/ns1/sign.sh @@ -24,15 +24,15 @@ echo_i "ns1/sign.sh" cp $infile $zonefile if [ $ECDSAP256SHA256_SUPPORTED = 1 ]; then - zsk256=$($KEYGEN -q -a ECDSA256 -n zone "$zone") - ksk256=$($KEYGEN -q -a ECDSA256 -n zone -f KSK "$zone") + zsk256=$($KEYGEN -q -a ECDSA256 "$zone") + ksk256=$($KEYGEN -q -a ECDSA256 -f KSK "$zone") cat "$ksk256.key" "$zsk256.key" >>"$zonefile" $DSFROMKEY -a sha-256 "$ksk256.key" >>dsset-256 fi if [ $ECDSAP384SHA384_SUPPORTED = 1 ]; then - zsk384=$($KEYGEN -q -a ECDSA384 -n zone "$zone") - ksk384=$($KEYGEN -q -a ECDSA384 -n zone -f KSK "$zone") + zsk384=$($KEYGEN -q -a ECDSA384 "$zone") + ksk384=$($KEYGEN -q -a ECDSA384 -f KSK "$zone") cat "$ksk384.key" "$zsk384.key" >>"$zonefile" $DSFROMKEY -a sha-256 "$ksk384.key" >>dsset-256 fi diff --git a/bin/tests/system/eddsa/ns1/sign.sh b/bin/tests/system/eddsa/ns1/sign.sh index d1b06f7c055..c202d32dc6b 100644 --- a/bin/tests/system/eddsa/ns1/sign.sh +++ b/bin/tests/system/eddsa/ns1/sign.sh @@ -24,15 +24,15 @@ echo_i "ns1/sign.sh" cp $infile $zonefile if [ $ED25519_SUPPORTED = 1 ]; then - zsk25519=$($KEYGEN -q -a ED25519 -n zone "$zone") - ksk25519=$($KEYGEN -q -a ED25519 -n zone -f KSK "$zone") + zsk25519=$($KEYGEN -q -a ED25519 "$zone") + ksk25519=$($KEYGEN -q -a ED25519 -f KSK "$zone") cat "$ksk25519.key" "$zsk25519.key" >>"$zonefile" $DSFROMKEY -a sha-256 "$ksk25519.key" >>dsset-256 fi if [ $ED448_SUPPORTED = 1 ]; then - zsk448=$($KEYGEN -q -a ED448 -n zone "$zone") - ksk448=$($KEYGEN -q -a ED448 -n zone -f KSK "$zone") + zsk448=$($KEYGEN -q -a ED448 "$zone") + ksk448=$($KEYGEN -q -a ED448 -f KSK "$zone") cat "$ksk448.key" "$zsk448.key" >>"$zonefile" $DSFROMKEY -a sha-256 "$ksk448.key" >>dsset-256 fi diff --git a/bin/tests/system/forward/ns1/sign.sh b/bin/tests/system/forward/ns1/sign.sh index 5e85fd5bc40..e5860a59d24 100644 --- a/bin/tests/system/forward/ns1/sign.sh +++ b/bin/tests/system/forward/ns1/sign.sh @@ -22,8 +22,8 @@ zonefile=root.db echo_i "ns1/sign.sh" -ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") -zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +ksk=$("$KEYGEN" -q -fk -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") +zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$ksk.key" "$zsk.key" >"$zonefile" diff --git a/bin/tests/system/glue/ns1/sign.sh b/bin/tests/system/glue/ns1/sign.sh index 7a686266d64..02b14da7f99 100644 --- a/bin/tests/system/glue/ns1/sign.sh +++ b/bin/tests/system/glue/ns1/sign.sh @@ -21,7 +21,7 @@ zonefile=tc-test-signed.db # been carefully chosen to ensure that the signed referral response checked in # the test will be around 512 bytes in size with glue records excluded. Please # keep this in mind when updating signing algorithms used in system tests. -keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone) +keyname=$($KEYGEN -q -a RSASHA256 -b 2048 $zone) cat "$infile" "$keyname.key" >"$zonefile" $SIGNER -P -o $zone $zonefile >/dev/null diff --git a/bin/tests/system/inline/ns1/sign.sh b/bin/tests/system/inline/ns1/sign.sh index e55f5e7a96f..8175a174f00 100644 --- a/bin/tests/system/inline/ns1/sign.sh +++ b/bin/tests/system/inline/ns1/sign.sh @@ -16,8 +16,8 @@ zone=. rm -f K.+*+*.key rm -f K.+*+*.private -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) $SIGNER -S -x -T 1200 -o ${zone} root.db >signer.out [ $? = 0 ] || cat signer.out diff --git a/bin/tests/system/inline/ns3/sign.sh b/bin/tests/system/inline/ns3/sign.sh index 1b2a905db62..2987811da9f 100755 --- a/bin/tests/system/inline/ns3/sign.sh +++ b/bin/tests/system/inline/ns3/sign.sh @@ -14,43 +14,43 @@ . ../../conf.sh # Fake an unsupported key -unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone unsupported) +unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" unsupported) awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${unsupportedkey}.key >${unsupportedkey}.tmp mv ${unsupportedkey}.tmp ${unsupportedkey}.key zone=bits rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) $DSFROMKEY -T 1200 $keyname >>../ns1/root.db zone=noixfr rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) $DSFROMKEY -T 1200 $keyname >>../ns1/root.db zone=primary rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) $DSFROMKEY -T 1200 $keyname >>../ns1/root.db zone=dynamic rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) $DSFROMKEY -T 1200 $keyname >>../ns1/root.db zone=updated rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -L 3600 -n zone $zone) -ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -L 3600 -n zone -f KSK $zone) +zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -L 3600 $zone) +ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -L 3600 -f KSK $zone) $SETTIME -s -g OMNIPRESENT -k RUMOURED now -z RUMOURED now "$zsk" >settime.out.updated.1 2>&1 $SETTIME -s -g OMNIPRESENT -k RUMOURED now -r RUMOURED now -d HIDDEN now "$ksk" >settime.out.updated.2 2>&1 $DSFROMKEY -T 1200 $ksk >>../ns1/root.db @@ -61,53 +61,53 @@ cp primary2.db.in updated.db zone=expired rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) $DSFROMKEY -T 1200 $keyname >>../ns1/root.db $SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db >/dev/null zone=retransfer rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) $DSFROMKEY -T 1200 $keyname >>../ns1/root.db zone=nsec3 rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) $DSFROMKEY -T 1200 $keyname >>../ns1/root.db zone=delayedkeys rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) # Keys for the "delayedkeys" zone should not be initially accessible. mv K${zone}.+*+*.* ../ zone=removedkeys-primary rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) zone=removedkeys-secondary rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) for s in a c d h k l m q z; do zone=test-$s - keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) + keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) done for s in b f i o p t v; do zone=test-$s - keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) - keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) + keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) + keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) done zone=externalkey @@ -116,10 +116,10 @@ rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private for alg in ${DEFAULT_ALGORITHM} ${ALTERNATIVE_ALGORITHM}; do - k1=$($KEYGEN -q -a $alg -n zone -f KSK $zone) - k2=$($KEYGEN -q -a $alg -n zone $zone) - k3=$($KEYGEN -q -a $alg -n zone $zone) - k4=$($KEYGEN -q -a $alg -n zone -f KSK $zone) + k1=$($KEYGEN -q -a $alg -f KSK $zone) + k2=$($KEYGEN -q -a $alg $zone) + k3=$($KEYGEN -q -a $alg $zone) + k4=$($KEYGEN -q -a $alg -f KSK $zone) $DSFROMKEY -T 1200 $k4 >>../ns1/root.db cat $k1.key $k2.key >>$zonefile diff --git a/bin/tests/system/inline/ns7/sign.sh b/bin/tests/system/inline/ns7/sign.sh index 8479388fdf6..e43b7e6c306 100755 --- a/bin/tests/system/inline/ns7/sign.sh +++ b/bin/tests/system/inline/ns7/sign.sh @@ -19,6 +19,6 @@ zone=nsec3-loop rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private -keyname=$($KEYGEN -q -a RSASHA256 -b 4096 -n zone $zone) -keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone) -keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone -f KSK $zone) +keyname=$($KEYGEN -q -a RSASHA256 -b 4096 $zone) +keyname=$($KEYGEN -q -a RSASHA256 -b 2048 $zone) +keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -f KSK $zone) diff --git a/bin/tests/system/inline/ns8/sign.sh b/bin/tests/system/inline/ns8/sign.sh index 56d097dac77..d0ce23440d7 100755 --- a/bin/tests/system/inline/ns8/sign.sh +++ b/bin/tests/system/inline/ns8/sign.sh @@ -19,8 +19,8 @@ for zone in example01.com example02.com example03.com example04.com \ example13.com example14.com example15.com example16.com; do rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private - keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone) - keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone -f KSK $zone) + keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone) + keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -f KSK $zone) cp example.com.db.in ${zone}.db $SIGNER -S -T 3600 -O raw -L 2000042407 -o ${zone} ${zone}.db >/dev/null 2>&1 done @@ -28,7 +28,7 @@ done for zone in example unsigned-serial-test; do rm -f K${zone}.+*+*.key rm -f K${zone}.+*+*.private - keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone) - keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone -f KSK $zone) + keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone) + keyname=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -f KSK $zone) cp example.db.in ${zone}.db done diff --git a/bin/tests/system/legacy/ns6/sign.sh b/bin/tests/system/legacy/ns6/sign.sh index 49a44bb91a3..d6eed254f96 100755 --- a/bin/tests/system/legacy/ns6/sign.sh +++ b/bin/tests/system/legacy/ns6/sign.sh @@ -20,8 +20,8 @@ infile=edns512.db.in zonefile=edns512.db outfile=edns512.db.signed -keyname1=$($KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2>/dev/null) -keyname2=$($KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2>/dev/null) +keyname1=$($KEYGEN -a RSASHA512 -b 4096 $zone 2>/dev/null) +keyname2=$($KEYGEN -f KSK -a RSASHA512 -b 4096 $zone 2>/dev/null) cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/legacy/ns7/sign.sh b/bin/tests/system/legacy/ns7/sign.sh index 9dfa9f6732f..a7786b97ebb 100755 --- a/bin/tests/system/legacy/ns7/sign.sh +++ b/bin/tests/system/legacy/ns7/sign.sh @@ -20,8 +20,8 @@ infile=edns512-notcp.db.in zonefile=edns512-notcp.db outfile=edns512-notcp.db.signed -keyname1=$($KEYGEN -a RSASHA512 -b 4096 -n zone $zone 2>/dev/null) -keyname2=$($KEYGEN -f KSK -a RSASHA512 -b 4096 -n zone $zone 2>/dev/null) +keyname1=$($KEYGEN -a RSASHA512 -b 4096 $zone 2>/dev/null) +keyname2=$($KEYGEN -f KSK -a RSASHA512 -b 4096 $zone 2>/dev/null) cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/nsupdate/ns3/sign.sh b/bin/tests/system/nsupdate/ns3/sign.sh index 501f9fb3790..decc32e7f73 100644 --- a/bin/tests/system/nsupdate/ns3/sign.sh +++ b/bin/tests/system/nsupdate/ns3/sign.sh @@ -17,8 +17,8 @@ zone=nsec3param.test. infile=nsec3param.test.db.in zonefile=nsec3param.test.db -keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) -keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) +keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) cat $infile $keyname1.key $keyname2.key >$zonefile @@ -28,8 +28,8 @@ zone=dnskey.test. infile=dnskey.test.db.in zonefile=dnskey.test.db -keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone -f KSK $zone) -keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) +keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh index c6752ed75cb..1e5695ed97f 100755 --- a/bin/tests/system/nsupdate/tests.sh +++ b/bin/tests/system/nsupdate/tests.sh @@ -445,7 +445,7 @@ grep "mx03.update.nil/MX:.*MX is an address" ns1/named.run >/dev/null 2>&1 || re ret=0 echo_i "check SIG(0) key is accepted" -key=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -T KEY -n ENTITY xxx) +key=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -T KEY xxx) echo "" | $NSUPDATE -k ${key}.private >/dev/null 2>&1 || ret=1 [ $ret = 0 ] || { echo_i "failed" diff --git a/bin/tests/system/pending/ns1/sign.sh b/bin/tests/system/pending/ns1/sign.sh index c7b99c3f515..f2e6aea4293 100644 --- a/bin/tests/system/pending/ns1/sign.sh +++ b/bin/tests/system/pending/ns1/sign.sh @@ -22,8 +22,8 @@ zonefile=root.db cp ../ns2/dsset-example. . cp ../ns2/dsset-example.com. . -keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK -n zone $zone) +keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -o $zone $zonefile >/dev/null diff --git a/bin/tests/system/pending/ns2/sign.sh b/bin/tests/system/pending/ns2/sign.sh index 062e98944d2..01448db4eae 100644 --- a/bin/tests/system/pending/ns2/sign.sh +++ b/bin/tests/system/pending/ns2/sign.sh @@ -18,8 +18,8 @@ for domain in example example.com; do infile=${domain}.db.in zonefile=${domain}.db - keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) - keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK -n zone $zone) + keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) + keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/rootkeysentinel/ns1/sign.sh b/bin/tests/system/rootkeysentinel/ns1/sign.sh index dd33bd93f8f..735e03c1272 100644 --- a/bin/tests/system/rootkeysentinel/ns1/sign.sh +++ b/bin/tests/system/rootkeysentinel/ns1/sign.sh @@ -17,7 +17,7 @@ zone=. infile=root.db.in zonefile=root.db -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) keyid=$(expr ${keyname} : 'K.+[0-9][0-9][0-9]+\(.*\)') (cd ../ns2 && $SHELL sign.sh ${keyid:-00000}) diff --git a/bin/tests/system/rootkeysentinel/ns2/sign.sh b/bin/tests/system/rootkeysentinel/ns2/sign.sh index 456c96f38d2..78e07fd721b 100644 --- a/bin/tests/system/rootkeysentinel/ns2/sign.sh +++ b/bin/tests/system/rootkeysentinel/ns2/sign.sh @@ -22,8 +22,8 @@ zone=example. infile=example.db.in zonefile=example.db -keyname1=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone) -keyname2=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone) +keyname1=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone) +keyname2=$($KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone) cat $infile $keyname1.key $keyname2.key >$zonefile echo root-key-sentinel-is-ta-$oldid A 10.53.0.1 >>$zonefile diff --git a/bin/tests/system/rsabigexponent/ns1/sign.sh b/bin/tests/system/rsabigexponent/ns1/sign.sh index a4242a34e26..f16b7458d03 100755 --- a/bin/tests/system/rsabigexponent/ns1/sign.sh +++ b/bin/tests/system/rsabigexponent/ns1/sign.sh @@ -19,7 +19,7 @@ zonefile=root.db cp ../ns2/dsset-example.in dsset-example. -keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone) +keyname=$($KEYGEN -q -a RSASHA256 -b 2048 $zone) cat $infile $keyname.key >$zonefile diff --git a/bin/tests/system/sfcache/ns1/sign.sh b/bin/tests/system/sfcache/ns1/sign.sh index 04414d2670c..9e0323524e8 100644 --- a/bin/tests/system/sfcache/ns1/sign.sh +++ b/bin/tests/system/sfcache/ns1/sign.sh @@ -24,7 +24,7 @@ zonefile=root.db cp "../ns2/dsset-example." . -keyname=$($KEYGEN -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone $zone) +keyname=$($KEYGEN -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" $zone) cat "$infile" "$keyname.key" >"$zonefile" diff --git a/bin/tests/system/sfcache/ns2/sign.sh b/bin/tests/system/sfcache/ns2/sign.sh index 2f85059af50..fa5cf501328 100644 --- a/bin/tests/system/sfcache/ns2/sign.sh +++ b/bin/tests/system/sfcache/ns2/sign.sh @@ -20,8 +20,8 @@ zone=example. infile=example.db.in zonefile=example.db -keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") -keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") +keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") +keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") cat "$infile" "$keyname1.key" "$keyname2.key" >"$zonefile" diff --git a/bin/tests/system/sfcache/ns5/sign.sh b/bin/tests/system/sfcache/ns5/sign.sh index 7d70bea22ad..44c52227e92 100644 --- a/bin/tests/system/sfcache/ns5/sign.sh +++ b/bin/tests/system/sfcache/ns5/sign.sh @@ -16,6 +16,6 @@ set -e -keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".") +keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" ".") keyfile_to_static_ds "$keyname" >trusted.conf diff --git a/bin/tests/system/staticstub/ns3/sign.sh b/bin/tests/system/staticstub/ns3/sign.sh index ec99bb8fe1a..8b57b93a9a5 100755 --- a/bin/tests/system/staticstub/ns3/sign.sh +++ b/bin/tests/system/staticstub/ns3/sign.sh @@ -21,8 +21,8 @@ zonefile=example.db cp ../ns4/dsset-sub.example. . -keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK -n zone $zone) +keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -o $zone $zonefile >/dev/null @@ -33,8 +33,8 @@ keyfile_to_static_ds $keyname2 >trusted.conf zone=undelegated infile=undelegated.db.in zonefile=undelegated.db -keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK -n zone $zone) +keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -o $zone $zonefile >/dev/null diff --git a/bin/tests/system/staticstub/ns4/sign.sh b/bin/tests/system/staticstub/ns4/sign.sh index c8f778edfa2..50a56ca6b93 100755 --- a/bin/tests/system/staticstub/ns4/sign.sh +++ b/bin/tests/system/staticstub/ns4/sign.sh @@ -17,8 +17,8 @@ zone=sub.example infile=${zone}.db.in zonefile=${zone}.db -keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) -keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK -n zone $zone) +keyname1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) +keyname2=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -f KSK $zone) cat $infile $keyname1.key $keyname2.key >$zonefile diff --git a/bin/tests/system/synthfromdnssec/ns1/sign.sh b/bin/tests/system/synthfromdnssec/ns1/sign.sh index 264e50457ec..7d37d867ab6 100644 --- a/bin/tests/system/synthfromdnssec/ns1/sign.sh +++ b/bin/tests/system/synthfromdnssec/ns1/sign.sh @@ -18,7 +18,7 @@ zone=example infile=example.db.in zonefile=example.db -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) cat "$infile" "$keyname.key" >"$zonefile" echo insecure NS ns1.insecure >>"$zonefile" echo ns1.insecure A 10.53.0.1 >>"$zonefile" @@ -29,7 +29,7 @@ zone=insecure.example infile=example.db.in zonefile=insecure.example.db -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) cat "$infile" "$keyname.key" >"$zonefile" $SIGNER -P -o $zone $zonefile >/dev/null @@ -38,7 +38,7 @@ zone=dnamed infile=dnamed.db.in zonefile=dnamed.db -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) cat "$infile" "$keyname.key" >"$zonefile" $SIGNER -P -o $zone $zonefile >/dev/null @@ -47,7 +47,7 @@ zone=minimal infile=minimal.db.in zonefile=minimal.db -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) cat "$infile" "$keyname.key" >"$zonefile" # do not regenerate NSEC chain as there in a minimal NSEC record present @@ -57,7 +57,7 @@ zone=soa-without-dnskey infile=soa-without-dnskey.db.in zonefile=soa-without-dnskey.db -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $zone) cat "$infile" "$keyname.key" >"$zonefile" # do not regenerate NSEC chain as there in a minimal NSEC record present @@ -67,7 +67,7 @@ zone=. infile=root.db.in zonefile=root.db -keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} $zone) cat "$infile" "$keyname.key" >"$zonefile" $SIGNER -P -g -o $zone $zonefile >/dev/null diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh index 2f3059d7805..d8c879877f4 100644 --- a/bin/tests/system/tsig/tests.sh +++ b/bin/tests/system/tsig/tests.sh @@ -245,7 +245,7 @@ fi echo_i "check that dnssec-keygen won't generate TSIG keys" ret=0 -$KEYGEN -a hmac-sha256 -b 128 -n host example.net >keygen.out3 2>&1 && ret=1 +$KEYGEN -a hmac-sha256 -b 128 example.net >keygen.out3 2>&1 && ret=1 grep "unknown algorithm" keygen.out3 >/dev/null || ret=1 echo_i "check that a 'BADTIME' response with 'QR=0' is handled as a request" diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh index af9dcfe1911..ec3e99e1e06 100644 --- a/bin/tests/system/tsiggss/setup.sh +++ b/bin/tests/system/tsiggss/setup.sh @@ -15,5 +15,5 @@ copy_setports ns1/named.conf.in ns1/named.conf -key=$($KEYGEN -Cq -K ns1 -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n HOST -T KEY key.example.nil.) +key=$($KEYGEN -Cq -K ns1 -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -T KEY key.example.nil.) cat ns1/example.nil.db.in ns1/${key}.key >ns1/example.nil.db diff --git a/bin/tests/system/upforwd/setup.sh b/bin/tests/system/upforwd/setup.sh index 8e9da74ae88..2165f7febfc 100644 --- a/bin/tests/system/upforwd/setup.sh +++ b/bin/tests/system/upforwd/setup.sh @@ -35,7 +35,7 @@ fi # # SIG(0) requires cryptographic support which may not be configured. # -keyname=$($KEYGEN -q -n HOST -a ${DEFAULT_ALGORITHM} -T KEY sig0.example2 2>keyname.err) +keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -T KEY sig0.example2 2>keyname.err) if test -n "$keyname"; then cat ns1/example1.db $keyname.key >ns1/example2.db echo $keyname >keyname @@ -46,7 +46,7 @@ cat_i ns1/example2-toomanykeys.db for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17; do - keyname=$($KEYGEN -q -n HOST -a ${DEFAULT_ALGORITHM} -T KEY sig0.example2-toomanykeys 2>/dev/null) + keyname=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -T KEY sig0.example2-toomanykeys 2>/dev/null) if test -n "$keyname"; then cat $keyname.key >>ns1/example2-toomanykeys.db echo $keyname >keyname$i diff --git a/bin/tests/system/wildcard/ns1/sign.sh b/bin/tests/system/wildcard/ns1/sign.sh index cc011607575..d5d3f9042ec 100755 --- a/bin/tests/system/wildcard/ns1/sign.sh +++ b/bin/tests/system/wildcard/ns1/sign.sh @@ -26,8 +26,8 @@ zonefile=nsec.db outfile=nsec.db.signed dssets="$dssets dsset-${zone}." -keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null) -keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null) +keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) +keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) cat $infile $keyname1.key $keyname2.key >$zonefile @@ -39,8 +39,8 @@ infile=private.nsec.db.in zonefile=private.nsec.db outfile=private.nsec.db.signed -keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null) -keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null) +keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) +keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) cat $infile $keyname1.key $keyname2.key >$zonefile @@ -55,8 +55,8 @@ zonefile=nsec3.db outfile=nsec3.db.signed dssets="$dssets dsset-${zone}." -keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null) -keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null) +keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) +keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) cat $infile $keyname1.key $keyname2.key >$zonefile @@ -68,8 +68,8 @@ infile=private.nsec3.db.in zonefile=private.nsec3.db outfile=private.nsec3.db.signed -keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null) -keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null) +keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) +keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) cat $infile $keyname1.key $keyname2.key >$zonefile @@ -83,8 +83,8 @@ infile=root.db.in zonefile=root.db outfile=root.db.signed -keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null) -keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} -n zone $zone 2>/dev/null) +keyname1=$($KEYGEN -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) +keyname2=$($KEYGEN -f KSK -a ${DEFAULT_ALGORITHM} $zone 2>/dev/null) cat $infile $keyname1.key $keyname2.key $dssets >$zonefile -- 2.47.3