From 80d4bc9577d8f3fda68e3eb25d4dba8cb8ba47f0 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Mon, 7 Apr 2025 20:55:41 +0100
Subject: [PATCH] test: switch to new config keyword for bind9 >= 9.21

bind9 9.21 removed the deprecated 'managed-keys', swap it with
'trust-anchors' if the version is 9.21 or newer

[   20.654086] TEST-75-RESOLVED.sh[1217]: + delv -a /etc/bind.keys @ns1.unsigned.test signed.test
[   20.654425] TEST-75-RESOLVED.sh[1218]: + tee /tmp/tmp.D4LNomAKqY
[   20.672599] TEST-75-RESOLVED.sh[1218]: ;; /etc/bind.keys:1: option 'managed-keys' no longer exists

(cherry picked from commit 5f8e5297b4699922aa003353ac1db6559805301f)
(cherry picked from commit 85df0981b27c59649fa75916ba1efb4fe820a4dd)
---
 test/units/TEST-75-RESOLVED.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/test/units/TEST-75-RESOLVED.sh b/test/units/TEST-75-RESOLVED.sh
index 5dfd741a59f..e8832f190a3 100755
--- a/test/units/TEST-75-RESOLVED.sh
+++ b/test/units/TEST-75-RESOLVED.sh
@@ -154,10 +154,13 @@ EOF
     # Create a trust anchor for resolved with our root zone
     keymgr . ds | sed 's/ DS/ IN DS/g' >/etc/dnssec-trust-anchors.d/root.positive
     # Create a bind-compatible trust anchor (for delv)
-    # Note: the trust-anchors directive is relatively new, so use the original
-    #       managed-keys one until it's widespread enough
+    # Note: managed-keys was removed in version 9.21, use the newer trust-anchors directive
     {
-        echo 'managed-keys {'
+        if systemd-analyze compare-versions "$(delv -v | awk '{print $2}')" ge 9.21; then
+            echo 'trust-anchors {'
+        else
+            echo 'managed-keys {'
+        fi
         keymgr . dnskey | sed -r 's/^\. DNSKEY ([0-9]+ [0-9]+ [0-9]+) (.+)$/. static-key \1 "\2";/g'
         echo '};'
     } >/etc/bind.keys
-- 
2.47.3