git.ipfire.org Git - thirdparty/bind9.git/commit

author	Matthijs Mekking <matthijs@isc.org>
	Thu, 28 Apr 2022 14:45:33 +0000 (16:45 +0200)
committer	Matthijs Mekking <matthijs@isc.org>
	Fri, 29 Apr 2022 11:59:49 +0000 (13:59 +0200)
commit	22f3c453f00917fbaa1afbf2e2e89fda9411650b
tree	3d80cebe35d6d087027e5db5d8cc3382450b4054	tree \| snapshot
parent	3625cf1f639b067d2ab0307102f3a8abe8213c10	commit \| diff

Fix a kasp system test bug

In '_check_apex_dnskey' we check for each key (KEY1 to KEY4) if they
are present in the DNSKEY RRset if they should be.

However, we only grep the dig output for the first seven fields (owner,
ttl, class, type, flags, protocol, algorithm). This can be the same
for different keys.

For example, KEY1 may be KSK predecessor and KEY2 a KSK successor,
both DNSKEY records for these keys are the same up to the public key
field. This can cause test failures if KEY1 needs to be present, but
KEY2 not, because when grepping for KEY2 we will falsely detect the
key to be present (because the grep matches KEY1).

Fix the function by grepping looking for the first seven fields in the
corresponding key file and retrieve the public key part. Grep for this
in the dig output.

(cherry picked from commit 3e1d09ac665e835ab4f46357e91b5cde50a441d7)