Test dnssec tools using zone file basename as origin

Add test cases where dnssec-signzone and dnssec-verify use the
zone file's basename as the origin when '-o' is omitted.

diff --git a/bin/tests/system/dnssectools/signer/general/test13.zone b/bin/tests/system/dnssectools/signer/general/test13.zone
new file mode 100644 (file)
index 0000000..3f2c720
--- /dev/null
+++ b/bin/tests/system/dnssectools/signer/general/test13.zone
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+;      This is a zone which has two DNSKEY records, both of which have
+; existing private key files available.  They should be loaded automatically
+; and the zone correctly signed.
+;
+$TTL 3600
+example.com.   IN      SOA ns hostmaster 00090000 1200 3600 604800 300

diff --git a/bin/tests/system/dnssectools/tests.sh b/bin/tests/system/dnssectools/tests.sh
index 85cd1ac2a65fc99dd5c80de2b9d943e3af41fc61..f8e836c8ecc72802291cc1c3d0fdd10b7a3b0c07 100644 (file)
--- a/bin/tests/system/dnssectools/tests.sh
+++ b/bin/tests/system/dnssectools/tests.sh
@@ -789,6 +789,42 @@ n=$((n + 1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status + ret))
 
+echo_i "checking dnssec-signzone without -o and zone is in directory (incorrect basename) ($n)"
+ret=0
+cp signer/general/test13.zone signer/bad.db
+$SIGNER -O full -S signer/bad.db 2>signer.err.$n && ret=1
+grep "example.com: not at top of zone" signer.err.$n >/dev/null || ret=1
+n=$((n + 1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status + ret))
+
+echo_i "checking dnssec-signzone without -o and zone is in directory ($n)"
+ret=0
+cp signer/general/test13.zone signer/example.com
+$SIGNER -S -K signer/general -O full signer/example.com >signer.out.$n || ret=1
+test -f signer/example.com.signed
+n=$((n + 1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status + ret))
+
+echo_i "checking dnssec-verify without -o and zone is in directory (incorrect basename) ($n)"
+ret=0
+$VERIFY signer/example.com.signed 2>verify.err.$n && ret=1
+grep "example.com: not at top of zone" verify.err.$n >/dev/null || ret=1
+n=$((n + 1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status + ret))
+
+echo_i "checking dnssec-verify without -o and zone is in directory ($n)"
+ret=0
+cp signer/example.com.signed signer/example.com
+$VERIFY signer/example.com >verify.out.$n || ret=1
+grep "Loading zone 'example.com' from file 'signer/example.com'" verify.out.$n >/dev/null || ret=1
+grep "Zone fully signed" verify.out.$n >/dev/null || ret=1
+n=$((n + 1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status + ret))
+
 echo_i "check that RRSIGs are correctly removed from apex when RRset is removed  NSEC ($n)"
 ret=0
 # generate signed zone with MX and AAAA records at apex.

diff --git a/bin/tests/system/dnssectools/tests_sh_dnssectools.py b/bin/tests/system/dnssectools/tests_sh_dnssectools.py
index 6ab8993543c074fff8aa0cc1652e329e8be59e71..fe70cf52c406268cfe1d82f5ba9e851e5a08a4b1 100644 (file)
--- a/bin/tests/system/dnssectools/tests_sh_dnssectools.py
+++ b/bin/tests/system/dnssectools/tests_sh_dnssectools.py
@@ -22,6 +22,13 @@ pytestmark = pytest.mark.extra_artifacts(
         "*/K*",
         "*/dsset-*",
         "*/*.signed",
+        "dsset-*",
+        "signer.err.*",
+        "signer.out.*",
+        "verify.err.*",
+        "verify.out.*",
+        "signer/bad.db",
+        "signer/example.com",
         "signer/example.db",
         "signer/example.db.after",
         "signer/example.db.before",