silence a spurious dnssec-keygen warning in the dnssec system test

the occluded-key test creates both a KEY and a DNSKEY. the second
call to dnssec-keygen calls dns_dnssec_findmatchingkeys(), which causes
a spurious warning to be printed when it sees the type KEY record.
this should be fixed in dnssec.c, but the meantime this change silences
the warning by reversing the order in which the keys are created.

(cherry picked from commit 6661db95641f3944378e4d1a52fea116725fdcd1)

diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh
index b98a8b42dac6f2fe17363999edc14ec5d71c993b..ff55d84b9c8dd146c84d91703814b241017528aa 100644 (file)
--- a/bin/tests/system/dnssec/ns3/sign.sh
+++ b/bin/tests/system/dnssec/ns3/sign.sh
@@ -598,8 +598,8 @@ infile=occluded.example.db.in
 zonefile=occluded.example.db
 kskname=`"$KEYGEN" -q -r $RANDFILE -a RSASHA256 -b 1024 -fk "$zone"`
 zskname=`"$KEYGEN" -q -r $RANDFILE -a RSASHA256 -b 1024 "$zone"`
-keyname=`"$KEYGEN" -q -r $RANDFILE -a RSASHA1 -b 1024 -n ENTITY -T KEY "delegation.$zone"`
 dnskeyname=`"$KEYGEN" -q -r $RANDFILE -a RSASHA256 -b 1024 -fk "delegation.$zone"`
+keyname=`"$KEYGEN" -q -r $RANDFILE -a RSASHA1 -b 1024 -n ENTITY -T KEY "delegation.$zone"`
 $DSFROMKEY "$dnskeyname.key" > "dsset-delegation.${zone}$TP"
 cat "$infile" "${kskname}.key" "${zskname}.key" "${keyname}.key" \
     "${dnskeyname}.key" "dsset-delegation.${zone}$TP" >"$zonefile"