Fix the fully signed zone check in dupsigs test

In v9.16, the number of expected signatures for the fully signed dupsigs
zone is 1009 rather than 1008, since there is one extra DNSKEY
signature. The test itself checks for the correct number, but the
barrier which waits for the zone to be fully signed doesn't.

In practice, this had the effect of always waiting the full 30 seconds
for the zone to be signed. Afterwards, the wait barrier would fail.
However, the return code isn't handled, so the test would proceed and
succeed anyway, since 30 seconds was enough time for the zone to get
fully signed.

This issue was introduced during a backport in commit
4840d6f9c9b4a25e0a5196bb9716126b29d8c266.

diff --git a/bin/tests/system/dupsigs/tests.sh b/bin/tests/system/dupsigs/tests.sh
index c9599b2234940d93e08d896502d8f22d240be379..5e52ddd69b8d520bd9c444860715503839017152 100644 (file)
--- a/bin/tests/system/dupsigs/tests.sh
+++ b/bin/tests/system/dupsigs/tests.sh
@@ -20,16 +20,16 @@ status=0
 #
 # We expect the zone to have the following:
 #
-# - 5 signatures for signing.test.
+# - 6 signatures for signing.test.
 # - 3 signatures for ns.signing.test.
 # - 2 x 500 signatures for a{0000-0499}.signing.test.
 #
-# for a total of 1008.
+# for a total of 1009.
 fully_signed () {
         $DIG axfr signing.test -p ${PORT} @10.53.0.1 |
                 awk 'BEGIN { lines = 0 }
                      $4 == "RRSIG" {lines++}
-                     END { if (lines != 1008) exit(1) }'
+                     END { if (lines != 1009) exit(1) }'
 }
 retry_quiet 30 fully_signed || ret=1