add a test for dnssec-verify -J

generate a journal file and confirm that dnssec-verify is able
to load it.

diff --git a/bin/tests/system/verify/clean.sh b/bin/tests/system/verify/clean.sh
index c1d692e95a78725254aadef3d09982d969892066..3f781e946f5eac98943260f6b3cd1ab12ab97e52 100644 (file)
--- a/bin/tests/system/verify/clean.sh
+++ b/bin/tests/system/verify/clean.sh
@@ -17,3 +17,4 @@ rm -f zones/*.out*
 rm -f zones/*.tmp
 rm -f zones/K*
 rm -f zones/dsset-*
+rm -f zones/updated*

diff --git a/bin/tests/system/verify/tests.sh b/bin/tests/system/verify/tests.sh
index 4ae47f136992ec1ddc4f3f30259d8a009fd9d356..930380fdb0d98535d6138042e50be942bb5d672d 100644 (file)
--- a/bin/tests/system/verify/tests.sh
+++ b/bin/tests/system/verify/tests.sh
@@ -21,7 +21,7 @@ status=0
 
 for file in zones/*.good
 do
-       n=`expr $n + 1`
+       n=$((n+1))
        zone=`expr "$file" : 'zones/\(.*\).good'`
        echo_i "checking supposedly good zone: $zone ($n)"
        ret=0
@@ -36,7 +36,7 @@ done
 
 for file in zones/*.bad
 do
-       n=`expr $n + 1`
+       n=$((n+1))
        zone=`expr "$file" : 'zones/\(.*\).bad'`
        echo_i "checking supposedly bad zone: $zone ($n)"
        ret=0
@@ -88,7 +88,7 @@ do
        [ $dumpit = 1 ] && cat verify.out.$n
 done
 
-n=`expr $n + 1`
+n=$((n+1))
 echo_i "checking error message when -o is not used and a SOA record not at top of zone is found ($n)"
 ret=0
 # When -o is not used, origin is set to zone file name, which should cause an error in this case
@@ -97,7 +97,7 @@ grep "not at top of zone" verify.out.$n > /dev/null || ret=1
 grep "use -o to specify a different zone origin" verify.out.$n > /dev/null || ret=1
 [ $ret = 0 ] || failed
 
-n=`expr $n + 1`
+n=$((n+1))
 echo_i "checking error message when an invalid -o is specified and a SOA record not at top of zone is found ($n)"
 ret=0
 $VERIFY -o invalid.origin zones/ksk+zsk.nsec.good > verify.out.$n 2>&1 && ret=1
@@ -105,5 +105,10 @@ grep "not at top of zone" verify.out.$n > /dev/null || ret=1
 grep "use -o to specify a different zone origin" verify.out.$n > /dev/null && ret=1
 [ $ret = 0 ] || failed
 
+n=$((n+1))
+echo_i "checking dnssec-verify -J reads journal file ($n)"
+$VERIFY -o updated -J zones/updated.other.jnl zones/updated.other > verify.out.$n 2>&1 || ret=1
+[ $ret = 0 ] || failed
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

diff --git a/bin/tests/system/verify/zones/genzones.sh b/bin/tests/system/verify/zones/genzones.sh
index 2884085a1e93b3aba2bfc2e38d8d8d81e8c96506..2438727abac6e1beb696b9a278a14a7230dc1442 100644 (file)
--- a/bin/tests/system/verify/zones/genzones.sh
+++ b/bin/tests/system/verify/zones/genzones.sh
@@ -242,3 +242,14 @@ $4 == "NSEC3" && NF == 9 {
 cat ${file}.tmp >> ${file}
 rm -f ${file}.tmp
 $SIGNER -3 - -Px -Z nonsecify -O full -o ${zone} -f ${file} ${file} $zsk > s.out$n || dumpit s.out$n
+
+# sign and verify with journal file
+setup updated other
+$KEYGEN -a rsasha256 ${zone} > kg1.out$n 2>&1 || dumpit kg1.out$n
+$KEYGEN -a rsasha256 -fK ${zone} > kg2.out$n 2>&1 || dumpit kg2.out$n
+cat unsigned.db $ksk.key $zsk.key > $file
+$SIGNER -SPx -o ${zone} -f $file $file > s.out$n || dumpit s.out$n
+sed -e '/serial/s/0/1/' $file > ${file}.update
+echo "extra 3600 IN A 4.3.2.1" >> ${file}.update
+$SIGNER -SPx -o ${zone} -f ${file}.update ${file}.update > s.out$n || dumpit s.out$n
+$MAKEJOURNAL updated ${file} ${file}.update ${file}.jnl > mj.out$n 2>&1 || dumpit mj.out$n