Test dnssec tools using zone file basename as origin

Add test cases where dnssec-signzone and dnssec-verify use the
zone file's basename as the origin when '-o' is omitted.

(cherry picked from commit 1251ae896c06c1a2e8c7953042f859847dacfa6b)

diff --git a/bin/tests/system/dnssec/signer/general/test13.zone b/bin/tests/system/dnssec/signer/general/test13.zone
new file mode 100644 (file)
index 0000000..3f2c720
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/test13.zone
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+;      This is a zone which has two DNSKEY records, both of which have
+; existing private key files available.  They should be loaded automatically
+; and the zone correctly signed.
+;
+$TTL 3600
+example.com.   IN      SOA ns hostmaster 00090000 1200 3600 604800 300

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index a922baf69ade96f9bd00c2e46aa9cc8077235122..0ee960229ac00ef55dd43bf3333a580244e121fb 100644 (file)
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -2137,6 +2137,42 @@ n=$((n + 1))
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status + ret))
 
+echo_i "checking dnssec-signzone without -o and zone is in directory (incorrect basename) ($n)"
+ret=0
+cp signer/general/test13.zone signer/bad.db
+$SIGNER -O full -S signer/bad.db 2>signer.err.$n && ret=1
+grep "example.com: not at top of zone" signer.err.$n >/dev/null || ret=1
+n=$((n + 1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status + ret))
+
+echo_i "checking dnssec-signzone without -o and zone is in directory ($n)"
+ret=0
+cp signer/general/test13.zone signer/example.com
+$SIGNER -S -K signer/general -O full signer/example.com >signer.out.$n || ret=1
+test -f signer/example.com.signed
+n=$((n + 1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status + ret))
+
+echo_i "checking dnssec-verify without -o and zone is in directory (incorrect basename) ($n)"
+ret=0
+$VERIFY signer/example.com.signed 2>verify.err.$n && ret=1
+grep "example.com: not at top of zone" verify.err.$n >/dev/null || ret=1
+n=$((n + 1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status + ret))
+
+echo_i "checking dnssec-verify without -o and zone is in directory ($n)"
+ret=0
+cp signer/example.com.signed signer/example.com
+$VERIFY signer/example.com >verify.out.$n || ret=1
+grep "Loading zone 'example.com' from file 'signer/example.com'" verify.out.$n >/dev/null || ret=1
+grep "Zone fully signed" verify.out.$n >/dev/null || ret=1
+n=$((n + 1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status + ret))
+
 echo_i "checking validated data are not cached longer than originalttl ($n)"
 ret=0
 dig_with_opts +ttl +noauth a.ttlpatch.example. @10.53.0.3 a >dig.out.ns3.test$n || ret=1

diff --git a/bin/tests/system/dnssec/tests_sh_dnssec.py b/bin/tests/system/dnssec/tests_sh_dnssec.py
index a824ee7ef9e5b18317d974b0391d0ea09c2a042c..e99434d9a031dd7edd751cab4cceb7ed4372f8e9 100644 (file)
--- a/bin/tests/system/dnssec/tests_sh_dnssec.py
+++ b/bin/tests/system/dnssec/tests_sh_dnssec.py
@@ -20,12 +20,17 @@ pytestmark = pytest.mark.extra_artifacts(
         "dig.out.*",
         "dnssectools.out.*",
         "dsfromkey.out.*",
+        "dsset-*",
         "keygen*.err*",
         "named.secroots.*",
         "nsupdate.out.*",
         "python.out.*",
         "rndc.out.*",
+        "signer.out.*",
+        "signer.err.*",
         "signing.out.*",
+        "verify.out.*",
+        "verify.err.*",
         "*/K*",
         "*/dsset-*",
         "*/managed.conf",
@@ -154,6 +159,8 @@ pytestmark = pytest.mark.extra_artifacts(
         "ns6/optout-tld.db",
         "ns7/split-rrsig.db",
         "ns7/split-rrsig.db.unsplit",
+        "signer/bad.db",
+        "signer/example.com",
         "signer/example.db",
         "signer/example.db.after",
         "signer/example.db.before",