Generate test zone with multiple NSEC and NSEC3 chains

The method used to generate a test zone with multiple NSEC and
NSEC3 chains was incorrect.  Multiple calls to dnssec-signzone
with multiple parameters is not additive.  Extract the chain on
each run then add them to the final signed zone instance.

diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh
index adcb52f7d2df131a2ab2ffbd2ba37a22d664bfc8..b4ff9f394148e932e521e976244b38f2290c3337 100644 (file)
--- a/bin/tests/system/dnssec/clean.sh
+++ b/bin/tests/system/dnssec/clean.sh
@@ -94,6 +94,7 @@ rm -f ./ns3/ttlpatch.example.db ./ns3/ttlpatch.example.db.signed
 rm -f ./ns3/ttlpatch.example.db.patched
 rm -f ./ns3/unsecure.example.db ./ns3/bogus.example.db ./ns3/keyless.example.db
 rm -f ./ns3/unsupported.managed.db.tmp ./ns3/unsupported.trusted.db.tmp
+rm -f ./ns3/NSEC ./ns3/NSEC3
 rm -f ./ns4/managed-keys.bind*
 rm -f ./ns4/named_dump.db*
 rm -f ./ns6/optout-tld.db

diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh
index c32e462a115cd79600139494070de83d081b99ee..59fd58d77cbb8b10656f4ea3aba94cba75ec215a 100644 (file)
--- a/bin/tests/system/dnssec/ns3/sign.sh
+++ b/bin/tests/system/dnssec/ns3/sign.sh
@@ -340,17 +340,18 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone
 
 cat "$infile" "$keyname.key" > "$zonefile"
 
-"$SIGNER" -P -o "$zone" "$zonefile" > /dev/null
-mv "$zonefile".signed "$zonefile"
-"$SIGNER" -P -u3 - -o "$zone" "$zonefile" > /dev/null
-mv "$zonefile".signed "$zonefile"
-"$SIGNER" -P -u3 AAAA -o "$zone" "$zonefile" > /dev/null
-mv "$zonefile".signed "$zonefile"
-"$SIGNER" -P -u3 BBBB -o "$zone" "$zonefile" > /dev/null
-mv "$zonefile".signed "$zonefile"
-"$SIGNER" -P -u3 CCCC -o "$zone" "$zonefile" > /dev/null
-mv "$zonefile".signed "$zonefile"
-"$SIGNER" -P -u3 DDDD -o "$zone" "$zonefile" > /dev/null
+"$SIGNER" -P -O full -o "$zone" "$zonefile" > /dev/null
+awk '$4 == "NSEC" || ( $4 == "RRSIG" && $5 == "NSEC" ) { print }' "$zonefile".signed > NSEC
+"$SIGNER" -P -O full -u3 - -o "$zone" "$zonefile" > /dev/null
+awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed > NSEC3
+"$SIGNER" -P -O full -u3 AAAA -o "$zone" "$zonefile" > /dev/null
+awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >> NSEC3
+"$SIGNER" -P -O full -u3 BBBB -o "$zone" "$zonefile" > /dev/null
+awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >> NSEC3
+"$SIGNER" -P -O full -u3 CCCC -o "$zone" "$zonefile" > /dev/null
+awk '$4 == "NSEC3" || ( $4 == "RRSIG" && $5 == "NSEC3" ) { print }' "$zonefile".signed >> NSEC3
+"$SIGNER" -P -O full -u3 DDDD -o "$zone" "$zonefile" > /dev/null
+cat NSEC NSEC3 >> "$zonefile".signed
 
 #
 # A RSASHA256 zone.