<<: *build_job
system:gcc:softhsm2.6:
- variables:
- DISABLE_ALGORITHM_SUPPORT_CHECKING: 1
<<: *debian_bullseye_amd64_image
<<: *system_test_job
needs:
# Set up color-coded test output
#
if [ ${SYSTEMTEST_FORCE_COLOR:-0} -eq 1 ] || test -t 1 && type tput > /dev/null 2>&1 && tput setaf 7 > /dev/null 2>&1 ; then
- export COLOR_END=`tput setaf 4` # blue
- export COLOR_FAIL=`tput setaf 1` # red
- export COLOR_INFO=`tput bold` # bold
- export COLOR_NONE=`tput sgr0`
- export COLOR_PASS=`tput setaf 2` # green
- export COLOR_START=`tput setaf 4` # blue
- export COLOR_WARN=`tput setaf 3` # yellow
+ COLOR_END=`tput setaf 4` # blue
+ COLOR_FAIL=`tput setaf 1` # red
+ COLOR_INFO=`tput bold` # bold
+ COLOR_NONE=`tput sgr0`
+ COLOR_PASS=`tput setaf 2` # green
+ COLOR_START=`tput setaf 4` # blue
+ COLOR_WARN=`tput setaf 3` # yellow
else
# set to empty strings so printf succeeds
- export COLOR_END=''
- export COLOR_FAIL=''
- export COLOR_INFO=''
- export COLOR_NONE=''
- export COLOR_PASS=''
- export COLOR_START=''
- export COLOR_WARN=''
+ COLOR_END=''
+ COLOR_FAIL=''
+ COLOR_INFO=''
+ COLOR_NONE=''
+ COLOR_PASS=''
+ COLOR_START=''
+ COLOR_WARN=''
fi
-export SYSTESTDIR="`basename $PWD`"
+SYSTESTDIR="`basename $PWD`"
if type printf > /dev/null 2>&1
then
# Useful variables in test scripts
#
-# The following script sets the following algorithm-related variables. These
-# are selected randomly at runtime from a list of supported algorithms. The
-# randomization is deterministic and remains stable for a period of time for a
-# given platform.
-#
# Default algorithm for testing.
-# DEFAULT_ALGORITHM
-# DEFAULT_ALGORITHM_NUMBER
-# DEFAULT_BITS
-#
-# This is an alternative algorithm for test cases that require more than one
-# algorithm (for example algorithm rollover). Must be different from
+DEFAULT_ALGORITHM=ECDSAP256SHA256
+DEFAULT_ALGORITHM_NUMBER=13
+DEFAULT_BITS=256
+
+# This is an alternative algorithm for test cases that require more than
+# one algorithm (for example algorithm rollover). Must be different from
# DEFAULT_ALGORITHM.
-# ALTERNATIVE_ALGORITHM
-# ALTERNATIVE_ALGORITHM_NUMBER
-# ALTERNATIVE_BITS
-#
-# This is an algorithm that is used for tests against the "disable-algorithms"
-# configuration option. Must be different from above algorithms.
-# DISABLED_ALGORITHM
-# DISABLED_ALGORITHM_NUMBER
-# DISABLED_BITS
-#
-# There are multiple algoritms sets to choose from (see get_algorithms.py). To
-# override the default choice, set the ALGORITHM_SET env var (see mkeys system
-# test for example).
-eval "$($PYTHON "$TOP_SRCDIR/bin/tests/system/get_algorithms.py")"
+ALTERNATIVE_ALGORITHM=RSASHA256
+ALTERNATIVE_ALGORITHM_NUMBER=8
+ALTERNATIVE_BITS=1280
+
+# This is an algorithm that is used for tests against the
+# "disable-algorithms" configuration option. Must be different from above
+# algorithms.
+DISABLED_ALGORITHM=ECDSAP384SHA384
+DISABLED_ALGORITHM_NUMBER=14
+DISABLED_BITS=384
# Default HMAC algorithm.
-export DEFAULT_HMAC=hmac-sha256
+DEFAULT_HMAC=hmac-sha256
#
# Useful functions in test scripts
-e "s/${atsign}DISABLED_BITS${atsign}/${DISABLED_BITS}/g" \
$1 > $2
}
+
+#
+# Export command paths
+#
+export ARPANAME
+export BIGKEY
+export CDS
+export CHECKZONE
+export CYGWIN
+export DESCRIPTION
+export DIG
+export FEATURETEST
+export FSTRM_CAPTURE
+export GENCHECK
+export JOURNALPRINT
+export KEYCREATE
+export KEYDELETE
+export KEYFRLAB
+export KEYGEN
+export KEYSETTOOL
+export KEYSIGNER
+export KRB5_CONFIG
+export KRB5_KTNAME
+export MAKEJOURNAL
+export MDIG
+export NAMED
+export NSEC3HASH
+export NSLOOKUP
+export NSUPDATE
+export NZD2NZF
+export PERL
+export PIPEQUERIES
+export PK11DEL
+export PK11GEN
+export PK11LIST
+export PSSUSPEND
+export PYTHON
+export RESOLVE
+export RNDC
+export RRCHECKER
+export SIGNER
+export SUBDIRS
+export TMPDIR
+export TSIGKEYGEN
+export VERIFY
+export WIRETEST
#
# Find the top of the BIND9 tree.
-export TOP=@abs_top_builddir@
-export TOP_SRCDIR=@abs_top_srcdir@
+TOP=@abs_top_builddir@
+TOP_SRCDIR=@abs_top_srcdir@
# Provide TMPDIR variable for tests that need it.
-export TMPDIR=${TMPDIR:-/tmp}
+TMPDIR=${TMPDIR:-/tmp}
# This is not the windows build.
-export CYGWIN=""
-
-export ARPANAME=$TOP/bin/tools/arpaname
-export CDS=$TOP/bin/dnssec/dnssec-cds
-export CHECKCONF=$TOP/bin/check/named-checkconf
-export CHECKDS=$TOP/bin/python/dnssec-checkds
-export CHECKZONE=$TOP/bin/check/named-checkzone
-export COVERAGE=$TOP/bin/python/dnssec-coverage
-export DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
-export DELV=$TOP/bin/delv/delv
-export DIG=$TOP/bin/dig/dig
-export DNSTAPREAD=$TOP/bin/tools/dnstap-read
-export DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey
-export FEATURETEST=$TOP/bin/tests/system/feature-test
-export FSTRM_CAPTURE=@FSTRM_CAPTURE@
-export HOST=$TOP/bin/dig/host
-export IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey
-export JOURNALPRINT=$TOP/bin/tools/named-journalprint
-export KEYFRLAB=$TOP/bin/dnssec/dnssec-keyfromlabel
-export KEYGEN=$TOP/bin/dnssec/dnssec-keygen
-export KEYMGR=$TOP/bin/python/dnssec-keymgr
-export MDIG=$TOP/bin/tools/mdig
-export NAMED=$TOP/bin/named/named
-export NSEC3HASH=$TOP/bin/tools/nsec3hash
-export NSLOOKUP=$TOP/bin/dig/nslookup
-export NSUPDATE=$TOP/bin/nsupdate/nsupdate
-export NZD2NZF=$TOP/bin/tools/named-nzd2nzf
-export PK11DEL="$TOP/bin/pkcs11/pkcs11-destroy -s ${SLOT:-0} -p ${HSMPIN:-1234} -w 0"
-export PK11GEN="$TOP/bin/pkcs11/pkcs11-keygen -q -s ${SLOT:-0} -p ${HSMPIN:-1234}"
-export PK11LIST="$TOP/bin/pkcs11/pkcs11-list -s ${SLOT:-0} -p ${HSMPIN:-1234}"
-export RESOLVE=$TOP/bin/tests/system/resolve
-export REVOKE=$TOP/bin/dnssec/dnssec-revoke
-export RNDC=$TOP/bin/rndc/rndc
-export RNDCCONFGEN=$TOP/bin/confgen/rndc-confgen
-export RRCHECKER=$TOP/bin/tools/named-rrchecker
-export SETTIME=$TOP/bin/dnssec/dnssec-settime
-export SIGNER=$TOP/bin/dnssec/dnssec-signzone
-export TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen
-export VERIFY=$TOP/bin/dnssec/dnssec-verify
-export WIRETEST=$TOP/bin/tests/wire_test
-
-export BIGKEY=$TOP/bin/tests/system/rsabigexponent/bigkey
-export GENCHECK=$TOP/bin/tests/system/rndc/gencheck
-export KEYCREATE=$TOP/bin/tests/system/tkey/keycreate
-export KEYDELETE=$TOP/bin/tests/system/tkey/keydelete
-export MAKEJOURNAL=$TOP/bin/tests/makejournal
-export PIPEQUERIES=$TOP/bin/tests/system/pipelined/pipequeries
-
-# we don't want a KRB5_CONFIG setting breaking the tests
-export KRB5_CONFIG=/dev/null
-# use local keytab instead of default /etc/krb5.keytab
-export KRB5_KTNAME=dns.keytab
+CYGWIN=""
# Load common values shared between windows and unix/linux.
. $TOP/bin/tests/system/conf.sh.common
+ARPANAME=$TOP/bin/tools/arpaname
+CDS=$TOP/bin/dnssec/dnssec-cds
+CHECKCONF=$TOP/bin/check/named-checkconf
+CHECKDS=$TOP/bin/python/dnssec-checkds
+CHECKZONE=$TOP/bin/check/named-checkzone
+COVERAGE=$TOP/bin/python/dnssec-coverage
+DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
+DELV=$TOP/bin/delv/delv
+DIG=$TOP/bin/dig/dig
+DNSTAPREAD=$TOP/bin/tools/dnstap-read
+DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey
+FEATURETEST=$TOP/bin/tests/system/feature-test
+FSTRM_CAPTURE=@FSTRM_CAPTURE@
+HOST=$TOP/bin/dig/host
+IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey
+JOURNALPRINT=$TOP/bin/tools/named-journalprint
+KEYFRLAB=$TOP/bin/dnssec/dnssec-keyfromlabel
+KEYGEN=$TOP/bin/dnssec/dnssec-keygen
+KEYMGR=$TOP/bin/python/dnssec-keymgr
+MDIG=$TOP/bin/tools/mdig
+NAMED=$TOP/bin/named/named
+NSEC3HASH=$TOP/bin/tools/nsec3hash
+NSLOOKUP=$TOP/bin/dig/nslookup
+NSUPDATE=$TOP/bin/nsupdate/nsupdate
+NZD2NZF=$TOP/bin/tools/named-nzd2nzf
+PK11DEL="$TOP/bin/pkcs11/pkcs11-destroy -s ${SLOT:-0} -p ${HSMPIN:-1234} -w 0"
+PK11GEN="$TOP/bin/pkcs11/pkcs11-keygen -q -s ${SLOT:-0} -p ${HSMPIN:-1234}"
+PK11LIST="$TOP/bin/pkcs11/pkcs11-list -s ${SLOT:-0} -p ${HSMPIN:-1234}"
+RESOLVE=$TOP/bin/tests/system/resolve
+REVOKE=$TOP/bin/dnssec/dnssec-revoke
+RNDC=$TOP/bin/rndc/rndc
+RNDCCONFGEN=$TOP/bin/confgen/rndc-confgen
+RRCHECKER=$TOP/bin/tools/named-rrchecker
+SETTIME=$TOP/bin/dnssec/dnssec-settime
+SIGNER=$TOP/bin/dnssec/dnssec-signzone
+TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen
+VERIFY=$TOP/bin/dnssec/dnssec-verify
+WIRETEST=$TOP/bin/tests/wire_test
+
+BIGKEY=$TOP/bin/tests/system/rsabigexponent/bigkey
+GENCHECK=$TOP/bin/tests/system/rndc/gencheck
+KEYCREATE=$TOP/bin/tests/system/tkey/keycreate
+KEYDELETE=$TOP/bin/tests/system/tkey/keydelete
+MAKEJOURNAL=$TOP/bin/tests/makejournal
+PIPEQUERIES=$TOP/bin/tests/system/pipelined/pipequeries
+
+# we don't want a KRB5_CONFIG setting breaking the tests
+KRB5_CONFIG=/dev/null
+# use local keytab instead of default /etc/krb5.keytab
+KRB5_KTNAME=dns.keytab
+
#
# Construct the lists of tests to run
#
# Things that are different on Windows
-export KILL=kill
-export DIFF=diff
-export DOS2UNIX=true
+KILL=kill
+DIFF=diff
+DOS2UNIX=true
# There's no trailing period on Windows
-export TP=.
+TP=.
# Use the CONFIG_SHELL detected by configure for tests
-export SHELL=@SHELL@
+SHELL=@SHELL@
# CURL will be empty if no program was found by configure
-export CURL=@CURL@
+CURL=@CURL@
# XMLLINT will be empty if no program was found by configure
-export XMLLINT=@XMLLINT@
+XMLLINT=@XMLLINT@
# XSLTPROC will be empty if no program was found by configure
-export XSLTPROC=@XSLTPROC@
+XSLTPROC=@XSLTPROC@
# PERL will be an empty string if no perl interpreter was found.
-export PERL=@PERL@
+PERL=@PERL@
# Windows process management leave empty
-export PSSUSPEND=
+PSSUSPEND=
-export PYTHON=@PYTHON@
-export PYTEST=@PYTEST@
+PYTHON=@PYTHON@
+PYTEST=@PYTEST@
#
# Determine if we support various optional features.
#
-export LIBXML2_LIBS="@LIBXML2_LIBS@"
-export HAVEXMLSTATS=${LIBXML2_LIBS:+1}
-export JSON_C_LIBS="@JSON_C_LIBS@"
-export HAVEJSONSTATS=${JSON_C_LIBS:+1}
-export MAXMINDDB_LIBS="@MAXMINDDB_LIBS@"
-export HAVEGEOIP2=${MAXMINDDB_LIBS:+1}
-export ZLIB_LIBS="@ZLIB_LIBS@"
-export HAVEZLIB=${ZLIB_LIBS:+1}
-export NZD=@NZD_TOOLS@
-export CRYPTO=@CRYPTO@
+LIBXML2_LIBS="@LIBXML2_LIBS@"
+HAVEXMLSTATS=${LIBXML2_LIBS:+1}
+JSON_C_LIBS="@JSON_C_LIBS@"
+HAVEJSONSTATS=${JSON_C_LIBS:+1}
+MAXMINDDB_LIBS="@MAXMINDDB_LIBS@"
+HAVEGEOIP2=${MAXMINDDB_LIBS:+1}
+ZLIB_LIBS="@ZLIB_LIBS@"
+HAVEZLIB=${ZLIB_LIBS:+1}
+NZD=@NZD_TOOLS@
+CRYPTO=@CRYPTO@
+
+export HAVEXMLSTATS HAVEJSONSTATS
+++ /dev/null
-#!/usr/bin/python3
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-# This script is a 'port' broker. It keeps track of ports given to the
-# individual system subtests, so every test is given a unique port range.
-
-import logging
-import os
-from pathlib import Path
-import platform
-import random
-import subprocess
-import time
-from typing import Dict, List, NamedTuple, Union
-
-# Uncomment to enable DEBUG logging
-# logging.basicConfig(
-# format="get_algorithms.py %(levelname)s %(message)s", level=logging.DEBUG
-# )
-
-STABLE_PERIOD = 3600 * 3
-"""number of secs during which algorithm selection remains stable"""
-
-
-class Algorithm(NamedTuple):
- name: str
- number: int
- bits: int
-
-
-class AlgorithmSet(NamedTuple):
- """Collection of DEFAULT, ALTERNATIVE and DISABLED algorithms"""
-
- default: Union[Algorithm, List[Algorithm]]
- """DEFAULT is the algorithm for testing."""
-
- alternative: Union[Algorithm, List[Algorithm]]
- """ALTERNATIVE is an alternative algorithm for test cases that require more
- than one algorithm (for example algorithm rollover)."""
-
- disabled: Union[Algorithm, List[Algorithm]]
- """DISABLED is an algorithm that is used for tests against the
- "disable-algorithms" configuration option."""
-
-
-RSASHA1 = Algorithm("RSASHA1", 5, 1280)
-RSASHA256 = Algorithm("RSASHA256", 8, 1280)
-RSASHA512 = Algorithm("RSASHA512", 10, 1280)
-ECDSAP256SHA256 = Algorithm("ECDSAP256SHA256", 13, 256)
-ECDSAP384SHA384 = Algorithm("ECDSAP384SHA384", 14, 384)
-ED25519 = Algorithm("ED25519", 15, 256)
-ED448 = Algorithm("ED448", 16, 456)
-
-ALL_ALGORITHMS = [
- RSASHA1,
- RSASHA256,
- RSASHA512,
- ECDSAP256SHA256,
- ECDSAP384SHA384,
- ED25519,
- ED448,
-]
-
-ALGORITHM_SETS = {
- "stable": AlgorithmSet(
- default=ECDSAP256SHA256, alternative=RSASHA256, disabled=ECDSAP384SHA384
- ),
- "ecc_default": AlgorithmSet(
- default=[
- ECDSAP256SHA256,
- ECDSAP384SHA384,
- ED25519,
- ED448,
- ],
- alternative=RSASHA256,
- disabled=RSASHA512,
- ),
- # FUTURE The system tests needs more work before they're ready for this.
- # "random": AlgorithmSet(
- # default=ALL_ALGORITHMS,
- # alternative=ALL_ALGORITHMS,
- # disabled=ALL_ALGORITHMS,
- # ),
-}
-
-TESTCRYPTO = Path(__file__).resolve().parent / "testcrypto.sh"
-
-KEYGEN = os.getenv("KEYGEN", "")
-if not KEYGEN:
- raise RuntimeError("KEYGEN environment variable has to be set")
-
-ALGORITHM_SET = os.getenv("ALGORITHM_SET", "stable")
-assert ALGORITHM_SET in ALGORITHM_SETS, f'ALGORITHM_SET "{ALGORITHM_SET}" unknown'
-logging.debug('choosing from ALGORITHM_SET "%s"', ALGORITHM_SET)
-
-
-def is_supported(alg: Algorithm) -> bool:
- """Test whether a given algorithm is supported on the current platform."""
- try:
- subprocess.run(
- f"{TESTCRYPTO} -q {alg.name}",
- shell=True,
- check=True,
- env={"KEYGEN": KEYGEN},
- stdout=subprocess.DEVNULL,
- )
- except subprocess.CalledProcessError as exc:
- logging.debug(exc)
- logging.info("algorithm %s not supported", alg.name)
- return False
- return True
-
-
-def filter_supported(algs: AlgorithmSet) -> AlgorithmSet:
- """Select supported algorithms from the set."""
- filtered = {}
- for alg_type in algs._fields:
- candidates = getattr(algs, alg_type)
- if isinstance(candidates, Algorithm):
- candidates = [candidates]
- supported = list(filter(is_supported, candidates))
- if len(supported) == 1:
- supported = supported.pop()
- elif not supported:
- raise RuntimeError(
- f'no {alg_type.upper()} algorithm from "{ALGORITHM_SET}" set '
- "supported on this platform"
- )
- filtered[alg_type] = supported
- return AlgorithmSet(**filtered)
-
-
-def select_random(algs: AlgorithmSet, stable_period=STABLE_PERIOD) -> AlgorithmSet:
- """Select random DEFAULT, ALTERNATIVE and DISABLED algorithms from the set.
-
- The algorithm selection is deterministic for a given time period and
- platform. This should make potential issues more reproducible.
-
- To increase the likelyhood of detecting an issue with a given algorithm in
- CI, the current platform is used as a randomness source. When testing on
- multiple platforms at the same time, this ensures more algorithm variance
- while keeping reproducibility for a single platform.
-
- The function also ensures that DEFAULT, ALTERNATIVE and DISABLED algorithms
- are all different.
- """
- # FUTURE Random selection of ALTERNATIVE and DISABLED algorithms needs to
- # be implemented.
- alternative = algs.alternative
- disabled = algs.disabled
- assert isinstance(
- alternative, Algorithm
- ), "ALTERNATIVE algorithm randomization not supported yet"
- assert isinstance(
- disabled, Algorithm
- ), "DISABLED algorithm randomization not supported yet"
-
- # initialize randomness
- now = time.time()
- time_seed = int(now - now % stable_period)
- seed = f"{platform.platform()}_{time_seed}"
- random.seed(seed)
-
- # DEFAULT selection
- if isinstance(algs.default, Algorithm):
- default = algs.default
- else:
- candidates = algs.default
- for taken in [alternative, disabled]:
- try:
- candidates.remove(taken)
- except ValueError:
- pass
- assert len(candidates), "no possible choice for DEFAULT algorithm"
- random.shuffle(candidates)
- default = candidates[0]
-
- # Ensure only single algorithm is present for each option
- assert isinstance(default, Algorithm)
- assert isinstance(alternative, Algorithm)
- assert isinstance(disabled, Algorithm)
-
- assert default != alternative, "DEFAULT and ALTERNATIVE algorithms are the same"
- assert default != disabled, "DEFAULT and DISABLED algorithms are the same"
- assert alternative != disabled, "ALTERNATIVE and DISABLED algorithms are the same"
-
- return AlgorithmSet(default, alternative, disabled)
-
-
-def algorithms_env(algs: AlgorithmSet) -> Dict[str, str]:
- """Return environment variables with selected algorithms as a dict."""
- algs_env: Dict[str, str] = {}
-
- def set_alg_env(alg: Algorithm, prefix):
- algs_env[f"{prefix}_ALGORITHM"] = alg.name
- algs_env[f"{prefix}_ALGORITHM_NUMBER"] = str(alg.number)
- algs_env[f"{prefix}_BITS"] = str(alg.bits)
-
- assert isinstance(algs.default, Algorithm)
- assert isinstance(algs.alternative, Algorithm)
- assert isinstance(algs.disabled, Algorithm)
-
- set_alg_env(algs.default, "DEFAULT")
- set_alg_env(algs.alternative, "ALTERNATIVE")
- set_alg_env(algs.disabled, "DISABLED")
-
- logging.info("selected algorithms: %s", algs_env)
- return algs_env
-
-
-def main():
- disable_checking = int(os.getenv("DISABLE_ALGORITHM_SUPPORT_CHECKING", "0"))
- try:
- algs = ALGORITHM_SETS[ALGORITHM_SET]
- if not disable_checking:
- algs = filter_supported(algs)
- algs = select_random(algs)
- algs_env = algorithms_env(algs)
- except Exception:
- # if anything goes wrong, the conf.sh ignores error codes, so make sure
- # we set an environment variable to an error value that can be checked
- # later by run.sh
- print("export ALGORITHM_SET=error")
- raise
- else:
- for name, value in algs_env.items():
- print(f"export {name}={value}")
-
-
-if __name__ == "__main__":
- main()
# information regarding copyright ownership.
SYSTEMTESTTOP=..
-
-export ALGORITHM_SET="ecc_default"
. $SYSTEMTESTTOP/conf.sh
-# Ensure the selected algorithm set is okay.
-if [ "$ALGORITHM_SET" = "error" ]; then
- echofail "Algorithm selection failed." >&2
- exit 1
-fi
-
copy_setports ns1/named1.conf.in ns1/named.conf
copy_setports ns2/named.conf.in ns2/named.conf
copy_setports ns3/named.conf.in ns3/named.conf
set -e
SYSTEMTESTTOP=..
-export ALGORITHM_SET="ecc_default"
#shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
# compare against the known key.
tathex=$(grep "query '_ta-[0-9a-f][0-9a-f]*/NULL/IN' approved" ns1/named.run | awk '{print $6; exit 0}' | sed -e 's/(_ta-\([0-9a-f][0-9a-f]*\)):/\1/') || true
tatkey=$($PERL -e 'printf("%d\n", hex(@ARGV[0]));' "$tathex")
-realkey=$(rndccmd 10.53.0.2 secroots - | sed -n "s#.*${DEFAULT_ALGORITHM}/\([0-9][0-9]*\) ; .*managed.*#\1#p")
+realkey=$(rndccmd 10.53.0.2 secroots - | sed -n 's#.*SHA256/\([0-9][0-9]*\) ; .*managed.*#\1#p')
[ "$tatkey" -eq "$realkey" ] || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
# information regarding copyright ownership.
SYSTEMTESTTOP=${SYSTEMTESTTOP:=..}
-
-if test -z "$KEYGEN"; then
- . $SYSTEMTESTTOP/conf.sh
- alg="-a $DEFAULT_ALGORITHM -b $DEFAULT_BITS"
-else
- alg=""
-fi
+. $SYSTEMTESTTOP/conf.sh
prog=$0
+
args=""
+alg="-a $DEFAULT_ALGORITHM -b $DEFAULT_BITS"
quiet=0
+
msg="cryptography"
while test "$#" -gt 0; do
- case $1 in
- -q)
- args="$args -q"
- quiet=1
- ;;
- rsa|RSA|rsasha1|RSASHA1)
- alg="-a RSASHA1"
- msg="RSA cryptography"
- ;;
- rsasha256|RSASHA256)
- alg="-a RSASHA256"
- msg="RSA cryptography"
- ;;
- rsasha512|RSASHA512)
- alg="-a RSASHA512"
- msg="RSA cryptography"
- ;;
- ecdsa|ECDSA|ecdsap256sha256|ECDSAP256SHA256)
- alg="-a ECDSAP256SHA256"
- msg="ECDSA cryptography"
- ;;
- ecdsap384sha384|ECDSAP384SHA384)
- alg="-a ECDSAP384SHA384"
- msg="ECDSA cryptography"
- ;;
- eddsa|EDDSA|ed25519|ED25519)
- alg="-a ED25519"
- msg="EDDSA cryptography"
- ;;
- ed448|ED448)
- alg="-a ED448"
- msg="EDDSA cryptography"
- ;;
- *)
- echo "${prog}: unknown argument"
- exit 1
- ;;
- esac
- shift
+ case $1 in
+ -q)
+ args="$args -q"
+ quiet=1
+ ;;
+ rsa|RSA|rsasha1|RSASHA1)
+ alg="-a RSASHA1"
+ msg="RSA cryptography"
+ ;;
+ rsasha256|RSASHA256)
+ alg="-a RSASHA256"
+ msg="RSA cryptography"
+ ;;
+ rsasha512|RSASHA512)
+ alg="-a RSASHA512"
+ msg="RSA cryptography"
+ ;;
+ ecdsa|ECDSA|ecdsap256sha256|ECDSAP256SHA256)
+ alg="-a ECDSAP256SHA256"
+ msg="ECDSA cryptography"
+ ;;
+ ecdsap384sha384|ECDSAP384SHA384)
+ alg="-a ECDSAP384SHA384"
+ msg="ECDSA cryptography"
+ ;;
+ eddsa|EDDSA|ed25519|ED25519)
+ alg="-a ED25519"
+ msg="EDDSA cryptography"
+ ;;
+ ed448|ED448)
+ alg="-a ED448"
+ msg="EDDSA cryptography"
+ ;;
+ *)
+ echo "${prog}: unknown argument"
+ exit 1
+ ;;
+ esac
+ shift
done
-if test -z "$alg"; then
- echo "${prog}: no algorithm selected"
- exit 1
-fi
-
if $KEYGEN $args $alg foo > /dev/null 2>&1
then
rm -f Kfoo*
projects / thirdparty / bind9.git / commitdiff
