# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
-rm -f */K*.key */K*.private */*.signed */*.db */dsset-*
-rm -f */managed.conf */trusted.conf
-rm -f */named.memstats
-rm -f */named.conf
-rm -f */named.run */named.run.prev
-rm -f dig.*
-rm -f sfcache.*
-rm -f ns*/named.lock
-rm -f ns5/named.run.part*
-rm -f ns*/managed-keys.bind*
+rm -f ./*/K*.key ./*/K*.private ./*/*.signed ./*/*.db ./*/dsset-*
+rm -f ./*/managed.conf ./*/trusted.conf
+rm -f ./*/named.memstats
+rm -f ./*/named.conf
+rm -f ./*/named.run ./*/named.run.prev
+rm -f ./dig.*
+rm -f ./sfcache.*
+rm -f ./ns*/named.lock
+rm -f ./ns5/named.run.part*
+rm -f ./ns*/managed-keys.bind*
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
-SYSTEMTESTTOP=../..
-. $SYSTEMTESTTOP/conf.sh
+# shellcheck source=conf.sh
+. "$SYSTEMTESTTOP/conf.sh"
zone=.
infile=root.db.in
(cd ../ns2 && $SHELL sign.sh )
-cp ../ns2/dsset-example$TP .
+cp "../ns2/dsset-example$TP" .
-keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
+keyname=$($KEYGEN -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone $zone)
-cat $infile $keyname.key > $zonefile
+cat "$infile" "$keyname.key" > "$zonefile"
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
-keyfile_to_trusted_keys $keyname > trusted.conf
+keyfile_to_trusted_keys "$keyname" > trusted.conf
cp trusted.conf ../ns2/trusted.conf
# ...or with a managed key.
-keyfile_to_managed_keys $keyname > managed.conf
+keyfile_to_managed_keys "$keyname" > managed.conf
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
-SYSTEMTESTTOP=../..
-. $SYSTEMTESTTOP/conf.sh
+# shellcheck source=conf.sh
+. "$SYSTEMTESTTOP/conf.sh"
zone=example.
infile=example.db.in
zonefile=example.db
-keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
-keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
+keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
+keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
-cat $infile $keyname1.key $keyname2.key >$zonefile
+cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
-$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
-#!/bin/sh
+#!/bin/sh -e
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
-SYSTEMTESTTOP=..
-. $SYSTEMTESTTOP/conf.sh
+# shellcheck source=conf.sh
+. "$SYSTEMTESTTOP/conf.sh"
-if $KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone foo > /dev/null 2>&1
-then
- rm -f Kfoo*
-else
- echo "I:This test requires that --with-openssl was used." >&2
- exit 255
-fi
+keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
+
+keyfile_to_trusted_keys "$keyname" > trusted.conf
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-trusted-keys {
- "." 256 3 1 "AQO6Cl+slAf+iuieDim9L3kujFHQD7s/IOj03ClMOpKYcTXtK4mRpuULVfvWxDi9Ew/gj0xLnnX7z9OJHIxLI+DSrAHd8Dm0XfBEAtVtJSn70GaPZgnLMw1rk5ap2DsEoWk=";
-};
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
-SYSTEMTESTTOP=..
-. $SYSTEMTESTTOP/conf.sh
+# shellcheck source=conf.sh
+. "$SYSTEMTESTTOP/conf.sh"
$SHELL clean.sh
copy_setports ns2/named.conf.in ns2/named.conf
copy_setports ns5/named.conf.in ns5/named.conf
-cd ns1 && $SHELL sign.sh
-
-cd ../ns5 && cp -f trusted.conf.bad trusted.conf
-
+cd ns1 && $SHELL sign.sh && cd ..
+cd ns5 && $SHELL sign.sh && cd ..
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
-SYSTEMTESTTOP=..
-. $SYSTEMTESTTOP/conf.sh
+# shellcheck source=conf.sh
+. "$SYSTEMTESTTOP/conf.sh"
status=0
n=0
rm -f dig.out.*
-DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}"
-RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
+dig_with_opts() {
+ "$DIG" +tcp +noadd +nosea +nostat +nocmd -p "$PORT" "$@"
+}
+
+rndc_with_opts() {
+ "$RNDC" -c "$SYSTEMTESTTOP/common/rndc.conf" -p "$CONTROLPORT" -s "$@"
+}
echo_i "checking DNSSEC SERVFAIL is cached ($n)"
ret=0
-$DIG $DIGOPTS +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
-$RNDCCMD 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
+dig_with_opts +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
+rndc_with_opts 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
+# shellcheck disable=SC2034
for i in 1 2 3 4 5 6 7 8 9 10; do
awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db > sfcache.$n
[ -s "sfcache.$n" ] && break
sleep 1
done
grep "^; foo.example/A" sfcache.$n > /dev/null || ret=1
-n=`expr $n + 1`
+n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status+ret))
echo_i "checking SERVFAIL is returned from cache ($n)"
ret=0
-$DIG $DIGOPTS +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
+dig_with_opts +dnssec foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
-n=`expr $n + 1`
+n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status+ret))
echo_i "checking that +cd bypasses cache check ($n)"
ret=0
-$DIG $DIGOPTS +dnssec +cd foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
+dig_with_opts +dnssec +cd foo.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null && ret=1
-n=`expr $n + 1`
+n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status+ret))
echo_i "disabling server to force non-dnssec SERVFAIL"
-$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} sfcache ns2
+"$PERL" "$SYSTEMTESTTOP/stop.pl" --use-rndc --port "${CONTROLPORT}" sfcache ns2
awk '/SERVFAIL/ { next; out=1 } /Zone/ { out=0 } { if (out) print }' ns5/named_dump.db
echo_i "checking SERVFAIL is cached ($n)"
ret=0
-$DIG $DIGOPTS bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
-$RNDCCMD 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
+dig_with_opts bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
+rndc_with_opts 10.53.0.5 dumpdb -all 2>&1 | sed 's/^/I:ns5 /'
+# shellcheck disable=SC2034
for i in 1 2 3 4 5 6 7 8 9 10; do
awk '/Zone/{out=0} { if (out) print } /SERVFAIL/{out=1}' ns5/named_dump.db > sfcache.$n
[ -s "sfcache.$n" ] && break
sleep 1
done
grep "^; bar.example/A" sfcache.$n > /dev/null || ret=1
-n=`expr $n + 1`
+n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status+ret))
echo_i "checking SERVFAIL is returned from cache ($n)"
ret=0
nextpart ns5/named.run > /dev/null
-$DIG $DIGOPTS bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
+dig_with_opts bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
nextpart ns5/named.run > ns5/named.run.part$n
grep 'servfail cache hit bar.example/A (CD=0)' ns5/named.run.part$n > /dev/null || ret=1
-n=`expr $n + 1`
+n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status+ret))
echo_i "checking cache is bypassed with +cd query ($n)"
ret=0
-$DIG $DIGOPTS +cd bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
+dig_with_opts +cd bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
nextpart ns5/named.run > ns5/named.run.part$n
grep 'servfail cache hit' ns5/named.run.part$n > /dev/null && ret=1
-n=`expr $n + 1`
+n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status+ret))
echo_i "checking cache is used for subsequent +cd query ($n)"
ret=0
-$DIG $DIGOPTS +dnssec bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
+dig_with_opts +dnssec bar.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
nextpart ns5/named.run > ns5/named.run.part$n
grep 'servfail cache hit bar.example/A (CD=1)' ns5/named.run.part$n > /dev/null || ret=1
-n=`expr $n + 1`
+n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status+ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
./bin/tests/system/sfcache/clean.sh SH 2014,2015,2016,2017,2018
./bin/tests/system/sfcache/ns1/sign.sh SH 2014,2016,2017,2018
./bin/tests/system/sfcache/ns2/sign.sh SH 2014,2016,2018
-./bin/tests/system/sfcache/ns5/trusted.conf.bad X 2014,2016,2018
-./bin/tests/system/sfcache/prereq.sh SH 2014,2016,2017,2018
+./bin/tests/system/sfcache/ns5/sign.sh SH 2018
./bin/tests/system/sfcache/setup.sh SH 2014,2016,2017,2018
./bin/tests/system/sfcache/tests.sh SH 2014,2016,2017,2018
./bin/tests/system/smartsign/clean.sh SH 2010,2012,2014,2016,2018
projects / thirdparty / bind9.git / commitdiff
