Michał Kępień [Mon, 27 Apr 2020 05:46:01 +0000 (07:46 +0200)]
Make dnstap work reliably with netmgr
The introduction of netmgr doubled the number of threads from which
dnstap data may be logged: previously, it could only happen from within
taskmgr worker threads; with netmgr, it can happen both from taskmgr
worker threads and from network threads. Since the argument passed to
fstrm_iothr_options_set_num_input_queues() was not updated to reflect
this change, some calls to fstrm_iothr_get_input_queue() can now return
NULL, effectively preventing some dnstap data from being logged.
Whether this bug is triggered or not depends on thread scheduling order
and packet distribution between network threads, but will almost
certainly be triggered on any recursive resolver sooner or later. Fix
by requesting the correct number of dnstap input queues to be allocated.
Michał Kępień [Fri, 1 May 2020 06:07:09 +0000 (08:07 +0200)]
Update release checklist (various process tweaks)
Ensure the release checklist reflects our current release process:
- add an additional deadline for introducing code changes ("code
freeze"); only test and documentation tweaks can be applied to
pending releases after this deadline passes,
- notify Support and Marketing about an impending release earlier in
the process so that they have time to schedule a release note review
before the tagging deadline,
- examine current test results on all platforms in advance, to prevent
diagnosing and addressing test failures in the last minute before
the tagging deadline,
- check Perflab results earlier in the process to leave some room for
addressing any potential problems before code freeze,
- ensure empty release notes for the next set of releases are prepared
after public release.
Mark Andrews [Mon, 23 Mar 2020 02:27:37 +0000 (13:27 +1100)]
Mimic nzf_append from bin/named/server.c
nzf_append is conditionally compiled and this is intended to
catch error introduced by changes to the called functions on all
systems before the changes are run through the CI.
Mark Andrews [Mon, 23 Mar 2020 00:22:48 +0000 (11:22 +1100)]
Add more special zones to addzone restart test.
Test zones with various escape sequences and filesystem seperator
characters.
* escaped double quote (\")
* escaped escape (\\)
* escaped decimal byte value (\032)
* slash seperator (/)
Aaron Thompson [Sun, 29 Mar 2020 06:04:08 +0000 (06:04 +0000)]
Update EdDSA implementation to PKCS#11 v3.0.
Per Current Mechanisms 2.3.5, the curve name is DER-encoded in the
EC_PARAMS attribute, and the public key value is DER-encoded in the
EC_POINT attribute.
Ondřej Surý [Fri, 27 Mar 2020 12:23:24 +0000 (13:23 +0100)]
Add a pytest runner to run.sh
The system tests currently uses patchwork of shell scripts which doesn't
offer proper error handling.
This commit introduced option to write new tests in pytest framework
that also allows easier manipulation of DNS traffic (using dnspython),
native XML and JSON manipulation and proper error reporting.
Mark Andrews [Mon, 27 Apr 2020 22:13:02 +0000 (08:13 +1000)]
Propagate first_time to named_os_openfile in generate_session_key.
named_os_openfile was being called with switch_user set to true
unconditionally leading to log messages about being unable to
switch user identity from named when regenerating the key.
Don't change effective uid when we already dropped privileges
When running on Linux and system capabilities are available, named will
drop the extra capabilities before loading the configuration. This led
to spurious warnings from `seteuid()` because named already dropped
CAP_SETUID and CAP_GETUID capabilities.
The fix removes setting the effective uid/gid when capabilities are
available, and adds a check that we are running under the user we were
requested to run.
Add recursive "test" and "unit" rules, which execute "make check"
in specific directories - "make test" runs the system tests, and
"make unit" runs the unit tests.
Refactor the script that gets/sets the ports for system tests
The current script used ephemeral port range which clashed with the
ports used by the tools (dig, ...), and the range always started with
the first port and there was 100 ports allocated for each system test.
In this commit, the first port has been randomized, the get_ports.sh
script outputs the variables (the output has to be eval'ed from run.sh)
and there's less waste in the port range.
Improve the LOG_DRIVER and LOG_COMPILER for the system tests
There are several improvements over the default/previous behaviour of
the test log driver and log compiler:
* The system-test-driver.sh was dropped (it was used incorrectly)
* The run.sh script is now both log compiler and cli script to run
individual tests
* The custom-test-driver was added as extended version of the automake
test-driver with capability to tee the test output to stdout when
`--verbose yes` is passed to it (you can use LOG_DRIVER_FLAGS to
add the option by default)
* Makefile.am has been extended to honor V=1 for the system tests
test-driver (e.g. V=1 adds `--verbose yes` to AM_LOG_DRIVER_FLAGS)
Michał Kępień [Thu, 23 Apr 2020 06:34:11 +0000 (08:34 +0200)]
Ensure fstrm_capture is looked for
fstrm_capture is not an essential utility, but its corresponding
Makefile token needs to substituted even if it is not found in PATH or
else the "dnstap" system test will consistently fail.
Michał Kępień [Thu, 23 Apr 2020 06:07:07 +0000 (08:07 +0200)]
Build wire_test
The bin/tests/wire_test helper program is currently not included in any
Makefile.am file. Move its source code to bin/tests/system and build it
along other helper tools when dnstap support is requested as the
"dnstap" system test needs this tool in order to pass.
Michał Kępień [Thu, 23 Apr 2020 06:07:07 +0000 (08:07 +0200)]
Silence PyYAML warning
Make yaml.load_all() use yaml.SafeLoader to address a warning currently
emitted when bin/tests/system/dnstap/ydump.py is run:
ydump.py:28: YAMLLoadWarning: calling yaml.load_all() without Loader=... is deprecated, as the default Loader is unsafe. Please read https://msg.pyyaml.org/load for full details.
for l in yaml.load_all(f.stdout):
Cleanup libirs APIs and slim down the library to just irs_resconf
The libirs contained own re-implementations of the getaddrinfo,
getnameinfo and gai_strerror + irs_context and irs_dnsconf API that was
unused anywhere in the BIND 9.
Keep just the irs_resonf API that is being extensively used to parse
/etc/resolv.conf by several of BIND 9 tools.
projects / thirdparty / bind9.git / log
