Add a test case that triggers a keymgr run that will not trigger any
metadata changes. Ensure that the last status change of the key files
is unmodified.
Ondřej Surý [Wed, 4 May 2022 07:26:34 +0000 (09:26 +0200)]
Lock the trampoline when attaching
When attaching to the trampoline, the isc__trampoline_max was access
unlocked. This would not manifest under normal circumstances because we
initialize 65 trampolines by default and that's enough for most
commodity hardware, but there are ARM machines with 128+ cores where
this would be reported by ThreadSanitizer.
Add locking around the code in isc__trampoline_attach(). This also
requires the lock to leak on exit (along with memory that we already)
because a new thread might be attaching to the trampoline while we are
running the library destructor at the same time.
Ondřej Surý [Mon, 9 May 2022 09:33:09 +0000 (11:33 +0200)]
Remove isc_task_onshutdown()
The isc_task_onshutdown() was used to post event that should be run when
the task is being shutdown. This could happen explicitly in the
isc_test_shutdown() call or implicitly when we detach the last reference
to the task and there are no more events posted on the task.
This whole task onshutdown mechanism just makes things more complicated,
and it's easier to post the "shutdown" events when we are shutting down
explicitly and the existing code already always knows when it should
shutdown the task that's being used to execute the onshutdown events.
Replace the isc_task_onshutdown() calls with explicit calls to execute
the shutdown tasks.
Michał Kępień [Wed, 11 May 2022 12:59:47 +0000 (14:59 +0200)]
Drop post-merge pipelines
Commit 24961f606882939b62f461f843933da9c2d44ea8 introduced the concept
of post-merge pipelines. These were used to build documentation after
each merge to any of the maintained branches, to allow up-to-date
documentation to be subsequently published on the bind.isc.org
microsite. As the latter no longer downloads documentation from GitLab,
instead linking to Read the Docs for all currently maintained branches,
post-merge pipelines have become redundant since running the
"autoreconf" and "docs" jobs after each merge is not necessary any more.
Drop the "release_branch_triggering_rules" YAML anchor and revert to
default triggering rules for the "autoconf" and "docs" jobs, effectively
preventing pipelines from being created after each merge to any of the
maintained branches.
Michał Kępień [Wed, 11 May 2022 12:10:17 +0000 (14:10 +0200)]
Do not set up ccache in CI jobs building docs
Building documentation for Automake-based BIND 9 versions does not
require running "make all" beforehand. Drop ccache setup code from the
definitions of GitLab CI jobs building documentation as it is redundant.
Michał Kępień [Wed, 11 May 2022 12:10:17 +0000 (14:10 +0200)]
Do not trigger GitLab Pages pipelines any more
The bind.isc.org microsite no longer downloads documentation from
GitLab, instead linking to Read the Docs for all currently maintained
branches. This makes it redundant to trigger GitLab Pages pipelines
after each merge to any of the maintained branches. Revert changes
introduced by commit 31bde118db8cae4a0f5a9484e3beead66fcc24d0: remove
the "push:docs" job along with the "push" stage it is associated with
and revert artifact expiry time for the "docs" job to the default value.
Petr Špaček [Wed, 16 Mar 2022 09:49:17 +0000 (10:49 +0100)]
Restructure includes for ARM chapters 1 (Intro) and 2 (Requirements)
We have had perpetual problem with Sphinx implicitly double-including
files. To avoid that problem all files with name suffix .inc.rst are now
ignored by Sphinx, and writter can conveniently include them without
modifying conf.py for each and every file.
Mark Andrews [Mon, 28 Mar 2022 05:36:03 +0000 (16:36 +1100)]
Add test cases using static and static-stub zones
RPZ NSIP and NSDNAME checks were failing with "unrecognized NS
rpz_rrset_find() failed: glue" when static or static-stub zones
where used to resolve the query name.
Add tests using stub and static-stub zones that are expected to
be filtered and not-filtered against NSIP and NSDNAME rules.
stub and static-stub queries are expected to be filtered
stub-nomatch and static-stub-nomatch queries are expected to be passed
Ondřej Surý [Wed, 4 May 2022 10:59:04 +0000 (12:59 +0200)]
Add missing void in named_config_getdefault() definition
The named_config_getdefault() was missing void in the function
definition. This broke clang-15 that didn't match the declaration that
had the void in the argument with the definition that hadn't.
Ondřej Surý [Wed, 4 May 2022 10:31:46 +0000 (12:31 +0200)]
Restore the implementation of uv_os_getenv() shim
Somewhere in the move from netmgr/uv-compat.h to uv.c, the
uv_os_getenv() implementation was lost in the process. Restore the
implementation, so we can support Debian stretch for couple more months.
Add -Wl,--export-dynamic to standard LDFLAGS if supported
From the ld man page:
When creating a dynamically linked executable, using the -E option or
the --export-dynamic option causes the linker to add all symbols to
the dynamic symbol table. The dynamic symbol table is the set of
symbols which are visible from dynamic objects at run time.
This should allow the backtrace(3) to fully resolve the symbols when
creating backtrace on an assertion failure.
As we are going to use libuv outside of the netmgr, we need the shims to
be readily available for the rest of the codebase.
Move the "netmgr/uv-compat.h" to <isc/uv.h> and netmgr/uv-compat.c to
uv.c, and as a rule of thumb, the users of libuv should include
<isc/uv.h> instead of <uv.h> directly.
Additionally, merge netmgr/uverr2result.c into uv.c and rename the
single function from isc__nm_uverr2result() to isc_uverr2result().
Move the netmgr socket related functions from netmgr/netmgr.c and
netmgr/uv-compat.c to netmgr/socket.c, so they are all present all in
the same place. Adjust the names of couple interal functions
accordingly.
Tony Finch [Wed, 6 Apr 2022 10:39:27 +0000 (11:39 +0100)]
Remove remaining checks for rbt64
These checks have been redundant since the `rbtdb64` implementation
was removed in 2018 (commit 784087390ae8). It isn't possible to create
a zone that uses `database "rbt64"` now that the `rbt64` database
implementation has been removed, so the checks will always fail.
Tony Finch [Thu, 28 Apr 2022 11:01:28 +0000 (12:01 +0100)]
Eliminate a variable that can confuse the compiler
Sometimes the compiler is unable to see that the `empty` variable was
initialized by the call to is_empty(), which can cause a build
failure; I encountered this with CFLAGS=-Os. So get rid of it and use
the result from `is_empty()` instead.
Tony Finch [Fri, 1 Apr 2022 17:22:13 +0000 (18:22 +0100)]
Remove unused rbtnode->rpz flag
The rbtnode->rpz flag was left behind when rbt and rpz were disentangled
by CHANGES #4576. Removing it makes the comment above correct again.
This reduces the flags so they fit in a 32 bit word again. On 64
bit systems there is still padding so it doesn't change the size
of an rbtnode. On 32 bit systems it reduces an rbtnode by 4 bytes.
Petr Špaček [Tue, 26 Apr 2022 16:23:38 +0000 (18:23 +0200)]
Fix default file path substitution in the ARM and man pages
Default paths were not substituted correctly when Python-only build was
used, i.e. it affected only ReadTheDocs. The incorrect rst_epilog was
overriden by Makefile for all "ordinary" builds.
Mark Andrews [Thu, 7 Apr 2022 07:14:54 +0000 (17:14 +1000)]
Improve forensics for the querylog section of rndc system test
The dig commands appear to be failing unexpectedly on some platforms
when rate limiting kicks in and the response is dropped. Correct
behaviour should be for dig to retry the query. Set +qr and capture
stdout and stderr of each of the dig commands involved.
Mark Andrews [Mon, 2 May 2022 02:12:36 +0000 (12:12 +1000)]
Remove unnecessary NULL pointer check
3034 next = ISC_LIST_NEXT(query, link);
3035 } else {
3036 next = NULL;
3037 }
CID 352554 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking connectquery suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
3038 if (connectquery != NULL) {
3039 query_detach(&connectquery);
3040 }
In '_check_apex_dnskey' we check for each key (KEY1 to KEY4) if they
are present in the DNSKEY RRset if they should be.
However, we only grep the dig output for the first seven fields (owner,
ttl, class, type, flags, protocol, algorithm). This can be the same
for different keys.
For example, KEY1 may be KSK predecessor and KEY2 a KSK successor,
both DNSKEY records for these keys are the same up to the public key
field. This can cause test failures if KEY1 needs to be present, but
KEY2 not, because when grepping for KEY2 we will falsely detect the
key to be present (because the grep matches KEY1).
Fix the function by grepping looking for the first seven fields in the
corresponding key file and retrieve the public key part. Grep for this
in the dig output.
Petr Menšík [Wed, 23 Mar 2022 11:52:33 +0000 (12:52 +0100)]
Export built-in default configuration for named binary
It might be useful to display built-in configuration with all its
values. It should make it easier to test what default values has changed
in a new release.
projects / thirdparty / bind9.git / log
