From: Ondřej Surý Date: Thu, 6 Dec 2018 13:41:14 +0000 (+0100) Subject: Run the dnssec system tests with `set -e` enabled X-Git-Tag: v9.13.6~110^2 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=aeebcb4ae81eba32aacb02452650ff75448f0a0f;p=thirdparty%2Fbind9.git Run the dnssec system tests with `set -e` enabled --- diff --git a/bin/tests/system/dnssec/clean.sh b/bin/tests/system/dnssec/clean.sh index 95550bd4b76..306205c57ce 100644 --- a/bin/tests/system/dnssec/clean.sh +++ b/bin/tests/system/dnssec/clean.sh @@ -9,6 +9,8 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. +set -e + rm -f ./*/K* ./*/keyset-* ./*/dsset-* ./*/dlvset-* ./*/signedkey-* ./*/*.signed rm -f ./*/example.bk rm -f ./*/named.conf diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh index 88206b7d0ad..313b03c1ded 100644 --- a/bin/tests/system/dnssec/ns1/sign.sh +++ b/bin/tests/system/dnssec/ns1/sign.sh @@ -12,6 +12,8 @@ # shellcheck source=conf.sh . "$SYSTEMTESTTOP/conf.sh" +set -e + zone=. infile=root.db.in zonefile=root.db @@ -31,7 +33,7 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone cat "$infile" "$keyname.key" > "$zonefile" -"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null +"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1 # Configure the resolving server with a trusted key. keyfile_to_trusted_keys "$keyname" > trusted.conf diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh index 0e98371df76..623228655de 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -12,6 +12,8 @@ # shellcheck source=conf.sh . "$SYSTEMTESTTOP/conf.sh" +set -e + zone=example. infile=example.db.in zonefile=example.db @@ -35,7 +37,7 @@ keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zo cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile" -"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null +"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1 # # lower/uppercase the signature bits with the exception of the last characters @@ -96,7 +98,7 @@ keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KS keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile" -"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null +"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1 # Sign the privately secure file @@ -108,7 +110,7 @@ privkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zon cat "$privinfile" "$privkeyname.key" > "$privzonefile" -"$SIGNER" -P -g -o "$privzone" -l dlv "$privzonefile" > /dev/null +"$SIGNER" -P -g -o "$privzone" -l dlv "$privzonefile" > /dev/null 2>&1 # Sign the DLV secure zone. @@ -121,7 +123,7 @@ dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone cat "$dlvinfile" "$dlvkeyname.key" "$dlvsetfile" > "$dlvzonefile" -"$SIGNER" -P -g -o "$dlvzone" "$dlvzonefile" > /dev/null +"$SIGNER" -P -g -o "$dlvzone" "$dlvzonefile" > /dev/null 2>&1 # Sign the badparam secure file @@ -134,7 +136,7 @@ keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zon cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile" -"$SIGNER" -P -3 - -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null +"$SIGNER" -P -3 - -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1 sed -e 's/IN NSEC3 1 0 1 /IN NSEC3 1 0 10 /' "$zonefile.signed" > "$zonefile.bad" @@ -149,7 +151,7 @@ keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zon cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile" -"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null +"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null 2>&1 # # algroll has just has the old DNSKEY records removed and is waiting @@ -167,7 +169,7 @@ keynew2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone cat "$infile" "$keynew1.key" "$keynew2.key" > "$zonefile" -"$SIGNER" -P -o "$zone" -k "$keyold1" -k "$keynew1" "$zonefile" "$keyold1" "$keyold2" "$keynew1" "$keynew2" > /dev/null +"$SIGNER" -P -o "$zone" -k "$keyold1" -k "$keynew1" "$zonefile" "$keyold1" "$keyold2" "$keynew1" "$keynew2" > /dev/null 2>&1 # # Make a zone big enough that it takes several seconds to generate a new @@ -189,7 +191,7 @@ done >> "$zonefile" key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") cat "$key1.key" "$key2.key" >> "$zonefile" -"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$key1" "$zonefile" "$key2" > /dev/null +"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$key1" "$zonefile" "$key2" > /dev/null 2>&1 zone=cds.secure infile=cds.secure.db.in @@ -198,7 +200,7 @@ key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$ key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") "$DSFROMKEY" -C "$key1.key" > "$key1.cds" cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >$zonefile -"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null +"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1 zone=cds-x.secure infile=cds.secure.db.in @@ -208,7 +210,7 @@ key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$ key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") "$DSFROMKEY" -C "$key2.key" > "$key2.cds" cat "$infile" "$key1.key" "$key3.key" "$key2.cds" > "$zonefile" -"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null +"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null 2>&1 zone=cds-update.secure infile=cds-update.secure.db.in @@ -216,7 +218,7 @@ zonefile=cds-update.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") cat "$infile" "$key1.key" "$key2.key" > "$zonefile" -"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null +"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1 zone=cds-kskonly.secure infile=cds-kskonly.secure.db.in @@ -224,7 +226,7 @@ zonefile=cds-kskonly.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") cat "$infile" "$key1.key" "$key2.key" > "$zonefile" -"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null +"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1 zone=cds-auto.secure infile=cds-auto.secure.db.in @@ -241,7 +243,7 @@ key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$ key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds" cat "$infile" "$key1.key" "$key2.key" "$key1.cds" > "$zonefile" -"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null +"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1 zone=cdnskey-x.secure infile=cdnskey.secure.db.in @@ -251,7 +253,7 @@ key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$ key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds" cat "$infile" "$key2.key" "$key3.key" "$key1.cds" > "$zonefile" -"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null +"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null 2>&1 zone=cdnskey-update.secure infile=cdnskey-update.secure.db.in @@ -259,7 +261,7 @@ zonefile=cdnskey-update.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") cat "$infile" "$key1.key" "$key2.key" > "$zonefile" -"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null +"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1 zone=cdnskey-kskonly.secure infile=cdnskey-kskonly.secure.db.in @@ -267,7 +269,7 @@ zonefile=cdnskey-kskonly.secure.db key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone") key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") cat "$infile" "$key1.key" "$key2.key" > "$zonefile" -"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null +"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1 zone=cdnskey-auto.secure infile=cdnskey-auto.secure.db.in diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh index b0c35d73e03..285d2158e4e 100644 --- a/bin/tests/system/dnssec/ns3/sign.sh +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -12,6 +12,8 @@ # shellcheck source=conf.sh . "$SYSTEMTESTTOP/conf.sh" +set -e + zone=secure.example. infile=secure.example.db.in zonefile=secure.example.db @@ -400,7 +402,7 @@ cp "$infile" "$zonefile" # shellcheck disable=SC2016 echo "\$INCLUDE \"$signedfile\"" >> "$zonefile" : > "$signedfile" -"$SIGNER" -P -S -D -o "$zone" "$zonefile" > /dev/null +"$SIGNER" -P -S -D -o "$zone" "$zonefile" > /dev/null 2>&1 # # Zone with signatures about to expire, but no private key to replace them @@ -427,7 +429,7 @@ signedfile="upper.example.db.signed" kskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone") zskname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone") cp "$infile" "$zonefile" -"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" > /dev/null 2>/dev/null +"$SIGNER" -P -S -o "$zone" -f $lower "$zonefile" > /dev/null 2>&1 $CHECKZONE -D upper.example $lower 2>/dev/null | \ sed '/RRSIG/s/ upper.example. / UPPER.EXAMPLE. /' > $signedfile diff --git a/bin/tests/system/dnssec/ns5/sign.sh b/bin/tests/system/dnssec/ns5/sign.sh index c30b45281f0..9f9c39fb73b 100644 --- a/bin/tests/system/dnssec/ns5/sign.sh +++ b/bin/tests/system/dnssec/ns5/sign.sh @@ -12,6 +12,8 @@ # shellcheck source=conf.sh . "$SYSTEMTESTTOP/conf.sh" +set -e + zone=. infile=../ns1/root.db.in zonefile=root.db.signed @@ -26,7 +28,7 @@ keyfile_to_managed_keys "$keyname" > revoked.conf # create a current set of keys, and sign the root zone "$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" $zone > /dev/null "$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK $zone > /dev/null -"$SIGNER" -S -o "$zone" -f "$zonefile" "$infile" > /dev/null +"$SIGNER" -S -o "$zone" -f "$zonefile" "$infile" > /dev/null 2>&1 keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".") diff --git a/bin/tests/system/dnssec/ns6/sign.sh b/bin/tests/system/dnssec/ns6/sign.sh index eda6fe9e517..54a21548bc4 100644 --- a/bin/tests/system/dnssec/ns6/sign.sh +++ b/bin/tests/system/dnssec/ns6/sign.sh @@ -12,6 +12,8 @@ # shellcheck source=conf.sh . "$SYSTEMTESTTOP/conf.sh" +set -e + zone=optout-tld infile=optout-tld.db.in zonefile=optout-tld.db @@ -20,4 +22,4 @@ keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone cat "$infile" "$keyname.key" > "$zonefile" -"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null +"$SIGNER" -P -3 - -A -o "$zone" "$zonefile" > /dev/null 2>&1 diff --git a/bin/tests/system/dnssec/ns7/sign.sh b/bin/tests/system/dnssec/ns7/sign.sh index 22de377a242..a5d8dc0bd28 100644 --- a/bin/tests/system/dnssec/ns7/sign.sh +++ b/bin/tests/system/dnssec/ns7/sign.sh @@ -12,6 +12,8 @@ # shellcheck source=conf.sh . "$SYSTEMTESTTOP/conf.sh" +set -e + zone=split-rrsig infile=split-rrsig.db.in zonefile=split-rrsig.db @@ -21,7 +23,7 @@ k2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone") cat "$infile" "$k1.key" "$k2.key" > "$zonefile" -"$SIGNER" -P -3 - -A -o "$zone" -O full -f "$zonefile.unsplit" -e now-3600 -s now-7200 "$zonefile" > /dev/null +"$SIGNER" -P -3 - -A -o "$zone" -O full -f "$zonefile.unsplit" -e now-3600 -s now-7200 "$zonefile" > /dev/null 2>&1 awk 'BEGIN { r = ""; } $4 == "RRSIG" && $5 == "SOA" && r == "" { r = $0; next; } { print } diff --git a/bin/tests/system/dnssec/prereq.sh b/bin/tests/system/dnssec/prereq.sh index 189570e47fb..b2e8ff200cc 100644 --- a/bin/tests/system/dnssec/prereq.sh +++ b/bin/tests/system/dnssec/prereq.sh @@ -12,6 +12,8 @@ # shellcheck source=conf.sh . "$SYSTEMTESTTOP/conf.sh" +set -e + if "$PERL" -e 'use Net::DNS;' 2>/dev/null then # shellcheck disable=SC2016 diff --git a/bin/tests/system/dnssec/setup.sh b/bin/tests/system/dnssec/setup.sh index 7e85031d1be..62cf46cff0f 100644 --- a/bin/tests/system/dnssec/setup.sh +++ b/bin/tests/system/dnssec/setup.sh @@ -12,6 +12,8 @@ # shellcheck source=conf.sh . "$SYSTEMTESTTOP/conf.sh" +set -e + $SHELL clean.sh copy_setports ns1/named.conf.in ns1/named.conf diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 2adaec3a1d3..4ae9cb0b069 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -12,6 +12,8 @@ # shellcheck source=conf.sh . "$SYSTEMTESTTOP/conf.sh" +set -e + status=0 n=1 @@ -1696,7 +1698,7 @@ ret=0 rndccmd 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i keyid=$(cat ns1/managed.key.id) cp ns4/named.secroots named.secroots.test$n -linecount=$(grep -c "./${DEFAULT_ALGORITHM}/$keyid ; trusted" named.secroots.test$n) +linecount=$(grep -c "./${DEFAULT_ALGORITHM}/$keyid ; trusted" named.secroots.test$n || true) [ "$linecount" -eq 1 ] || ret=1 linecount=$(< named.secroots.test$n wc -l) [ "$linecount" -eq 10 ] || ret=1 @@ -1893,7 +1895,7 @@ ret=0 $PERL -e 'my $delay = '"$start"' + 13 - time(); select(undef, undef, undef, $delay) if ($delay > 0);' # check nta table rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n._11 -lines=$(grep -c " expiry " rndc.out.ns4.test$n._11) +lines=$(grep -c " expiry " rndc.out.ns4.test$n._11 || true) [ "$lines" -le 2 ] || ret=1 grep "bogus.example/_default: expiry" rndc.out.ns4.test$n._11 > /dev/null || ret=1 grep "badds.example/_default: expiry" rndc.out.ns4.test$n._11 > /dev/null && ret=1 @@ -1923,7 +1925,7 @@ dig_with_opts c.bogus.example. a @10.53.0.4 > dig.out.ns4.test$n.15 || ret=1 grep "status: SERVFAIL" dig.out.ns4.test$n.15 > /dev/null || ret=1 # check nta table has been cleaned up now rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.3 -lines=$(grep -c " expiry " rndc.out.ns4.test$n.3) +lines=$(grep -c " expiry " rndc.out.ns4.test$n.3 || true) [ "$lines" -eq 0 ] || ret=1 n=$((n+1)) if [ "$ret" -ne 0 ]; then echo_i "failed - checking that all nta's have been lifted"; fi @@ -1959,21 +1961,21 @@ ret=0 n=$((n+1)) echo_i "testing NTA with bogus lifetimes ($n)" echo_i "check with no nta lifetime specified" -rndccmd 10.53.0.4 nta -l "" foo > rndc.out.ns4.test$n.1 2>&1 +rndccmd 10.53.0.4 nta -l "" foo > rndc.out.ns4.test$n.1 2>&1 || true grep "'nta' failed: bad ttl" rndc.out.ns4.test$n.1 > /dev/null || ret=1 test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) ret=0 echo_i "check with bad nta lifetime" -rndccmd 10.53.0.4 nta -l garbage foo > rndc.out.ns4.test$n.2 2>&1 +rndccmd 10.53.0.4 nta -l garbage foo > rndc.out.ns4.test$n.2 2>&1 || true grep "'nta' failed: bad ttl" rndc.out.ns4.test$n.2 > /dev/null || ret=1 test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) ret=0 echo_i "check with too long nta lifetime" -rndccmd 10.53.0.4 nta -l 7d1h foo > rndc.out.ns4.test$n.3 2>&1 +rndccmd 10.53.0.4 nta -l 7d1h foo > rndc.out.ns4.test$n.3 2>&1 || true grep "'nta' failed: out of range" rndc.out.ns4.test$n.3 > /dev/null || ret=1 test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -1985,12 +1987,12 @@ ret=0 n=$((n+1)) echo_i "testing NTA persistence across restarts ($n)" rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.1 -lines=$(grep -c " expiry " rndc.out.ns4.test$n.1) +lines=$(grep -c " expiry " rndc.out.ns4.test$n.1 || true) [ "$lines" -eq 0 ] || ret=1 rndccmd 10.53.0.4 nta -f -l 30s bogus.example 2>&1 | sed 's/^/ns4 /' | cat_i rndccmd 10.53.0.4 nta -f -l 10s badds.example 2>&1 | sed 's/^/ns4 /' | cat_i rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.2 -lines=$(grep -c " expiry " rndc.out.ns4.test$n.2) +lines=$(grep -c " expiry " rndc.out.ns4.test$n.2 || true) [ "$lines" -eq 2 ] || ret=1 # shellcheck disable=SC2016 start=$($PERL -e 'print time()."\n";') @@ -2961,7 +2963,7 @@ status=$((status+ret)) echo_i "check that named doesn't loop when all private keys are not available ($n)" ret=0 -lines=$(grep -c "reading private key file expiring.example" ns3/named.run) +lines=$(grep -c "reading private key file expiring.example" ns3/named.run || true) test "${lines:-1000}" -lt 15 || ret=1 n=$((n+1)) test "$ret" -eq 0 || echo_i "failed" @@ -2970,11 +2972,11 @@ status=$((status+ret)) echo_i "check against against missing nearest provable proof ($n)" dig_with_opts +norec b.c.d.optout-tld. \ @10.53.0.6 ds > dig.out.ds.ns6.test$n || ret=1 -nsec3=$(grep -c "IN.NSEC3" dig.out.ds.ns6.test$n) +nsec3=$(grep -c "IN.NSEC3" dig.out.ds.ns6.test$n || true) [ "$nsec3" -eq 2 ] || ret=1 dig_with_opts +norec b.c.d.optout-tld. \ @10.53.0.6 A > dig.out.ns6.test$n || ret=1 -nsec3=$(grep -c "IN.NSEC3" dig.out.ns6.test$n) +nsec3=$(grep -c "IN.NSEC3" dig.out.ns6.test$n || true) [ "$nsec3" -eq 1 ] || ret=1 dig_with_opts optout-tld. \ @10.53.0.4 SOA > dig.out.soa.ns4.test$n || ret=1 @@ -3041,7 +3043,7 @@ test "$cnt" -gt 120 && break sleep 1 done test "$keys" -gt 2 || ret=1 -sigs=$(grep -c RRSIG dig.out.ns3.test$n) +sigs=$(grep -c RRSIG dig.out.ns3.test$n || true) n=$((n+1)) test "$sigs" -eq 2 || ret=1 if test "$ret" -ne 0 ; then echo_i "failed"; fi @@ -3161,10 +3163,10 @@ do alg=$((alg+1)) continue;; 1|5|7|8|10) # RSA algorithms - key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err) + key1=$($KEYGEN -a "$alg" -b "1024" -n zone example 2> keygen.err || true) ;; *) - key1=$($KEYGEN -a "$alg" -n zone example 2> keygen.err) + key1=$($KEYGEN -a "$alg" -n zone example 2> keygen.err || true) esac if grep "unsupported algorithm" keygen.err > /dev/null then @@ -3241,7 +3243,7 @@ grep "DNSKEY.257" | sed 's/DNSKEY.257/DNSKEY 258/' | $DSFROMKEY -C -A -f - -T 1 cds-update.secure | sed "s/^/update add /" echo send -) | $NSUPDATE > nsupdate.out.test$n 2>&1 +) | $NSUPDATE > nsupdate.out.test$n 2>&1 || true grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 dig_with_opts +noall +answer @10.53.0.2 cds cds-update.secure > dig.out.test$n lines=$(awk '$4 == "CDS" {print}' dig.out.test$n | wc -l) @@ -3401,7 +3403,7 @@ echo send dig_with_opts +noall +answer @10.53.0.2 dnskey cdnskey-update.secure | sed -n -e "s/^/update add /" -e 's/DNSKEY.257/CDNSKEY 258/p' echo send -) | $NSUPDATE > nsupdate.out.test$n 2>&1 +) | $NSUPDATE > nsupdate.out.test$n 2>&1 || true grep "update failed: REFUSED" nsupdate.out.test$n > /dev/null || ret=1 dig_with_opts +noall +answer @10.53.0.2 cdnskey cdnskey-update.secure > dig.out.test$n lines=$(awk '$4 == "CDNSKEY" {print}' dig.out.test$n | wc -l)