From bc8963ffcd8a9fa068b68ef1b1f4085e8da7de84 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Thu, 14 Dec 2023 16:59:21 +0100 Subject: [PATCH] test: tell delv to load anchors from /etc/bind.keys explicitly Since [0] delv no longer does that automagically, so we have to that explicitly with each delv invocation. Resolves: #30477 [0] https://github.com/isc-projects/bind9/commit/c144fd2871206d209ccdb916f5959a3ceab1d44c (cherry picked from commit 438c7cb20e83a3b88f6accc3e78d3da5e21f6db2) Gbp-Pq: Name test-tell-delv-to-load-anchors-from-etc-bind.keys-explici.patch --- test/units/testsuite-75.sh | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/test/units/testsuite-75.sh b/test/units/testsuite-75.sh index c9cdc687..54234484 100755 --- a/test/units/testsuite-75.sh +++ b/test/units/testsuite-75.sh @@ -20,6 +20,12 @@ run() { "$@" |& tee "$RUN_OUT" } +run_delv() { + # Since [0] delv no longer loads /etc/(bind/)bind.keys by default, so we + # have to do that explicitly for each invocation + run delv -a /etc/bind.keys "$@" +} + disable_ipv6() { sysctl -w net.ipv6.conf.all.disable_ipv6=1 } @@ -359,15 +365,15 @@ grep -qF "unsigned.test IN MX 15 mail.unsigned.test" "$RUN_OUT" # Check the trust chain (with and without systemd-resolved in between # Issue: https://github.com/systemd/systemd/issues/22002 # PR: https://github.com/systemd/systemd/pull/23289 -run delv @ns1.unsigned.test signed.test +run_delv @ns1.unsigned.test signed.test grep -qF "; fully validated" "$RUN_OUT" -run delv signed.test +run_delv signed.test grep -qF "; fully validated" "$RUN_OUT" for addr in "${DNS_ADDRESSES[@]}"; do - run delv "@$addr" -t A mail.signed.test + run_delv "@$addr" -t A mail.signed.test grep -qF "; fully validated" "$RUN_OUT" - run delv "@$addr" -t AAAA mail.signed.test + run_delv "@$addr" -t AAAA mail.signed.test grep -qF "; fully validated" "$RUN_OUT" done run resolvectl query mail.signed.test @@ -405,7 +411,7 @@ grep -qF "10.0.0.123" "$RUN_OUT" grep -qF "fd00:dead:beef:cafe::123" "$RUN_OUT" grep -qF "authenticated: yes" "$RUN_OUT" # Check OPENPGPKEY support -run delv -t OPENPGPKEY 5a786cdc59c161cdafd818143705026636962198c66ed4c5b3da321e._openpgpkey.signed.test +run_delv -t OPENPGPKEY 5a786cdc59c161cdafd818143705026636962198c66ed4c5b3da321e._openpgpkey.signed.test grep -qF "; fully validated" "$RUN_OUT" run resolvectl openpgp mr.smith@signed.test grep -qF "5a786cdc59c161cdafd818143705026636962198c66ed4c5b3da321e._openpgpkey.signed.test" "$RUN_OUT" @@ -421,11 +427,11 @@ check_domain() { local addr for addr in "${DNS_ADDRESSES[@]}"; do - run delv "@$addr" -t "$record" "$domain" + run_delv "@$addr" -t "$record" "$domain" grep -qF "$message" "$RUN_OUT" done - run delv -t "$record" "$domain" + run_delv -t "$record" "$domain" grep -qF "$message" "$RUN_OUT" run resolvectl query "$domain" @@ -461,9 +467,9 @@ grep -qE "^follow14\.final\.signed\.test\..+IN\s+NSEC\s+" "$RUN_OUT" # Check the trust chain (with and without systemd-resolved in between # Issue: https://github.com/systemd/systemd/issues/22002 # PR: https://github.com/systemd/systemd/pull/23289 -run delv @ns1.unsigned.test sub.onlinesign.test +run_delv @ns1.unsigned.test sub.onlinesign.test grep -qF "; fully validated" "$RUN_OUT" -run delv sub.onlinesign.test +run_delv sub.onlinesign.test grep -qF "; fully validated" "$RUN_OUT" run dig +short sub.onlinesign.test @@ -477,11 +483,11 @@ run resolvectl query --legend=no -t TXT onlinesign.test grep -qF 'onlinesign.test IN TXT "hello from onlinesign"' "$RUN_OUT" for addr in "${DNS_ADDRESSES[@]}"; do - run delv "@$addr" -t A dual.onlinesign.test + run_delv "@$addr" -t A dual.onlinesign.test grep -qF "10.0.0.135" "$RUN_OUT" - run delv "@$addr" -t AAAA dual.onlinesign.test + run_delv "@$addr" -t AAAA dual.onlinesign.test grep -qF "fd00:dead:beef:cafe::135" "$RUN_OUT" - run delv "@$addr" -t ANY ipv6.onlinesign.test + run_delv "@$addr" -t ANY ipv6.onlinesign.test grep -qF "fd00:dead:beef:cafe::136" "$RUN_OUT" done run resolvectl query dual.onlinesign.test -- 2.30.2