From 17a26bced42e107ac2d261bbd7ce945a5e8a80b2 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Fri, 8 Jul 2022 12:43:34 +1000 Subject: [PATCH] metadata: use $DEFAULT_ALGORITHM (cherry picked from commit 3f1dc83bfbe6098f25f309721c62793cb006c7cc) --- bin/tests/system/metadata/setup.sh | 22 +++--- bin/tests/system/metadata/tests.sh | 108 ++++++++++++++--------------- 2 files changed, 65 insertions(+), 65 deletions(-) diff --git a/bin/tests/system/metadata/setup.sh b/bin/tests/system/metadata/setup.sh index fbaadbe5cf..fd9ac60313 100644 --- a/bin/tests/system/metadata/setup.sh +++ b/bin/tests/system/metadata/setup.sh @@ -20,42 +20,42 @@ czone=child.parent.nil echo_i "generating keys" # active zsk -zsk=`$KEYGEN -q -a rsasha1 $czone` +zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $czone) echo $zsk > zsk.key # not yet published or active -pending=`$KEYGEN -q -a rsasha1 -P none -A none $czone` +pending=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -P none -A none $czone) echo $pending > pending.key # published but not active -standby=`$KEYGEN -q -a rsasha1 -A none $czone` +standby=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -A none $czone) echo $standby > standby.key # inactive -inact=`$KEYGEN -q -a rsasha1 -P now-24h -A now-24h -I now $czone` +inact=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -P now-24h -A now-24h -I now $czone) echo $inact > inact.key # active ksk -ksk=`$KEYGEN -q -a rsasha1 -fk $czone` +ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $czone) echo $ksk > ksk.key # published but not YET active; will be active in 15 seconds -rolling=`$KEYGEN -q -a rsasha1 -fk $czone` +rolling=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $czone) $SETTIME -A now+15s $rolling > /dev/null echo $rolling > rolling.key # revoked -revoke1=`$KEYGEN -q -a rsasha1 -fk $czone` +revoke1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $czone) echo $revoke1 > prerev.key -revoke2=`$REVOKE $revoke1` +revoke2=$($REVOKE $revoke1) echo $revoke2 | sed -e 's#\./##' -e "s/\.key.*$//" > postrev.key -pzsk=`$KEYGEN -q -a rsasha1 $pzone` +pzsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $pzone) echo $pzsk > parent.zsk.key -pksk=`$KEYGEN -q -a rsasha1 -fk $pzone` +pksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $pzone) echo $pksk > parent.ksk.key -oldstyle=`$KEYGEN -Cq -a rsasha1 $pzone` +oldstyle=$($KEYGEN -Cq -a ${DEFAULT_ALGORITHM} $pzone) echo $oldstyle > oldstyle.key diff --git a/bin/tests/system/metadata/tests.sh b/bin/tests/system/metadata/tests.sh index aa0206751c..9d81a87395 100644 --- a/bin/tests/system/metadata/tests.sh +++ b/bin/tests/system/metadata/tests.sh @@ -20,7 +20,7 @@ status=0 n=1 echo_i "setting key timers" -$SETTIME -A now+15s `cat rolling.key` > /dev/null +$SETTIME -A now+15s $(cat rolling.key) > /dev/null inact=$(keyfile_to_key_id "$(cat inact.key)") ksk=$(keyfile_to_key_id "$(cat ksk.key)") @@ -56,62 +56,62 @@ echo_i "checking that KSK signed DNSKEY only ($n)" ret=0 grep "DNSKEY $ksk"'$' sigs > /dev/null || ret=1 grep "SOA $ksk"'$' sigs > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that ZSK signed ($n)" ret=0 grep "SOA $zsk"'$' sigs > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that standby ZSK did not sign ($n)" ret=0 grep " $standby"'$' sigs > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that inactive key did not sign ($n)" ret=0 grep " $inact"'$' sigs > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that pending key was not published ($n)" ret=0 grep " $pending"'$' keys > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that standby KSK did not sign but is delegated ($n)" ret=0 grep " $rolling"'$' sigs > /dev/null && ret=1 grep " $rolling"'$' keys > /dev/null || ret=1 egrep "DS[ ]*$rolling[ ]" ${pfile}.signed > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that key was revoked ($n)" ret=0 grep " $prerev"'$' keys > /dev/null && ret=1 grep " $postrev"'$' keys > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking that revoked key self-signed ($n)" ret=0 grep "DNSKEY $postrev"'$' sigs > /dev/null || ret=1 grep "SOA $postrev"'$' sigs > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "waiting 20 seconds for key changes to occur" sleep 20 @@ -122,92 +122,92 @@ $SIGNER -Sg -o $czone -f ${cfile}.new ${cfile}.signed > /dev/null echo_i "checking that standby KSK is now active ($n)" ret=0 grep "DNSKEY $rolling"'$' sigs > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking update of an old-style key ($n)" ret=0 # printing metadata should not work with an old-style key -$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 && ret=1 -$SETTIME -f `cat oldstyle.key` > /dev/null 2>&1 || ret=1 +$SETTIME -pall $(cat oldstyle.key) > /dev/null 2>&1 && ret=1 +$SETTIME -f $(cat oldstyle.key) > /dev/null 2>&1 || ret=1 # but now it should -$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 || ret=1 -n=`expr $n + 1` +$SETTIME -pall $(cat oldstyle.key) > /dev/null 2>&1 || ret=1 +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking warning about permissions change on key with dnssec-settime ($n)" -uname=`uname -o 2> /dev/null` +uname=$(uname -o 2> /dev/null) if [ Cygwin = "$uname" ]; then echo_i "Cygwin detected, skipping" else ret=0 # settime should print a warning about changing the permissions - chmod 644 `cat oldstyle.key`.private - $SETTIME -P none `cat oldstyle.key` > settime1.test$n 2>&1 || ret=1 + chmod 644 $(cat oldstyle.key).private + $SETTIME -P none $(cat oldstyle.key) > settime1.test$n 2>&1 || ret=1 grep "warning: Permissions on the file.*have changed" settime1.test$n > /dev/null 2>&1 || ret=1 - $SETTIME -P none `cat oldstyle.key` > settime2.test$n 2>&1 || ret=1 + $SETTIME -P none $(cat oldstyle.key) > settime2.test$n 2>&1 || ret=1 grep "warning: Permissions on the file.*have changed" settime2.test$n > /dev/null 2>&1 && ret=1 - n=`expr $n + 1` + n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` + status=$((status + ret)) fi echo_i "checking warning about delete date < inactive date with dnssec-settime ($n)" ret=0 # settime should print a warning about delete < inactive -$SETTIME -I now+15s -D now `cat oldstyle.key` > tmp.out 2>&1 || ret=1 +$SETTIME -I now+15s -D now $(cat oldstyle.key) > tmp.out 2>&1 || ret=1 grep "warning" tmp.out > /dev/null 2>&1 || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking no warning about delete date < inactive date with dnssec-settime when delete date is unset ($n)" ret=0 -$SETTIME -D none `cat oldstyle.key` > tmp.out 2>&1 || ret=1 -$SETTIME -p all `cat oldstyle.key` > tmp.out 2>&1 || ret=1 +$SETTIME -D none $(cat oldstyle.key) > tmp.out 2>&1 || ret=1 +$SETTIME -p all $(cat oldstyle.key) > tmp.out 2>&1 || ret=1 grep "warning" tmp.out > /dev/null 2>&1 && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking warning about delete date < inactive date with dnssec-keygen ($n)" ret=0 # keygen should print a warning about delete < inactive -$KEYGEN -q -a rsasha1 -I now+15s -D now $czone > tmp.out 2>&1 || ret=1 +$KEYGEN -q -a ${DEFAULT_ALGORITHM} -I now+15s -D now $czone > tmp.out 2>&1 || ret=1 grep "warning" tmp.out > /dev/null 2>&1 || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking correct behavior setting activation without publication date ($n)" ret=0 -key=`$KEYGEN -q -a rsasha1 -A +1w $czone` -pub=`$SETTIME -upP $key | awk '{print $2}'` -act=`$SETTIME -upA $key | awk '{print $2}'` +key=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -A +1w $czone) +pub=$($SETTIME -upP $key | awk '{print $2}') +act=$($SETTIME -upA $key | awk '{print $2}') [ $pub -eq $act ] || ret=1 -key=`$KEYGEN -q -a rsasha1 -A +1w -i 1d $czone` -pub=`$SETTIME -upP $key | awk '{print $2}'` -act=`$SETTIME -upA $key | awk '{print $2}'` +key=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -A +1w -i 1d $czone) +pub=$($SETTIME -upP $key | awk '{print $2}') +act=$($SETTIME -upA $key | awk '{print $2}') [ $pub -lt $act ] || ret=1 -key=`$KEYGEN -q -a rsasha1 -A +1w -P never $czone` -pub=`$SETTIME -upP $key | awk '{print $2}'` +key=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -A +1w -P never $czone) +pub=$($SETTIME -upP $key | awk '{print $2}') [ $pub = "UNSET" ] || ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "checking calculation of dates for a successor key ($n)" ret=0 -oldkey=`$KEYGEN -a RSASHA1 -q $czone` -newkey=`$KEYGEN -a RSASHA1 -q $czone` +oldkey=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $czone) +newkey=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $czone) $SETTIME -A -2d -I +2d $oldkey > settime1.test$n 2>&1 || ret=1 $SETTIME -i 1d -S $oldkey $newkey > settime2.test$n 2>&1 || ret=1 $SETTIME -pA $newkey | grep "1970" > /dev/null && ret=1 -n=`expr $n + 1` +n=$((n + 1)) if [ $ret != 0 ]; then echo_i "failed"; fi -status=`expr $status + $ret` +status=$((status + ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1