[v9_10] Clarify error message printed by dnssec-dsfromkey

4663.	[cleanup]	Clarify error message printed by dnssec-dsfromkey.
			[RT #21731]

(cherry picked from commit c150f68609)

CHANGES

@@ -1,3 +1,6 @@
+4663.	[cleanup]	Clarify error message printed by dnssec-dsfromkey.
+			[RT #21731]
+
 4662.	[performance]	Improve cache memory cleanup of zero TTL records
 			by putting them at the tail of LRU header lists.
 			[RT #45274]

bin/dnssec/dnssec-dsfromkey.c

@@ -191,7 +191,7 @@ loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
 	result = dst_key_fromnamedfile(filename, NULL, DST_TYPE_PUBLIC,
 				       mctx, &key);
 	if (result != ISC_R_SUCCESS)
-		fatal("invalid keyfile name %s: %s",
+		fatal("can't load %s.key: %s",
 		      filename, isc_result_totext(result));
 
 	if (verbose > 2) {

bin/tests/system/dnssec/clean.sh

@@ -27,6 +27,7 @@ rm -f canonical?.*
 rm -f delv.out*
 rm -f delve.out*
 rm -f dig.out.*
+rm -f dsfromkey.out.*
 rm -f keygen.err
 rm -f named.secroots.test*
 rm -f nosign.before

bin/tests/system/dnssec/tests.sh

@@ -2109,6 +2109,18 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+# Intentionally strip ".key" from keyfile name to ensure the error message
+# includes it anyway to avoid confusion (RT #21731)
+echo "I:check dnssec-dsfromkey error message when keyfile is not found ($n)"
+ret=0
+key=`$KEYGEN -q -r $RANDFILE example.` || ret=1
+mv $key.key $key
+$DSFROMKEY $key > dsfromkey.out.$n 2>&1 && ret=1
+grep "$key.key: file not found" dsfromkey.out.$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:testing soon-to-expire RRSIGs without a replacement private key ($n)"
 ret=0
 $DIG +noall +answer +dnssec +nottl -p 5300 expiring.example ns @10.53.0.3 | grep RRSIG > dig.out.ns3.test$n 2>&1