From f42234fef08ec90087a10f7bbfb1cebbf5ba89ab Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 13 Apr 2021 09:38:14 +0200
Subject: [PATCH] Check zonefile is untouched if dnssec-policy none

Make sure no DNSSEC contents are added to the zonefile if dnssec-policy
is set to "none" (and no .state files exist for the zone).

(cherry picked from commit 5246c16f43e6fda7587193a4dd801951cf87db14)
---
 bin/tests/system/kasp/ns3/setup.sh | 1 +
 bin/tests/system/kasp/tests.sh     | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/bin/tests/system/kasp/ns3/setup.sh b/bin/tests/system/kasp/ns3/setup.sh
index fd5adc4bd2..c46c71840f 100644
--- a/bin/tests/system/kasp/ns3/setup.sh
+++ b/bin/tests/system/kasp/ns3/setup.sh
@@ -77,6 +77,7 @@ zone="unsigned.kasp"
 echo_i "setting up zone: $zone"
 zonefile="${zone}.db"
 infile="${zone}.db.infile"
+cp template.db.in $infile
 cp template.db.in $zonefile
 
 # Set up zone that stays unsigned.
diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh
index d4361ec081..372bb0517d 100644
--- a/bin/tests/system/kasp/tests.sh
+++ b/bin/tests/system/kasp/tests.sh
@@ -805,6 +805,13 @@ check_keys
 check_dnssecstatus "$SERVER" "$POLICY" "$ZONE"
 check_apex
 check_subdomain
+# Make sure the zone file is untouched.
+n=$((n+1))
+echo_i "Make sure the zonefile for zone ${ZONE} is not edited ($n)"
+ret=0
+diff "${DIR}/${ZONE}.db.infile" "${DIR}/${ZONE}.db" || ret=1
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
 
 #
 # Zone: insecure.kasp.