diff --git a/Sanity/caching-forwarder-dnssec/test.sh b/Sanity/caching-forwarder-dnssec/test.sh index 760b592..47f4b58 100755 --- a/Sanity/caching-forwarder-dnssec/test.sh +++ b/Sanity/caching-forwarder-dnssec/test.sh @@ -2,14 +2,15 @@ # vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k . /usr/share/beakerlib/beakerlib.sh || exit 1 -get_servers_conf() { +: ${CLEAN_ANCHORS:=y} + +buGetServersConf() { local RESOLV_CONF=${1:-/etc/resolv.conf} - # contains extra space at the end! - awk '$1 == "nameserver" { printf "%s ", $2 }' "$RESOLV_CONF" + awk '$1 == "nameserver" { printf "%s%s", DL, $2; DL=" " }' "$RESOLV_CONF" } -get_servers() { - # avoids systemd-resolved breaking dnssec +buGetNameservers() { + # avoids systemd-resolved breaking dnssec, prefer communication with remote servers directly local -a CONF_FILES=() systemctl is-active --quiet NetworkManager && CONF_FILES+=("/run/NetworkManager/no-stub-resolv.conf") systemctl is-active --quiet systemd-resolved && CONF_FILES+=("/run/systemd/resolve/resolv.conf") @@ -18,7 +19,7 @@ get_servers() { do # intentionally do not prefer local resolv.conf, because systemd-resolved is breaking it often if [ -r "$CONF" ]; then - SERVERS=$(get_servers_conf "$CONF") + local SERVERS=$(buGetServersConf "$CONF") if [ -n "$SERVERS" ]; then echo "$SERVERS" break @@ -27,8 +28,8 @@ get_servers() { done } -dnssec_servers() { - local SERVERS="$(get_servers)" +buGetSecureNameservers() { + local SERVERS="$(buGetNameservers)" if [ -z "$SERVERS" ]; then rlFail "No nameservers obtained!" return 1 @@ -66,10 +67,11 @@ dnssec_servers() { fi } -make_forwarders() +# Create bind forwarder configuration from servers entered as parameters +buMakeForwarders() { echo 'forwarders {'; - for NS in ${@} + for NS in "$@" do printf "\t%s;\n" $NS done @@ -77,16 +79,16 @@ make_forwarders() } # Prints formatted used options in bind config -print_options() +buPrintOptions() { named-checkconf -px "$@" | sed -ne '/^options {/,/^};/ p' } # Check whether option in $1 is used in options {} global block -has_option() +buHasOption() { local OPTION="$1" - print_options | grep -qw "^\s*${OPTION}" + buPrintOptions | grep -qw "^\s*${OPTION}" } # Filter dig to print only desired section @@ -105,6 +107,7 @@ buDigGetField() grep "^;;.*\s${FIELD}:" | sed -e "s/.*\s${FIELD}:\s*\([^;,]*\)\([;,].*\|$\)/\1/" } +# Filter dig input to print pseudosection contents only buDigPseudosection() { sed -ne "/^;; OPT PSEUDOSECTION:/,/^;; QUESTION SECTION/ p" | grep -vE '^;; (OPT PSEUDO|QUESTION )SECTION:' @@ -119,6 +122,7 @@ buDigGetField1() grep "^;\s\(.*\s\)\?${FIELD}:" | sed -e "s/.*\s${FIELD}:\s*\([^;,]*\)\([;,].*\|$\)/\1/" } +# Ensure reply has noerror status buDigSuccess() { rlRun -s "dig $*" @@ -160,18 +164,20 @@ rlJournalStart rlRun "set -o pipefail" rlRun "named -V" rlRun "dig -v" - rlRun "SECURE_SERVERS=\"$(dnssec_servers)\"" || rlFail "No secure servers obtained" + rlRun "SECURE_SERVERS=\"$(buGetSecureNameservers)\"" || rlFail "No secure servers obtained" rlFileBackup --missing-ok /etc/named/forwarders.conf rlFileBackup /etc/named.conf - rlRun "make_forwarders ${SECURE_SERVERS} > /etc/named/forwarders.conf" 0 - if ! has_option forwarders; then + rlRun "buMakeForwarders ${SECURE_SERVERS} > /etc/named/forwarders.conf" 0 + if ! buHasOption forwarders; then rlLog "Inserting include to generated forwarders" rlRun "sed -i -e '/^s*options\s*{/ a include \"/etc/named/forwarders.conf\";' /etc/named.conf" fi rlRun "named-checkconf" 0 "Test generated configuration is acccepted" rlRun "rlServiceStop named" - rlFileBackup --missing-ok /var/named/dynamic/managed-keys.bind{,.jnl} - rlRun "rm -f /var/named/dynamic/managed-keys.bind{,.jnl}" + if [ "$CLEAN_ANCHORS" = y ]; then + rlFileBackup --missing-ok /var/named/dynamic/managed-keys.bind{,.jnl} + rlRun "rm -f /var/named/dynamic/managed-keys.bind{,.jnl}" + fi rlRun "rlServiceStart named" rlPhaseEnd