bind/bind-9.11-tests-variants.patch

66 lines
2.7 KiB
Diff
Raw Normal View History

From 607cec78382b016aad0fe041f2e1895b6896c647 Mon Sep 17 00:00:00 2001
From: Petr Mensik <pemensik@redhat.com>
Date: Fri, 1 Mar 2019 15:48:20 +0100
Subject: [PATCH] Make alternative named builds testable in system tests
Red Hat has alternative variant builds of named, which are not ever
tested by system tests. New variables make it relatively easy to test
alternative variants.
For sdb variant use:
export NAMED_VARIANT=-sdb DNSSEC_VARIANT=
For pkcs variant use:
export NAMED_VARIANT=-pkcs11 DNSSEC_VARIANT=-pkcs11
---
2019-07-23 13:18:22 +00:00
bin/tests/system/conf.sh.in | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index d859909..9152f07 100644
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -37,17 +37,17 @@ DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
2019-07-23 13:18:22 +00:00
DELV=$TOP/bin/delv/delv
DIG=$TOP/bin/dig/dig
DNSTAPREAD=$TOP/bin/tools/dnstap-read
-DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey
2019-07-23 13:18:22 +00:00
-FEATURETEST=$TOP/bin/named/feature-test
+DSFROMKEY=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-dsfromkey${DNSSEC_VARIANT}
2019-07-23 13:18:22 +00:00
+FEATURETEST=$TOP/bin/named${NAMED_VARIANT}/feature-test${NAMED_VARIANT}
FSTRM_CAPTURE=@FSTRM_CAPTURE@
Update to 9.16.2 Notes for BIND 9.16.2 Security Fixes DNS rebinding protection was ineffective when BIND 9 is configured as a forwarding DNS server. Found and responsibly reported by Tobias Klein. [GL #1574] Known Issues We have received reports that in some circumstances, receipt of an IXFR can cause the processing of queries to slow significantly. Some of these were related to RPZ processing, which has been fixed in this release (see below). Others appear to occur where there are NSEC3-related changes (such as an operator changing the NSEC3 salt used in the hash calculation). These are being investigated. [GL #1685] Feature Changes The previous DNSSEC sign statistics used lots of memory. The number of keys to track is reduced to four per zone, which should be enough for 99% of all signed zones. [GL #1179] Bug Fixes When an RPZ policy zone was updated via zone transfer and a large number of records was deleted, named could become nonresponsive for a short period while deleted names were removed from the RPZ summary database. This database cleanup is now done incrementally over a longer period of time, reducing such delays. [GL #1447] When trying to migrate an already-signed zone from auto-dnssec maintain to one based on dnssec-policy, the existing keys were immediately deleted and replaced with new ones. As the key rollover timing constraints were not being followed, it was possible that some clients would not have been able to validate responses until all old DNSSEC information had timed out from caches. BIND now looks at the time metadata of the existing keys and incorporates it into its DNSSEC policy operation. [GL #1706]
2020-04-16 09:39:29 +00:00
HOST=$TOP/bin/dig/host
2019-07-23 13:18:22 +00:00
-IMPORTKEY=$TOP/bin/dnssec/dnssec-importkey
+IMPORTKEY=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-importkey${DNSSEC_VARIANT}
2019-07-23 13:18:22 +00:00
JOURNALPRINT=$TOP/bin/tools/named-journalprint
-KEYFRLAB=$TOP/bin/dnssec/dnssec-keyfromlabel
-KEYGEN=$TOP/bin/dnssec/dnssec-keygen
+KEYFRLAB=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-keyfromlabel${DNSSEC_VARIANT}
+KEYGEN=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-keygen${DNSSEC_VARIANT}
KEYMGR=$TOP/bin/python/dnssec-keymgr
MDIG=$TOP/bin/tools/mdig
2019-07-23 13:18:22 +00:00
-NAMED=$TOP/bin/named/named
+NAMED=$TOP/bin/named${NAMED_VARIANT}/named${NAMED_VARIANT}
NSEC3HASH=$TOP/bin/tools/nsec3hash
NSLOOKUP=$TOP/bin/dig/nslookup
NSUPDATE=$TOP/bin/nsupdate/nsupdate
@@ -56,12 +56,12 @@ PK11DEL="$TOP/bin/pkcs11/pkcs11-destroy -s ${SLOT:-0} -p ${HSMPIN:-1234} -w 0"
2019-07-23 13:18:22 +00:00
PK11GEN="$TOP/bin/pkcs11/pkcs11-keygen -q -s ${SLOT:-0} -p ${HSMPIN:-1234}"
PK11LIST="$TOP/bin/pkcs11/pkcs11-list -s ${SLOT:-0} -p ${HSMPIN:-1234}"
RESOLVE=$TOP/bin/tests/system/resolve
2019-07-23 13:18:22 +00:00
-REVOKE=$TOP/bin/dnssec/dnssec-revoke
+REVOKE=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-revoke${DNSSEC_VARIANT}
RNDC=$TOP/bin/rndc/rndc
RNDCCONFGEN=$TOP/bin/confgen/rndc-confgen
RRCHECKER=$TOP/bin/tools/named-rrchecker
-SETTIME=$TOP/bin/dnssec/dnssec-settime
-SIGNER=$TOP/bin/dnssec/dnssec-signzone
+SETTIME=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-settime${DNSSEC_VARIANT}
+SIGNER=$TOP/bin/dnssec${DNSSEC_VARIANT}/dnssec-signzone${DNSSEC_VARIANT}
TSIGKEYGEN=$TOP/bin/confgen/tsig-keygen
VERIFY=$TOP/bin/dnssec/dnssec-verify
WIRETEST=$TOP/bin/tests/wire_test
--
2.26.3