[Opendnssec-commits] matthijs r7109 - in branches/OpenDNSSEC-1.3: . signer/src/daemon signer/src/signer testing/test-cases.d/signer.zones.validate_many_zones

commits at svn.opendnssec.org commits at svn.opendnssec.org
Mon Apr 22 11:52:44 CEST 2013


Author: matthijs
Date: Mon Apr 22 11:52:44 2013
New Revision: 7109
URL: http://fisheye.opendnssec.org/changelog/opendnssec?cs=7109

Log:
OPENDNSSEC-247: Now also for NSEC3!

Modified:
   branches/OpenDNSSEC-1.3/NEWS
   branches/OpenDNSSEC-1.3/signer/src/daemon/worker.c
   branches/OpenDNSSEC-1.3/signer/src/signer/signconf.c
   branches/OpenDNSSEC-1.3/testing/test-cases.d/signer.zones.validate_many_zones/test.sh

Modified: branches/OpenDNSSEC-1.3/NEWS
==============================================================================
--- branches/OpenDNSSEC-1.3/NEWS	Mon Apr 22 09:42:30 2013	(r7108)
+++ branches/OpenDNSSEC-1.3/NEWS	Mon Apr 22 11:52:44 2013	(r7109)
@@ -7,6 +7,8 @@
 * OPENDNSSEC-91: Make the keytype flag required when rolling keys
 
 Bugfixes:
+* OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on SOA
+  Minimum change.
 * OPENDNSSEC-396: Use TTLs from kasp when generating DNSKEY and DS records for
   output.
 * OPENDNSSEC-398: The ods-ksmutil key rollover command does not work correctly

Modified: branches/OpenDNSSEC-1.3/signer/src/daemon/worker.c
==============================================================================
--- branches/OpenDNSSEC-1.3/signer/src/daemon/worker.c	Mon Apr 22 09:42:30 2013	(r7108)
+++ branches/OpenDNSSEC-1.3/signer/src/daemon/worker.c	Mon Apr 22 11:52:44 2013	(r7109)
@@ -314,7 +314,7 @@
                         worker->jobs_completed, worker->jobs_appointed);
                     status = ODS_STATUS_ERR;
                 } else if (worker->need_to_exit) {
-                    ods_log_debug("[%s[%i]] sign zone %s failed: worker "
+                    ods_log_warning("[%s[%i]] sign zone %s failed: worker "
                         "needs to exit", worker2str(worker->type),
                         worker->thread_num, task_who2str(task->who));
                     status = ODS_STATUS_ERR;

Modified: branches/OpenDNSSEC-1.3/signer/src/signer/signconf.c
==============================================================================
--- branches/OpenDNSSEC-1.3/signer/src/signer/signconf.c	Mon Apr 22 09:42:30 2013	(r7108)
+++ branches/OpenDNSSEC-1.3/signer/src/signer/signconf.c	Mon Apr 22 11:52:44 2013	(r7109)
@@ -440,7 +440,9 @@
     ods_log_assert(a);
     ods_log_assert(b);
 
-   if (a->nsec_type != b->nsec_type) {
+   if (duration_compare(a->soa_min, b->soa_min)) {
+       new_task = TASK_NSECIFY;
+   } else if (a->nsec_type != b->nsec_type) {
        new_task = TASK_NSECIFY;
    } else if (a->nsec_type == LDNS_RR_TYPE_NSEC3) {
        if ((ods_strcmp(a->nsec3_salt, b->nsec3_salt) != 0) ||
@@ -450,8 +452,6 @@
 
            new_task = TASK_NSECIFY;
        }
-   } else if (duration_compare(a->soa_min, b->soa_min)) {
-       new_task = TASK_NSECIFY;
    }
    return new_task;
 }

Modified: branches/OpenDNSSEC-1.3/testing/test-cases.d/signer.zones.validate_many_zones/test.sh
==============================================================================
--- branches/OpenDNSSEC-1.3/testing/test-cases.d/signer.zones.validate_many_zones/test.sh	Mon Apr 22 09:42:30 2013	(r7108)
+++ branches/OpenDNSSEC-1.3/testing/test-cases.d/signer.zones.validate_many_zones/test.sh	Mon Apr 22 11:52:44 2013	(r7109)
@@ -13,7 +13,6 @@
                 ;;
 esac
 
-
 if [ -n "$HAVE_MYSQL" ]; then
 	ods_setup_conf conf.xml conf-mysql.xml
 fi &&
@@ -26,7 +25,8 @@
 #########################################################################
 # Basic checks of signing test zones
 
-log_this_timeout ods-control-signer-start 60 ods-signerd -1 &&
+log_this_timeout ods-control-signer-start 60 ods-signerd -vvvv &&
+#log_this_timeout ods-control-signer-start 60 ods-control signer start &&
 syslog_waitfor 60 'ods-signerd: .*\[engine\] signer started' &&
 
 syslog_waitfor 60 'ods-signerd: .*\[STATS\] example.com' &&
@@ -49,7 +49,7 @@
                 log_this validate-zone-ods validns -s -p cname-other-data -p dname -p dnskey -p nsec3param-not-apex -p mx-alias -p ns-alias -p rp-txt-exists -p tlsa-host "$INSTALL_ROOT/var/opendnssec/signed/example.com" &&
                 log_grep validate-zone-ods stdout 'validation errors:   0' &&
                 log_this validate-zone-all.rr.org validns -s -p all "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
-                log_grep validate-zone-all.rr.org stdout 'validation errors:   0' 
+                log_grep validate-zone-all.rr.org stdout 'validation errors:   0'
                 # The other two zone types don't seem to be supported by validns
                 ;;
 esac &&
@@ -61,23 +61,15 @@
 #OPENDNSSEC-247 - Update the SOA minimum in the policy and make sure the NSEC TTL changes.
 $GREP -q -- "<Minimum>PT300S</Minimum>" "$INSTALL_ROOT/var/opendnssec/signconf/all.rr.org" &&
 $GREP -q -- "300.*IN.*NSEC3" "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
-mv kasp.xml kasp.xml_orig &&
+cp kasp.xml kasp.xml.orig &&
 cp test/kasp.xml kasp.xml &&
 log_this ods-update-policy ods_setup_conf kasp.xml &&
 log_this_timeout ods-update-policy 10 ods-ksmutil update kasp &&
 syslog_waitfor_count 60 2 'ods-enforcerd: .*Sleeping for' &&
 $GREP -q -- "<Minimum>PT600S</Minimum>" "$INSTALL_ROOT/var/opendnssec/signconf/all.rr.org" &&
-
-log_this_timeout ods-control-signer-start 60 ods-signerd  &&
-syslog_waitfor 60 'ods-signerd: .*\[engine\] signer started' &&
-# SAD -> MM: This is only logged when using SQLite...
-#syslog_waitfor 60 'ods-signerd: .*zone all.rr.org set soa ttl to 600' &&
-
-log_this ods-resign-diff_ttl ods-signer sign all.rr.org &&
 syslog_waitfor_count 60 2 'ods-signerd: .*\[STATS\] all.rr.org' &&
 test -f "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
-# SAD -> MM: This check fails...
-#$GREP -q -- "600.*IN.*NSEC3" "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
+$GREP -q -- "600.*IN.*NSEC3" "$INSTALL_ROOT/var/opendnssec/signed/all.rr.org" &&
 
 #########################################################################
 
@@ -85,12 +77,12 @@
 syslog_waitfor 60 'ods-enforcerd: .*all done' &&
 syslog_waitfor 60 'ods-signerd: .*\[engine\] signer shutdown' &&
 
-mv kasp.xml_orig kasp.xml &&
+cp kasp.xml.orig kasp.xml &&
 return 0
 
 echo '*********** ERROR **********'
 ods_kill
-mv kasp.xml_orig kasp.xml
+cp kasp.xml.orig kasp.xml
 return 1
 
 



More information about the Opendnssec-commits mailing list