xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/nsupdate/setup.sh (revision 9689912e6b171cbda866ec33f15ae94a04e2c02d) 
1#!/bin/sh
2
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# SPDX-License-Identifier: MPL-2.0
6#
7# This Source Code Form is subject to the terms of the Mozilla Public
8# License, v. 2.0.  If a copy of the MPL was not distributed with this
9# file, you can obtain one at https://mozilla.org/MPL/2.0/.
10#
11# See the COPYRIGHT file distributed with this work for additional
12# information regarding copyright ownership.
13
14. ../conf.sh
15
16if $FEATURETEST --have-fips-dh; then
17  copy_setports ns1/tls.conf.in ns1/tls.conf
18  copy_setports ns1/tls.options.in ns1/tls.options
19else
20  : >ns1/tls.conf
21  : >ns1/tls.options
22fi
23copy_setports ns1/named.conf.in ns1/named.conf
24copy_setports ns2/named.conf.in ns2/named.conf
25copy_setports ns3/named.conf.in ns3/named.conf
26copy_setports ns5/named.conf.in ns5/named.conf
27copy_setports ns6/named.conf.in ns6/named.conf
28copy_setports ns7/named1.conf.in ns7/named.conf
29copy_setports ns8/named.conf.in ns8/named.conf
30
31# If "tkey-gssapi-credential" is set in the configuration and GSSAPI support is
32# not available, named will refuse to start.  As the test system framework does
33# not support starting named instances conditionally, ensure that
34# "tkey-gssapi-credential" is only present in named.conf if GSSAPI support is
35# available.
36copy_setports ns9/named.conf.in ns9/named.conf.in.tkey
37copy_setports ns10/named.conf.in ns10/named.conf.in.tkey
38if $FEATURETEST --gssapi; then
39  sed 's|@TKEY_CONFIGURATION@|tkey-gssapi-credential "DNS/ns9.example.com@EXAMPLE.COM";|' ns9/named.conf.in.tkey >ns9/named.conf
40  sed 's|@TKEY_CONFIGURATION@|tkey-gssapi-credential "DNS/ns10.example.com@EXAMPLE.COM";|' ns10/named.conf.in.tkey >ns10/named.conf
41else
42  sed 's|@TKEY_CONFIGURATION@||' ns9/named.conf.in.tkey >ns9/named.conf
43  sed 's|@TKEY_CONFIGURATION@||' ns10/named.conf.in.tkey >ns10/named.conf
44fi
45rm -f ns9/named.conf.in.tkey
46rm -f ns10/named.conf.in.tkey
47
48copy_setports verylarge.in verylarge
49
50cp -f ns1/example1.db ns1/example.db
51sed 's/example.nil/other.nil/g' ns1/example1.db >ns1/other.db
52sed 's/example.nil/unixtime.nil/g' ns1/example1.db >ns1/unixtime.db
53sed 's/example.nil/yyyymmddvv.nil/g' ns1/example1.db >ns1/yyyymmddvv.db
54sed 's/example.nil/keytests.nil/g' ns1/example1.db >ns1/keytests.db
55cp -f ns3/example.db.in ns3/example.db
56cp -f ns3/relaxed.db.in ns3/relaxed.db
57cp -f ns3/too-big.test.db.in ns3/too-big.test.db
58
59# update_test.pl has its own zone file because it
60# requires a specific NS record set.
61cat <<\EOF >ns1/update.db
62$ORIGIN .
63$TTL 300        ; 5 minutes
64update.nil              IN SOA  ns1.example.nil. hostmaster.example.nil. (
65                                1          ; serial
66                                2000       ; refresh (2000 seconds)
67                                2000       ; retry (2000 seconds)
68                                1814400    ; expire (3 weeks)
69                                3600       ; minimum (1 hour)
70                                )
71update.nil.             NS      ns1.update.nil.
72ns1.update.nil.         A       10.53.0.2
73ns2.update.nil.		AAAA	::1
74EOF
75
76$TSIGKEYGEN ddns-key.example.nil >ns1/ddns.key
77
78if $FEATURETEST --md5; then
79  $TSIGKEYGEN -a hmac-md5 md5-key >ns1/md5.key
80else
81  echo "/* MD5 NOT SUPPORTED */" >ns1/md5.key
82fi
83$TSIGKEYGEN -a hmac-sha1 sha1-key >ns1/sha1.key
84$TSIGKEYGEN -a hmac-sha224 sha224-key >ns1/sha224.key
85$TSIGKEYGEN -a hmac-sha256 sha256-key >ns1/sha256.key
86$TSIGKEYGEN -a hmac-sha384 sha384-key >ns1/sha384.key
87$TSIGKEYGEN -a hmac-sha512 sha512-key >ns1/sha512.key
88
89if $FEATURETEST --md5; then
90  echo 'key "legacy-157" { algorithm "hmac-md5"; secret "mGcDSCx/fF121GOVJlITLg=="; };' >ns1/legacy157.key
91else
92  echo "/* MD5 NOT SUPPORTED */" >ns1/legacy157.key
93fi
94echo 'key "legacy-161" { algorithm "hmac-sha1"; secret "N80fGvcr8JifzRUJ62R4rQ=="; };' >ns1/legacy161.key
95echo 'key "legacy-162" { algorithm "hmac-sha224"; secret "nSIKzFAGS7/tvBs8JteI+Q=="; };' >ns1/legacy162.key
96echo 'key "legacy-163" { algorithm "hmac-sha256"; secret "CvaupxnDeES3HnlYhTq53w=="; };' >ns1/legacy163.key
97echo 'key "legacy-164" { algorithm "hmac-sha384"; secret "wDldBJwJrYfPoL1Pj4ucOQ=="; };' >ns1/legacy164.key
98echo 'key "legacy-165" { algorithm "hmac-sha512"; secret "OgZrTcEa8P76hVY+xyN7Wg=="; };' >ns1/legacy165.key
99
100(
101  cd ns3
102  $SHELL -e sign.sh
103)
104
105cp -f ns1/many.test.db.in ns1/many.test.db
106
107cp ns1/sample.db.in ns1/sample.db
108cp ns2/sample.db.in ns2/sample.db
109
110cp -f ns1/maxjournal.db.in ns1/maxjournal.db
111
112cp -f ns5/local.db.in ns5/local.db
113cp -f ns6/2.0.0.2.ip6.addr.db.in ns6/2.0.0.2.ip6.addr.db
114cp -f ns6/in-addr.db.in ns6/in-addr.db
115cp -f ns7/in-addr.db.in ns7/in-addr.db
116cp -f ns7/example.com.db.in ns7/example.com.db
117cp -f ns8/in-addr.db.in ns8/in-addr.db
118cp -f ns8/example.com.db.in ns8/example.com.db
119cp -f ns9/in-addr.db.in ns9/in-addr.db
120cp -f ns9/example.com.db.in ns9/example.com.db
121cp -f ns9/example.com.db.in ns9/denyname.example.db
122cp -f ns10/in-addr.db.in ns10/in-addr.db
123cp -f ns10/example.com.db.in ns10/example.com.db
124