summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2018-09-13 10:19:51 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2018-09-13 10:19:51 +0000
commit581e8bbd56a8ff80d29e4fd1b4e8e2c43122dea4 (patch)
tree71a90f72e1cad0490b4dba1f7e2c62b05ab1b889
parentReleasing progress-linux version 3.0.0-1~dschinn1. (diff)
downloadknot-resolver-581e8bbd56a8ff80d29e4fd1b4e8e2c43122dea4.zip
knot-resolver-581e8bbd56a8ff80d29e4fd1b4e8e2c43122dea4.tar.xz
Merging debian version 3.0.0-2.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/TODO2
-rw-r--r--debian/changelog6
-rw-r--r--debian/tests/control3
-rwxr-xr-xdebian/tests/roundtrip114
4 files changed, 123 insertions, 2 deletions
diff --git a/debian/TODO b/debian/TODO
index b0cb921..8e24e45 100644
--- a/debian/TODO
+++ b/debian/TODO
@@ -2,8 +2,6 @@ Things to work on for debian packaging for knot-resolver:
* clean up javascript bundled by upstream, try to regenerate it from source
-* write a more complex autopkgtest test suite
-
* address all the warnings about ISO C and C99
* trim linker dependencies. lots of "(they use none of the library's
diff --git a/debian/changelog b/debian/changelog
index c3b405f..1480c18 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+knot-resolver (3.0.0-2) unstable; urgency=medium
+
+ * autopkgtest: added full roundtrip tests
+
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 30 Aug 2018 14:41:02 -0400
+
knot-resolver (3.0.0-1~dschinn1) dschinn-backports; urgency=medium
* Uploading to dschinn-backports, remaining changes:
diff --git a/debian/tests/control b/debian/tests/control
index be666d7..0975e8c 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,2 +1,5 @@
Test-Command: make installcheck
Depends: @, @builddeps@
+
+Tests: roundtrip
+Depends: knot-dnsutils, knot-resolver, socat, systemd
diff --git a/debian/tests/roundtrip b/debian/tests/roundtrip
new file mode 100755
index 0000000..75b9c43
--- /dev/null
+++ b/debian/tests/roundtrip
@@ -0,0 +1,114 @@
+#!/bin/bash
+
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# 2018-08-30
+# License: GPLv3+
+
+# error on exit
+set -e
+# for handling jobspecs:
+set -m
+
+if [ -z "$AUTOPKGTEST_ARTIFACTS" ]; then
+ d="$(mktemp -d)"
+ remove="$d"
+else
+ d="$AUTOPKGTEST_ARTIFACTS"
+fi
+ip="${TESTIP:-127.$(( $RANDOM % 256 )).$(( $RANDOM % 256 )).$(( $RANDOM % 256 ))}"
+
+printf "kresd + kdig roundtrip tests\n------------\n workdir: %s\n IP addr: %s\n" "$d" "$ip"
+
+section() {
+ printf "\n%s\n" "$1"
+ sed 's/./-/g' <<<"$1"
+}
+
+cleanup () {
+ section "cleaning up"
+ find "$d" -ls
+ tail "$d"/*.err
+ echo 'quit()' | socat STDIO UNIX:"$d/control"
+ if [ "$remove" ]; then
+ printf "cleaning up working directory %s\n" "$remove"
+ rm -rf "$remove"
+ fi
+}
+trap cleanup EXIT
+
+section "make Certificate Authority key and certificate"
+cat > "$d/ca.template" <<EOF
+cn = "testing certificate authority (NOT FOR PRODUCTION)"
+expiration_days = 12
+ca
+path_len = 1
+nc_permit_dns = example
+cert_signing_key
+EOF
+certtool --stdout-info --generate-privkey --outfile "$d/ca-key.pem"
+certtool --stdout-info --generate-self-signed --template "$d/ca.template" --load-privkey "$d/ca-key.pem" --outfile "$d/ca-cert.pem"
+
+section "make Bogus Certificate Authority key and certificate"
+certtool --stdout-info --generate-privkey --outfile "$d/bogus-key.pem"
+certtool --stdout-info --generate-self-signed --template "$d/ca.template" --load-privkey "$d/bogus-key.pem" --outfile "$d/bogus-cert.pem"
+
+section "make End Entity key and certificate"
+cat > "$d/ee.template" <<EOF
+cn = "test.example"
+dns_name = test.example
+expiration_days = 10
+signing_key
+tls_www_server
+EOF
+certtool --stdout-info --generate-privkey --outfile "$d/ee-key.pem"
+certtool --stdout-info --pubkey-info --load-privkey "$d/ee-key.pem" --outfile "$d/ee-pubkey.pem"
+certtool --stdout-info --generate-certificate --load-ca-privkey "$d/ca-key.pem" --load-ca-certificate "$d/ca-cert.pem" --template "$d/ee.template" --load-pubkey "$d/ee-pubkey.pem" --outfile "$d/ee-cert.pem"
+
+section "set up kresd daemon on $ip:8853"
+cat > "$d/kresd.conf" <<EOF
+modules = { 'hints > iterate' }
+net.tls("$d/ee-cert.pem", "$d/ee-key.pem")
+hints["monkeys.example"] = "127.15.23.5"
+EOF
+# FIXME: we have no UDP listener because of limitations of
+# systemd-socket-activate:
+# https://github.com/systemd/systemd/issues/9983
+systemd-socket-activate -l "$ip:8853" -l "$d/control" -l "$ip:8053" --fdname=tls:control:dns /usr/sbin/kresd -c "$d/kresd.conf" "$d" 2> "$d/kresd.err" &
+
+sleep 1
+
+# section "test UDP with kdig"
+# x=$(kdig +short @"$ip:8053" monkeys.example)
+# [ "$x" = "127.15.23.5" ]
+# echo "successful UDP request to $ip on port 8053"
+
+section "test TCP with kdig"
+x=$(kdig +short +tcp @"$ip:8053" monkeys.example)
+[ "$x" = "127.15.23.5" ]
+echo "successful TCP request to $ip on port 8053"
+
+section "test opportunistic DNS-over-TLS with kdig"
+x=$(kdig +short +tls @"$ip:8853" monkeys.example)
+[ "$x" = "127.15.23.5" ]
+echo "successful opportunistic DNS-over-TLS request to $ip on port 8853"
+
+section "test strict DNS-over-TLS with kdig"
+x=$(kdig +short +tls +tls-ca="$d/ca-cert.pem" +tls-hostname=test.example @"$ip:8853" monkeys.example)
+[ "$x" = "127.15.23.5" ]
+echo "successful strict DNS-over-TLS request to $ip on port 8853"
+
+section "test invalid name with strict DNS-over-TLS with kdig"
+x=$(kdig +tls +tls-ca="$d/ca-cert.pem" +tls-hostname=notright.example @"$ip:8853" monkeys.example) 2>&1
+if [ "$x" ]; then
+ printf >&2 "got: %s\nShould not have succeeded since name did not match!" "$x"
+ false
+fi
+echo "successful strict DNS-over-TLS request failure when name mismatch to $ip on port 8853"
+
+section "test bad authority with strict DNS-over-TLS with kdig"
+x=$(kdig +tls-ca="$d/bogus-cert.pem" +tls-hostname=test.example @"$ip:8853" monkeys.example) 2>&1
+if [ "$x" ]; then
+ printf >&2 "got: %s\nShould not have succeeded since authority was wrong!" "$x"
+ false
+fi
+echo "successful strict DNS-over-TLS request failure to $ip on port 8853"