bind/backport-0036-Add-kasp-test-for-3302.patch

From 6226ab2fa910f01d75fd5b5c91c6452e38d1e7d0 Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 3 May 2022 12:24:58 +0200
Subject: [PATCH] Add kasp test for #3302

Add a test case that triggers a keymgr run that will not trigger any
metadata changes. Ensure that the last status change of the key files
is unmodified.

(cherry picked from commit 7249bad706ab7e15660f4317dbfb76c65bd059cd)
Conflict: NA
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/6226ab2fa910f01d75fd5b5c91c6452e38d1e7d0
---
 bin/tests/system/kasp.sh       | 12 ++++++++++-
 bin/tests/system/kasp/tests.sh | 38 ++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/bin/tests/system/kasp.sh b/bin/tests/system/kasp.sh
index 01bcce3fd0..f41911a68e 100644
--- a/bin/tests/system/kasp.sh
+++ b/bin/tests/system/kasp.sh
@@ -64,6 +64,9 @@ VIEW3="C1Azf+gGPMmxrUg/WQINP6eV9Y0="
 # EXPECT_KRRSIG
 # LEGACY
 # PRIVATE
+# PRIVKEY_STAT
+# PUBKEY_STAT
+# STATE_STAT
 
 key_key() {
 	echo "${1}__${2}"
@@ -86,6 +89,10 @@ key_save()
 	key_set "$1" BASEFILE "$BASE_FILE"
 	# Save creation date.
 	key_set "$1" CREATED "${KEY_CREATED}"
+	# Save key change time.
+	key_set "$1" PRIVKEY_STAT $(stat -c '%Z' "${BASE_FILE}.private")
+	key_set "$1" PUBKEY_STAT $(stat -c '%Z' "${BASE_FILE}.key")
+	key_set "$1" STATE_STAT $(stat -c '%Z' "${BASE_FILE}.state")
 }
 
 # Clear key state.
@@ -98,6 +105,7 @@ key_clear() {
 	key_set "$1" "ROLE" 'none'
 	key_set "$1" "KSK" 'no'
 	key_set "$1" "ZSK" 'no'
+	key_set "$1" "FLAGS" '0'
 	key_set "$1" "LIFETIME" 'none'
 	key_set "$1" "ALG_NUM" '0'
 	key_set "$1" "ALG_STR" 'none'
@@ -118,7 +126,9 @@ key_clear() {
 	key_set "$1" "EXPECT_KRRSIG" 'no'
 	key_set "$1" "LEGACY" 'no'
 	key_set "$1" "PRIVATE" 'yes'
-	key_set "$1" "FLAGS" '0'
+	key_set "$1" "PRIVKEY_STAT" '0'
+	key_set "$1" "PUBKEY_STAT" '0'
+	key_set "$1" "STATE_STAT" '0'
 }
 
 # Start clear.
diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh
index f4b3714a54..eccf33a2d3 100644
--- a/bin/tests/system/kasp/tests.sh
+++ b/bin/tests/system/kasp/tests.sh
@@ -294,6 +294,44 @@ check_apex
 check_subdomain
 dnssec_verify
 
+# Trigger a keymgr run. Make sure the key files are not touched if there are
+# no modifications to the key metadata.
+n=$((n+1))
+echo_i "make sure key files are untouched if metadata does not change ($n)"
+ret=0
+basefile=$(key_get KEY1 BASEFILE)
+privkey_stat=$(key_get KEY1 PRIVKEY_STAT)
+pubkey_stat=$(key_get KEY1 PUBKEY_STAT)
+state_stat=$(key_get KEY1 STATE_STAT)
+
+nextpart $DIR/named.run > /dev/null
+rndccmd 10.53.0.3 loadkeys "$ZONE" > /dev/null || log_error "rndc loadkeys zone ${ZONE} failed"
+wait_for_log 3 "keymgr: $ZONE done" $DIR/named.run
+privkey_stat2=$(stat -c '%Z' "${basefile}.private")
+pubkey_stat2=$(stat -c '%Z' "${basefile}.key")
+state_stat2=$(stat -c '%Z' "${basefile}.state")
+test "$privkey_stat" = "$privkey_stat2" || log_error "wrong private key file stat (expected $privkey_stat got $privkey_stat2)"
+test "$pubkey_stat" = "$pubkey_stat2" || log_error "wrong public key file stat (expected $pubkey_stat got $pubkey_stat2)"
+test "$state_stat" = "$state_stat2" || log_error "wrong state file stat (expected $state_stat got $state_stat2)"
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "again ($n)"
+ret=0
+
+nextpart $DIR/named.run > /dev/null
+rndccmd 10.53.0.3 loadkeys "$ZONE" > /dev/null || log_error "rndc loadkeys zone ${ZONE} failed"
+wait_for_log 3 "keymgr: done" $DIR/named.run
+privkey_stat2=$(stat -c '%Z' "${basefile}.private")
+pubkey_stat2=$(stat -c '%Z' "${basefile}.key")
+state_stat2=$(stat -c '%Z' "${basefile}.state")
+test "$privkey_stat" = "$privkey_stat2" || log_error "wrong private key file stat (expected $privkey_stat got $privkey_stat2)"
+test "$pubkey_stat" = "$pubkey_stat2" || log_error "wrong public key file stat (expected $pubkey_stat got $pubkey_stat2)"
+test "$state_stat" = "$state_stat2" || log_error "wrong state file stat (expected $state_stat got $state_stat2)"
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+
 # Update zone.
 n=$((n+1))
 echo_i "modify unsigned zone file and check that new record is signed for zone ${ZONE} ($n)"
-- 
2.23.0
backport bugfix patches 2022-12-26 15:55:21 +08:00			`From 6226ab2fa910f01d75fd5b5c91c6452e38d1e7d0 Mon Sep 17 00:00:00 2001`
			`From: Matthijs Mekking <matthijs@isc.org>`
			`Date: Tue, 3 May 2022 12:24:58 +0200`
			`Subject: [PATCH] Add kasp test for #3302`

			`Add a test case that triggers a keymgr run that will not trigger any`
			`metadata changes. Ensure that the last status change of the key files`
			`is unmodified.`

			`(cherry picked from commit 7249bad706ab7e15660f4317dbfb76c65bd059cd)`
			`Conflict: NA`
			`Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/6226ab2fa910f01d75fd5b5c91c6452e38d1e7d0`
			`---`
			`bin/tests/system/kasp.sh \| 12 ++++++++++-`
			`bin/tests/system/kasp/tests.sh \| 38 ++++++++++++++++++++++++++++++++++`
			`2 files changed, 49 insertions(+), 1 deletion(-)`

			`diff --git a/bin/tests/system/kasp.sh b/bin/tests/system/kasp.sh`
			`index 01bcce3fd0..f41911a68e 100644`
			`--- a/bin/tests/system/kasp.sh`
			`+++ b/bin/tests/system/kasp.sh`
			`@@ -64,6 +64,9 @@ VIEW3="C1Azf+gGPMmxrUg/WQINP6eV9Y0="`
			`# EXPECT_KRRSIG`
			`# LEGACY`
			`# PRIVATE`
			`+# PRIVKEY_STAT`
			`+# PUBKEY_STAT`
			`+# STATE_STAT`

			`key_key() {`
			`echo "${1}__${2}"`
			`@@ -86,6 +89,10 @@ key_save()`
			`key_set "$1" BASEFILE "$BASE_FILE"`
			`# Save creation date.`
			`key_set "$1" CREATED "${KEY_CREATED}"`
			`+ # Save key change time.`
			`+ key_set "$1" PRIVKEY_STAT $(stat -c '%Z' "${BASE_FILE}.private")`
			`+ key_set "$1" PUBKEY_STAT $(stat -c '%Z' "${BASE_FILE}.key")`
			`+ key_set "$1" STATE_STAT $(stat -c '%Z' "${BASE_FILE}.state")`
			`}`

			`# Clear key state.`
			`@@ -98,6 +105,7 @@ key_clear() {`
			`key_set "$1" "ROLE" 'none'`
			`key_set "$1" "KSK" 'no'`
			`key_set "$1" "ZSK" 'no'`
			`+ key_set "$1" "FLAGS" '0'`
			`key_set "$1" "LIFETIME" 'none'`
			`key_set "$1" "ALG_NUM" '0'`
			`key_set "$1" "ALG_STR" 'none'`
			`@@ -118,7 +126,9 @@ key_clear() {`
			`key_set "$1" "EXPECT_KRRSIG" 'no'`
			`key_set "$1" "LEGACY" 'no'`
			`key_set "$1" "PRIVATE" 'yes'`
			`- key_set "$1" "FLAGS" '0'`
			`+ key_set "$1" "PRIVKEY_STAT" '0'`
			`+ key_set "$1" "PUBKEY_STAT" '0'`
			`+ key_set "$1" "STATE_STAT" '0'`
			`}`

			`# Start clear.`
			`diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh`
			`index f4b3714a54..eccf33a2d3 100644`
			`--- a/bin/tests/system/kasp/tests.sh`
			`+++ b/bin/tests/system/kasp/tests.sh`
			`@@ -294,6 +294,44 @@ check_apex`
			`check_subdomain`
			`dnssec_verify`

			`+# Trigger a keymgr run. Make sure the key files are not touched if there are`
			`+# no modifications to the key metadata.`
			`+n=$((n+1))`
			`+echo_i "make sure key files are untouched if metadata does not change ($n)"`
			`+ret=0`
			`+basefile=$(key_get KEY1 BASEFILE)`
			`+privkey_stat=$(key_get KEY1 PRIVKEY_STAT)`
			`+pubkey_stat=$(key_get KEY1 PUBKEY_STAT)`
			`+state_stat=$(key_get KEY1 STATE_STAT)`
			`+`
			`+nextpart $DIR/named.run > /dev/null`
			`+rndccmd 10.53.0.3 loadkeys "$ZONE" > /dev/null \|\| log_error "rndc loadkeys zone ${ZONE} failed"`
			`+wait_for_log 3 "keymgr: $ZONE done" $DIR/named.run`
			`+privkey_stat2=$(stat -c '%Z' "${basefile}.private")`
			`+pubkey_stat2=$(stat -c '%Z' "${basefile}.key")`
			`+state_stat2=$(stat -c '%Z' "${basefile}.state")`
			`+test "$privkey_stat" = "$privkey_stat2" \|\| log_error "wrong private key file stat (expected $privkey_stat got $privkey_stat2)"`
			`+test "$pubkey_stat" = "$pubkey_stat2" \|\| log_error "wrong public key file stat (expected $pubkey_stat got $pubkey_stat2)"`
			`+test "$state_stat" = "$state_stat2" \|\| log_error "wrong state file stat (expected $state_stat got $state_stat2)"`
			`+test "$ret" -eq 0 \|\| echo_i "failed"`
			`+status=$((status+ret))`
			`+`
			`+n=$((n+1))`
			`+echo_i "again ($n)"`
			`+ret=0`
			`+`
			`+nextpart $DIR/named.run > /dev/null`
			`+rndccmd 10.53.0.3 loadkeys "$ZONE" > /dev/null \|\| log_error "rndc loadkeys zone ${ZONE} failed"`
			`+wait_for_log 3 "keymgr: done" $DIR/named.run`
			`+privkey_stat2=$(stat -c '%Z' "${basefile}.private")`
			`+pubkey_stat2=$(stat -c '%Z' "${basefile}.key")`
			`+state_stat2=$(stat -c '%Z' "${basefile}.state")`
			`+test "$privkey_stat" = "$privkey_stat2" \|\| log_error "wrong private key file stat (expected $privkey_stat got $privkey_stat2)"`
			`+test "$pubkey_stat" = "$pubkey_stat2" \|\| log_error "wrong public key file stat (expected $pubkey_stat got $pubkey_stat2)"`
			`+test "$state_stat" = "$state_stat2" \|\| log_error "wrong state file stat (expected $state_stat got $state_stat2)"`
			`+test "$ret" -eq 0 \|\| echo_i "failed"`
			`+status=$((status+ret))`
			`+`
			`# Update zone.`
			`n=$((n+1))`
			`echo_i "modify unsigned zone file and check that new record is signed for zone ${ZONE} ($n)"`
			`--`
			`2.23.0`