bind/dnssec-checkds-s.patch

From 3b4f23cdbfa3f285d06eea8c4101650d2ab4e945 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Thu, 26 Oct 2017 21:05:11 -0700
Subject: [PATCH 1314/3677] [master] dnssec-checkds -s

4794.	[func]		"dnssec-checkds -s" specifies a file from which
			to read a DS set rather than querying the parent.
			[RT #44667]
---
 CHANGES                                     |   8 +-
 bin/python/dnssec-checkds.docbook           |  24 +++---
 bin/tests/system/checkds/clean.sh           |   2 -
 bin/tests/system/checkds/dig.pl             |   2 -
 bin/tests/system/checkds/dig.sh             |   3 -
 bin/tests/system/checkds/prep.example.db    | 121 ++++++++++++++++++++++++++++
 bin/tests/system/checkds/prep.example.ds.db |   2 +
 bin/tests/system/checkds/tests.sh           |   9 +++
 doc/arm/notes.xml                           |   8 ++
 10 files changed, 190 insertions(+), 38 deletions(-)
 create mode 100644 bin/tests/system/checkds/prep.example.db
 create mode 100644 bin/tests/system/checkds/prep.example.ds.db

diff --git a/bin/python/dnssec-checkds.docbook b/bin/python/dnssec-checkds.docbook
index 91716bc..069d6e9 100644
--- a/bin/python/dnssec-checkds.docbook
+++ b/bin/python/dnssec-checkds.docbook
@@ -42,20 +42,13 @@
   <refsynopsisdiv>
     <cmdsynopsis sepchar=" ">
       <command>dnssec-checkds</command>
-      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
-      <arg choice="req" rep="norepeat">zone</arg>
-    </cmdsynopsis>
-    <cmdsynopsis sepchar=" ">
-      <command>dnssec-dsfromkey</command>
-      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">file</replaceable></option></arg>
       <arg choice="req" rep="norepeat">zone</arg>
-   </cmdsynopsis>
+    </cmdsynopsis>
   </refsynopsisdiv>
 
   <refsection><info><title>DESCRIPTION</title></info>
@@ -93,6 +86,17 @@
       </varlistentry>
 
       <varlistentry>
+        <term>-s <replaceable class="parameter">file</replaceable></term>
+        <listitem>
+          <para>
+            Specifies a prepared dsset file, such as would be generated
+            by <command>dnssec-signzone</command>, to use as a source for
+            the DS RRset instead of querying the parent.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term>-d <replaceable class="parameter">dig path</replaceable></term>
         <listitem>
           <para>
diff --git a/bin/python/isc/checkds.py.in b/bin/python/isc/checkds.py.in
index ce50355..a161554 100644
--- a/bin/python/isc/checkds.py.in
+++ b/bin/python/isc/checkds.py.in
@@ -89,39 +93,43 @@ class SECRR:
 # Generate a set of expected DS/DLV records from the DNSKEY RRset,
 # and report on congruency.
 ############################################################################
-def check(zone, args, masterfile=None, lookaside=None):
+def check(zone, args):
     rrlist = []
-    cmd = [args.dig, "+noall", "+answer", "-t", "dlv" if lookaside else "ds",
-           "-q", zone + "." + lookaside if lookaside else zone]
-    fp, _ = Popen(cmd, stdout=PIPE).communicate()
+    if args.dssetfile:
+        fp = open(args.dssetfile).read()
+    else:
+        cmd = [args.dig, "+noall", "+answer", "-t",
+                "dlv" if args.lookaside else "ds", "-q",
+                zone + "." + args.lookaside if args.lookaside else zone]
+        fp, _ = Popen(cmd, stdout=PIPE).communicate()
 
     for line in fp.splitlines():
         if type(line) is not str:
             line = line.decode('ascii')
-        rrlist.append(SECRR(line, lookaside))
+        rrlist.append(SECRR(line, args.lookaside))
     rrlist = sorted(rrlist, key=lambda rr: (rr.keyid, rr.keyalg, rr.hashalg))
 
     klist = []
 
-    if masterfile:
-        cmd = [args.dsfromkey, "-f", masterfile]
-        if lookaside:
-            cmd += ["-l", lookaside]
+    if args.masterfile:
+        cmd = [args.dsfromkey, "-f", args.masterfile]
+        if args.lookaside:
+            cmd += ["-l", args.lookaside]
         cmd.append(zone)
         fp, _ = Popen(cmd, stdout=PIPE).communicate()
     else:
         intods, _ = Popen([args.dig, "+noall", "+answer", "-t", "dnskey",
                            "-q", zone], stdout=PIPE).communicate()
         cmd = [args.dsfromkey, "-f", "-"]
-        if lookaside:
-            cmd += ["-l", lookaside]
+        if args.lookaside:
+            cmd += ["-l", args.lookaside]
         cmd.append(zone)
         fp, _ = Popen(cmd, stdin=PIPE, stdout=PIPE).communicate(intods)
 
     for line in fp.splitlines():
         if type(line) is not str:
             line = line.decode('ascii')
-        klist.append(SECRR(line, lookaside))
+        klist.append(SECRR(line, args.lookaside))
 
     if len(klist) < 1:
         print("No DNSKEY records found in zone apex")
@@ -136,7 +144,8 @@ def check(zone, args, masterfile=None, lookaside=None):
                    rr.keyid, SECRR.hashalgs[rr.hashalg]))
 
     if not found:
-        print("No %s records were found for any DNSKEY" % ("DLV" if lookaside else "DS"))
+        print("No %s records were found for any DNSKEY" %
+                ("DLV" if args.lookaside else "DS"))
 
     return found
 
@@ -151,10 +160,6 @@ def parse_args():
     sbindir = 'bin' if os.name == 'nt' else 'sbin'
 
     parser.add_argument('zone', type=str, help='zone to check')
-    parser.add_argument('-f', '--file', dest='masterfile', type=str,
-                        help='zone master file')
-    parser.add_argument('-l', '--lookaside', dest='lookaside', type=str,
-                        help='DLV lookaside zone')
     parser.add_argument('-d', '--dig', dest='dig',
                         default=os.path.join(prefix(bindir), 'dig'),
                         type=str, help='path to \'dig\'')
@@ -162,6 +167,12 @@ def parse_args():
                         default=os.path.join(prefix(sbindir),
                                              'dnssec-dsfromkey'),
                         type=str, help='path to \'dnssec-dsfromkey\'')
+    parser.add_argument('-f', '--file', dest='masterfile', type=str,
+                        help='zone master file')
+    parser.add_argument('-l', '--lookaside', dest='lookaside', type=str,
+                        help='DLV lookaside zone')
+    parser.add_argument('-s', '--dsset', dest='dssetfile', type=str,
+                        help='prepared DSset file')
     parser.add_argument('-v', '--version', action='version',
                         version=version)
     args = parser.parse_args()
@@ -178,5 +189,5 @@ def parse_args():
 ############################################################################
 def main():
     args = parse_args()
-    found = check(args.zone, args, args.masterfile, args.lookaside)
+    found = check(args.zone, args)
     exit(0 if found else 1)
 
-- 
1.8.3.1
init 2019-12-28 09:41:34 +08:00			`From 3b4f23cdbfa3f285d06eea8c4101650d2ab4e945 Mon Sep 17 00:00:00 2001`
			`From: Evan Hunt <each@isc.org>`
			`Date: Thu, 26 Oct 2017 21:05:11 -0700`
			`Subject: [PATCH 1314/3677] [master] dnssec-checkds -s`

			`4794. [func] "dnssec-checkds -s" specifies a file from which`
			`to read a DS set rather than querying the parent.`
			`[RT #44667]`
			`---`
			`CHANGES \| 8 +-`
			`bin/python/dnssec-checkds.docbook \| 24 +++---`
			`bin/tests/system/checkds/clean.sh \| 2 -`
			`bin/tests/system/checkds/dig.pl \| 2 -`
			`bin/tests/system/checkds/dig.sh \| 3 -`
			`bin/tests/system/checkds/prep.example.db \| 121 ++++++++++++++++++++++++++++`
			`bin/tests/system/checkds/prep.example.ds.db \| 2 +`
			`bin/tests/system/checkds/tests.sh \| 9 +++`
			`doc/arm/notes.xml \| 8 ++`
			`10 files changed, 190 insertions(+), 38 deletions(-)`
			`create mode 100644 bin/tests/system/checkds/prep.example.db`
			`create mode 100644 bin/tests/system/checkds/prep.example.ds.db`

			`diff --git a/bin/python/dnssec-checkds.docbook b/bin/python/dnssec-checkds.docbook`
			`index 91716bc..069d6e9 100644`
			`--- a/bin/python/dnssec-checkds.docbook`
			`+++ b/bin/python/dnssec-checkds.docbook`
			`@@ -42,20 +42,13 @@`
			`<refsynopsisdiv>`
			`<cmdsynopsis sepchar=" ">`
			`<command>dnssec-checkds</command>`
			`- <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>`
			`- <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>`
			`<arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>`
			`<arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>`
			`- <arg choice="req" rep="norepeat">zone</arg>`
			`- </cmdsynopsis>`
			`- <cmdsynopsis sepchar=" ">`
			`- <command>dnssec-dsfromkey</command>`
			`- <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>`
			`<arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>`
			`- <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">dig path</replaceable></option></arg>`
			`- <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">dsfromkey path</replaceable></option></arg>`
			`+ <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>`
			`+ <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">file</replaceable></option></arg>`
			`<arg choice="req" rep="norepeat">zone</arg>`
			`- </cmdsynopsis>`
			`+ </cmdsynopsis>`
			`</refsynopsisdiv>`

			`<refsection><info><title>DESCRIPTION</title></info>`
			`@@ -93,6 +86,17 @@`
			`</varlistentry>`

			`<varlistentry>`
			`+ <term>-s <replaceable class="parameter">file</replaceable></term>`
			`+ <listitem>`
			`+ <para>`
			`+ Specifies a prepared dsset file, such as would be generated`
			`+ by <command>dnssec-signzone</command>, to use as a source for`
			`+ the DS RRset instead of querying the parent.`
			`+ </para>`
			`+ </listitem>`
			`+ </varlistentry>`
			`+`
			`+ <varlistentry>`
			`<term>-d <replaceable class="parameter">dig path</replaceable></term>`
			`<listitem>`
			`<para>`
			`diff --git a/bin/python/isc/checkds.py.in b/bin/python/isc/checkds.py.in`
			`index ce50355..a161554 100644`
			`--- a/bin/python/isc/checkds.py.in`
			`+++ b/bin/python/isc/checkds.py.in`
update bind to 9.11.21 2020-07-27 17:33:59 +08:00			`@@ -89,39 +93,43 @@ class SECRR:`
init 2019-12-28 09:41:34 +08:00			`# Generate a set of expected DS/DLV records from the DNSKEY RRset,`
			`# and report on congruency.`
			`############################################################################`
			`-def check(zone, args, masterfile=None, lookaside=None):`
			`+def check(zone, args):`
			`rrlist = []`
			`- cmd = [args.dig, "+noall", "+answer", "-t", "dlv" if lookaside else "ds",`
			`- "-q", zone + "." + lookaside if lookaside else zone]`
			`- fp, _ = Popen(cmd, stdout=PIPE).communicate()`
			`+ if args.dssetfile:`
			`+ fp = open(args.dssetfile).read()`
			`+ else:`
			`+ cmd = [args.dig, "+noall", "+answer", "-t",`
			`+ "dlv" if args.lookaside else "ds", "-q",`
			`+ zone + "." + args.lookaside if args.lookaside else zone]`
			`+ fp, _ = Popen(cmd, stdout=PIPE).communicate()`

			`for line in fp.splitlines():`
update bind to 9.11.21 2020-07-27 17:33:59 +08:00			`if type(line) is not str:`
			`line = line.decode('ascii')`
init 2019-12-28 09:41:34 +08:00			`- rrlist.append(SECRR(line, lookaside))`
			`+ rrlist.append(SECRR(line, args.lookaside))`
			`rrlist = sorted(rrlist, key=lambda rr: (rr.keyid, rr.keyalg, rr.hashalg))`

			`klist = []`

			`- if masterfile:`
			`- cmd = [args.dsfromkey, "-f", masterfile]`
			`- if lookaside:`
			`- cmd += ["-l", lookaside]`
			`+ if args.masterfile:`
			`+ cmd = [args.dsfromkey, "-f", args.masterfile]`
			`+ if args.lookaside:`
			`+ cmd += ["-l", args.lookaside]`
			`cmd.append(zone)`
			`fp, _ = Popen(cmd, stdout=PIPE).communicate()`
			`else:`
			`intods, _ = Popen([args.dig, "+noall", "+answer", "-t", "dnskey",`
			`"-q", zone], stdout=PIPE).communicate()`
			`cmd = [args.dsfromkey, "-f", "-"]`
			`- if lookaside:`
			`- cmd += ["-l", lookaside]`
			`+ if args.lookaside:`
			`+ cmd += ["-l", args.lookaside]`
			`cmd.append(zone)`
			`fp, _ = Popen(cmd, stdin=PIPE, stdout=PIPE).communicate(intods)`

			`for line in fp.splitlines():`
update bind to 9.11.21 2020-07-27 17:33:59 +08:00			`if type(line) is not str:`
			`line = line.decode('ascii')`
init 2019-12-28 09:41:34 +08:00			`- klist.append(SECRR(line, lookaside))`
			`+ klist.append(SECRR(line, args.lookaside))`

			`if len(klist) < 1:`
			`print("No DNSKEY records found in zone apex")`
			`@@ -136,7 +144,8 @@ def check(zone, args, masterfile=None, lookaside=None):`
			`rr.keyid, SECRR.hashalgs[rr.hashalg]))`

			`if not found:`
			`- print("No %s records were found for any DNSKEY" % ("DLV" if lookaside else "DS"))`
			`+ print("No %s records were found for any DNSKEY" %`
			`+ ("DLV" if args.lookaside else "DS"))`

			`return found`

			`@@ -151,10 +160,6 @@ def parse_args():`
			`sbindir = 'bin' if os.name == 'nt' else 'sbin'`

			`parser.add_argument('zone', type=str, help='zone to check')`
			`- parser.add_argument('-f', '--file', dest='masterfile', type=str,`
			`- help='zone master file')`
			`- parser.add_argument('-l', '--lookaside', dest='lookaside', type=str,`
			`- help='DLV lookaside zone')`
			`parser.add_argument('-d', '--dig', dest='dig',`
			`default=os.path.join(prefix(bindir), 'dig'),`
			`type=str, help='path to \'dig\'')`
			`@@ -162,6 +167,12 @@ def parse_args():`
			`default=os.path.join(prefix(sbindir),`
			`'dnssec-dsfromkey'),`
update bind to 9.11.21 2020-07-27 17:33:59 +08:00			`type=str, help='path to \'dnssec-dsfromkey\'')`
init 2019-12-28 09:41:34 +08:00			`+ parser.add_argument('-f', '--file', dest='masterfile', type=str,`
			`+ help='zone master file')`
			`+ parser.add_argument('-l', '--lookaside', dest='lookaside', type=str,`
			`+ help='DLV lookaside zone')`
			`+ parser.add_argument('-s', '--dsset', dest='dssetfile', type=str,`
			`+ help='prepared DSset file')`
			`parser.add_argument('-v', '--version', action='version',`
			`version=version)`
			`args = parser.parse_args()`
			`@@ -178,5 +189,5 @@ def parse_args():`
			`############################################################################`
			`def main():`
			`args = parse_args()`
			`- found = check(args.zone, args, args.masterfile, args.lookaside)`
			`+ found = check(args.zone, args)`
			`exit(0 if found else 1)`

			`--`
			`1.8.3.1`