system/checkconf/tests.sh

fccc836ebfeb8e278b528b59304f451c369baf37Tinderbox User# Copyright (C) 2005, 2007, 2010-2018  Internet Systems Consortium, Inc. ("ISC")
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews#
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# file, You can obtain one at http://mozilla.org/MPL/2.0/.
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews
2bef3713093349af52ba61eaab07adf3207da873Mark AndrewsSYSTEMTESTTOP=..
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews. $SYSTEMTESTTOP/conf.sh
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews
2bef3713093349af52ba61eaab07adf3207da873Mark Andrewsstatus=0
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=0
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf handles a known good config ($n)"
2bef3713093349af52ba61eaab07adf3207da873Mark Andrewsret=0
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews$CHECKCONF good.conf > /dev/null 2>&1 || ret=1
2bef3713093349af52ba61eaab07adf3207da873Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; fi
2bef3713093349af52ba61eaab07adf3207da873Mark Andrewsstatus=`expr $status + $ret`
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf prints a known good config ($n)"
a27bbd21cf07371fc71e7ade75c3d78a5b98b7f9Mark Andrewsret=0
de7df3e56fe99c33a415674b018aae93eee94750Evan Huntawk 'BEGIN { ok = 0; } /cut here/ { ok = 1; getline } ok == 1 { print }' good.conf > good.conf.in
de7df3e56fe99c33a415674b018aae93eee94750Evan Hunt[ -s good.conf.in ] || ret=1
de7df3e56fe99c33a415674b018aae93eee94750Evan Hunt$CHECKCONF -p good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1
de7df3e56fe99c33a415674b018aae93eee94750Evan Huntcmp good.conf.in good.conf.out || ret=1
a27bbd21cf07371fc71e7ade75c3d78a5b98b7f9Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; fi
a27bbd21cf07371fc71e7ade75c3d78a5b98b7f9Mark Andrewsstatus=`expr $status + $ret`
de7df3e56fe99c33a415674b018aae93eee94750Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf -x removes secrets ($n)"
ff6de396a93b9b73a37173059a595f3d295b57cbMark Andrewsret=0
ff6de396a93b9b73a37173059a595f3d295b57cbMark Andrews# ensure there is a secret and that it is not the check string.
ff6de396a93b9b73a37173059a595f3d295b57cbMark Andrewsgrep 'secret "' good.conf.in > /dev/null || ret=1
ff6de396a93b9b73a37173059a595f3d295b57cbMark Andrewsgrep 'secret "????????????????"' good.conf.in > /dev/null 2>&1 && ret=1
ff6de396a93b9b73a37173059a595f3d295b57cbMark Andrews$CHECKCONF -p -x good.conf.in | grep -v '^good.conf.in:' > good.conf.out 2>&1 || ret=1
ff6de396a93b9b73a37173059a595f3d295b57cbMark Andrewsgrep 'secret "????????????????"' good.conf.out > /dev/null 2>&1 || ret=1
ff6de396a93b9b73a37173059a595f3d295b57cbMark Andrewsif [ $ret != 0 ]; then echo "I:failed"; fi
ff6de396a93b9b73a37173059a595f3d295b57cbMark Andrewsstatus=`expr $status + $ret`
ff6de396a93b9b73a37173059a595f3d295b57cbMark Andrews
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaramanfor bad in bad-*.conf
aa49af836ce7a7a2888f5cedf4cbb14ff4dc1d11Mark Andrewsdo
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    n=`expr $n + 1`
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    echo "I: checking that named-checkconf detects error in $bad ($n)"
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    ret=0
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    $CHECKCONF $bad > checkconf.out 2>&1
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    if [ $? != 1 ]; then ret=1; fi
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    grep "^$bad:[0-9]*: " checkconf.out > /dev/null || ret=1
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    case $bad in
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    bad-update-policy[123].conf)
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    pat="identity and name fields are not the same"
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    grep "$pat" checkconf.out > /dev/null || ret=1
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    ;;
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    bad-update-policy*.conf)
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    pat="name field not set to placeholder value"
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    grep "$pat" checkconf.out > /dev/null || ret=1
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    ;;
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    esac
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    if [ $ret != 0 ]; then echo "I:failed"; fi
8f1ed05dc0aae7ae6c3da6ec6d405df61257a61eMark Andrews    status=`expr $status + $ret`
aa49af836ce7a7a2888f5cedf4cbb14ff4dc1d11Mark Andrewsdone
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaramanfor good in good-*.conf
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaramando
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews    n=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews    echo "I: checking that named-checkconf detects no error in $good ($n)"
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaraman    ret=0
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaraman    $CHECKCONF $good > /dev/null 2>&1
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaraman    if [ $? != 0 ]; then echo "I:failed"; ret=1; fi
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaraman    status=`expr $status + $ret`
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaramandone
8f25faf9720a0c2730c4ac80ea4c12ca1f25599fMukund Sivaraman
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf -z catches missing hint file ($n)"
d999ca28d40337907b55eebc28a255b638702379Evan Huntret=0
d1f1f13c7fc1f1515930053508f1645cfafaa478Mark Andrews$CHECKCONF -z hint-nofile.conf > hint-nofile.out 2>&1 && ret=1
d1f1f13c7fc1f1515930053508f1645cfafaa478Mark Andrewsgrep "could not configure root hints from 'nonexistent.db': file not found" hint-nofile.out > /dev/null || ret=1
d999ca28d40337907b55eebc28a255b638702379Evan Huntif [ $ret != 0 ]; then echo "I:failed"; fi
d999ca28d40337907b55eebc28a255b638702379Evan Huntstatus=`expr $status + $ret`
d999ca28d40337907b55eebc28a255b638702379Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf catches range errors ($n)"
67adc03ef81fb610f8df093b17f55275ee816754Evan Huntret=0
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt$CHECKCONF range.conf > /dev/null 2>&1 && ret=1
67adc03ef81fb610f8df093b17f55275ee816754Evan Huntif [ $ret != 0 ]; then echo "I:failed"; fi
67adc03ef81fb610f8df093b17f55275ee816754Evan Huntstatus=`expr $status + $ret`
67adc03ef81fb610f8df093b17f55275ee816754Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf warns of notify inconsistencies ($n)"
e45d0508c3460db87afb1f743bc5210522721bb3Evan Huntret=0
e45d0508c3460db87afb1f743bc5210522721bb3Evan Huntwarnings=`$CHECKCONF notify.conf 2>&1 | grep "'notify' is disabled" | wc -l`
e45d0508c3460db87afb1f743bc5210522721bb3Evan Hunt[ $warnings -eq 3 ] || ret=1
e45d0508c3460db87afb1f743bc5210522721bb3Evan Huntif [ $ret != 0 ]; then echo "I:failed"; fi
e45d0508c3460db87afb1f743bc5210522721bb3Evan Huntstatus=`expr $status + $ret`
e45d0508c3460db87afb1f743bc5210522721bb3Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking named-checkconf dnssec warnings ($n)"
de7df3e56fe99c33a415674b018aae93eee94750Evan Huntret=0
de7df3e56fe99c33a415674b018aae93eee94750Evan Hunt$CHECKCONF dnssec.1 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
ac436908582fe08c85c886b200664816b11fded6Mark Andrews$CHECKCONF dnssec.2 2>&1 | grep 'auto-dnssec may only be ' > /dev/null || ret=1
de7df3e56fe99c33a415674b018aae93eee94750Evan Hunt$CHECKCONF dnssec.2 2>&1 | grep 'validation auto.*enable no' > /dev/null || ret=1
de7df3e56fe99c33a415674b018aae93eee94750Evan Hunt$CHECKCONF dnssec.2 2>&1 | grep 'validation yes.*enable no' > /dev/null || ret=1
de7df3e56fe99c33a415674b018aae93eee94750Evan Hunt# this one should have no warnings
de7df3e56fe99c33a415674b018aae93eee94750Evan Hunt$CHECKCONF dnssec.3 2>&1 | grep '.*' && ret=1
2bef3713093349af52ba61eaab07adf3207da873Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; fi
2bef3713093349af52ba61eaab07adf3207da873Mark Andrewsstatus=`expr $status + $ret`
2bef3713093349af52ba61eaab07adf3207da873Mark Andrews
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: range checking fields that do not allow zero ($n)"
820fdd61dd35e359a8e616031209d074a7140d97Evan Huntret=0
820fdd61dd35e359a8e616031209d074a7140d97Evan Huntfor field in max-retry-time min-retry-time max-refresh-time min-refresh-time; do
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    cat > badzero.conf << EOF
820fdd61dd35e359a8e616031209d074a7140d97Evan Huntoptions {
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    $field 0;
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt};
820fdd61dd35e359a8e616031209d074a7140d97Evan HuntEOF
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    $CHECKCONF badzero.conf > /dev/null 2>&1
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    [ $? -eq 1 ] || { echo "I: options $field failed" ; ret=1; }
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    cat > badzero.conf << EOF
820fdd61dd35e359a8e616031209d074a7140d97Evan Huntview dummy {
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    $field 0;
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt};
820fdd61dd35e359a8e616031209d074a7140d97Evan HuntEOF
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    $CHECKCONF badzero.conf > /dev/null 2>&1
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    [ $? -eq 1 ] || { echo "I: view $field failed" ; ret=1; }
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    cat > badzero.conf << EOF
076bda8c2e2b2f41775bd7b1694dd2cab287aeebMark Andrewsoptions {
076bda8c2e2b2f41775bd7b1694dd2cab287aeebMark Andrews    $field 0;
076bda8c2e2b2f41775bd7b1694dd2cab287aeebMark Andrews};
076bda8c2e2b2f41775bd7b1694dd2cab287aeebMark Andrewsview dummy {
076bda8c2e2b2f41775bd7b1694dd2cab287aeebMark Andrews};
076bda8c2e2b2f41775bd7b1694dd2cab287aeebMark AndrewsEOF
076bda8c2e2b2f41775bd7b1694dd2cab287aeebMark Andrews    $CHECKCONF badzero.conf > /dev/null 2>&1
076bda8c2e2b2f41775bd7b1694dd2cab287aeebMark Andrews    [ $? -eq 1 ] || { echo "I: options + view $field failed" ; ret=1; }
076bda8c2e2b2f41775bd7b1694dd2cab287aeebMark Andrews    cat > badzero.conf << EOF
820fdd61dd35e359a8e616031209d074a7140d97Evan Huntzone dummy {
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    type slave;
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    masters { 0.0.0.0; };
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    $field 0;
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt};
820fdd61dd35e359a8e616031209d074a7140d97Evan HuntEOF
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    $CHECKCONF badzero.conf > /dev/null 2>&1
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt    [ $? -eq 1 ] || { echo "I: zone $field failed" ; ret=1; }
820fdd61dd35e359a8e616031209d074a7140d97Evan Huntdone
820fdd61dd35e359a8e616031209d074a7140d97Evan Huntif [ $ret != 0 ]; then echo "I:failed"; fi
820fdd61dd35e359a8e616031209d074a7140d97Evan Huntstatus=`expr $status + $ret`
820fdd61dd35e359a8e616031209d074a7140d97Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking options allowed in inline-signing slaves ($n)"
f46168b87966f679a22aaf494c555f0de821aff9Evan Huntret=0
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsl=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-dnskey-kskonly.*requires inline" | wc -l`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews[ $l -eq 1 ] || ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsl=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "dnssec-loadkeys-interval.*requires inline" | wc -l`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews[ $l -eq 1 ] || ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsl=`$CHECKCONF bad-dnssec.conf 2>&1 | grep "update-check-ksk.*requires inline" | wc -l`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews[ $l -eq 1 ] || ret=1
1e34fe9044874422104e84373988d07876f716b6Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; fi
1e34fe9044874422104e84373988d07876f716b6Mark Andrewsstatus=`expr $status + $ret`
1e34fe9044874422104e84373988d07876f716b6Mark Andrews
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: check file + inline-signing for slave zones ($n)"
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsl=`$CHECKCONF inline-no.conf 2>&1 | grep "missing 'file' entry" | wc -l`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews[ $l -eq 0 ] || ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsl=`$CHECKCONF inline-good.conf 2>&1 | grep "missing 'file' entry" | wc -l`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews[ $l -eq 0 ] || ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsl=`$CHECKCONF inline-bad.conf 2>&1 | grep "missing 'file' entry" | wc -l`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews[ $l -eq 1 ] || ret=1
1e34fe9044874422104e84373988d07876f716b6Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; fi
1e34fe9044874422104e84373988d07876f716b6Mark Andrewsstatus=`expr $status + $ret`
2b8bed6681d1541474f022586cbe728dfce36880Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking named-checkconf DLZ warnings ($n)"
2b8bed6681d1541474f022586cbe728dfce36880Evan Huntret=0
2b8bed6681d1541474f022586cbe728dfce36880Evan Hunt$CHECKCONF dlz-bad.conf 2>&1 | grep "'dlz' and 'database'" > /dev/null || ret=1
f46168b87966f679a22aaf494c555f0de821aff9Evan Huntif [ $ret != 0 ]; then echo "I:failed"; fi
f46168b87966f679a22aaf494c555f0de821aff9Evan Huntstatus=`expr $status + $ret`
f46168b87966f679a22aaf494c555f0de821aff9Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking for missing key directory warning ($n)"
c14ba7107063650e7f4329e8c54adca57913381bEvan Huntret=0
c14ba7107063650e7f4329e8c54adca57913381bEvan Huntrm -rf test.keydir
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsl=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' does not exist" | wc -l`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews[ $l -eq 1 ] || ret=1
c14ba7107063650e7f4329e8c54adca57913381bEvan Hunttouch test.keydir
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsl=`$CHECKCONF warn-keydir.conf 2>&1 | grep "'test.keydir' is not a directory" | wc -l`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews[ $l -eq 1 ] || ret=1
c14ba7107063650e7f4329e8c54adca57913381bEvan Huntrm -f test.keydir
c14ba7107063650e7f4329e8c54adca57913381bEvan Huntmkdir test.keydir
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsl=`$CHECKCONF warn-keydir.conf 2>&1 | grep "key-directory" | wc -l`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews[ $l -eq 0 ] || ret=1
c14ba7107063650e7f4329e8c54adca57913381bEvan Huntrm -rf test.keydir
c14ba7107063650e7f4329e8c54adca57913381bEvan Huntif [ $ret != 0 ]; then echo "I:failed"; fi
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf -z catches conflicting ttl with max-ttl ($n)"
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Huntret=0
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt$CHECKCONF -z max-ttl.conf > check.out 2>&1
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Huntgrep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Huntgrep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Huntgrep 'TTL 900 exceeds configured max-zone-ttl 600' check.out > /dev/null 2>&1 || ret=1
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Huntif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Huntstatus=`expr $status + $ret`
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf -z catches invalid max-ttl ($n)"
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Huntret=0
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Hunt$CHECKCONF -z max-ttl-bad.conf > /dev/null 2>&1 && ret=1
35f6a21f5f8114542c050bfcb484b39ce513d4bdEvan Huntif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
c14ba7107063650e7f4329e8c54adca57913381bEvan Huntstatus=`expr $status + $ret`
c14ba7107063650e7f4329e8c54adca57913381bEvan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf -z skips zone check with alternate databases ($n)"
baad8d9fd8dd054ce1edf350ff0c0f2038a1519eEvan Huntret=0
baad8d9fd8dd054ce1edf350ff0c0f2038a1519eEvan Hunt$CHECKCONF -z altdb.conf > /dev/null 2>&1 || ret=1
baad8d9fd8dd054ce1edf350ff0c0f2038a1519eEvan Huntif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
baad8d9fd8dd054ce1edf350ff0c0f2038a1519eEvan Huntstatus=`expr $status + $ret`
baad8d9fd8dd054ce1edf350ff0c0f2038a1519eEvan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf -z skips zone check with DLZ ($n)"
baad8d9fd8dd054ce1edf350ff0c0f2038a1519eEvan Huntret=0
baad8d9fd8dd054ce1edf350ff0c0f2038a1519eEvan Hunt$CHECKCONF -z altdlz.conf > /dev/null 2>&1 || ret=1
baad8d9fd8dd054ce1edf350ff0c0f2038a1519eEvan Huntif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
baad8d9fd8dd054ce1edf350ff0c0f2038a1519eEvan Huntstatus=`expr $status + $ret`
baad8d9fd8dd054ce1edf350ff0c0f2038a1519eEvan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf -z fails on view with ANY class ($n)"
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaramanret=0
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaraman$CHECKCONF -z view-class-any1.conf > /dev/null 2>&1 && ret=1
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaramanif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaramanstatus=`expr $status + $ret`
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaraman
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf -z fails on view with CLASS255 class ($n)"
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaramanret=0
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaraman$CHECKCONF -z view-class-any2.conf > /dev/null 2>&1 && ret=1
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaramanif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaramanstatus=`expr $status + $ret`
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaraman
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf -z passes on view with IN class ($n)"
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaramanret=0
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaraman$CHECKCONF -z view-class-in1.conf > /dev/null 2>&1 || ret=1
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaramanif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaramanstatus=`expr $status + $ret`
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaraman
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: checking that named-checkconf -z passes on view with CLASS1 class ($n)"
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaramanret=0
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaraman$CHECKCONF -z view-class-in2.conf > /dev/null 2>&1 || ret=1
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaramanif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaramanstatus=`expr $status + $ret`
0c29904b27c9ab3b85ecbde159b22ae1323bdbcdMukund Sivaraman
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: check that check-names fails as configured ($n)"
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntret=0
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews$CHECKCONF -z check-names-fail.conf > checkconf.out$n 2>&1 && ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "near '_underscore': bad name (check-names)" checkconf.out$n > /dev/null || ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "zone check-names/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntstatus=`expr $status + $ret`
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: check that check-mx fails as configured ($n)"
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntret=0
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews$CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "near '10.0.0.1': MX is an address" checkconf.out$n > /dev/null || ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntstatus=`expr $status + $ret`
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: check that check-dup-records fails as configured ($n)"
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntret=0
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews$CHECKCONF -z check-dup-records-fail.conf > checkconf.out$n 2>&1 && ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "has semantically identical records" checkconf.out$n > /dev/null || ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "zone check-dup-records/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntstatus=`expr $status + $ret`
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: check that check-mx fails as configured ($n)"
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntret=0
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews$CHECKCONF -z check-mx-fail.conf > checkconf.out$n 2>&1 && ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "failed: MX is an address" checkconf.out$n > /dev/null || ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "zone check-mx/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntstatus=`expr $status + $ret`
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: check that check-mx-cname fails as configured ($n)"
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntret=0
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews$CHECKCONF -z check-mx-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "MX.* is a CNAME (illegal)" checkconf.out$n > /dev/null || ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntstatus=`expr $status + $ret`
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: check that check-srv-cname fails as configured ($n)"
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntret=0
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews$CHECKCONF -z check-srv-cname-fail.conf > checkconf.out$n 2>&1 && ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "SRV.* is a CNAME (illegal)" checkconf.out$n > /dev/null || ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "zone check-mx-cname/IN: loaded serial" < checkconf.out$n > /dev/null && ret=1
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntstatus=`expr $status + $ret`
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Hunt
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: check that named-checkconf -p properly print a port range ($n)"
fbd9aaa58c32abaeab1bd3ca6943b18ce19ea023Mark Andrewsret=0
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrews$CHECKCONF -p portrange-good.conf > checkconf.out$n 2>&1 || ret=1
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsgrep "range 8610 8614;" checkconf.out$n > /dev/null || ret=1
fbd9aaa58c32abaeab1bd3ca6943b18ce19ea023Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
fbd9aaa58c32abaeab1bd3ca6943b18ce19ea023Mark Andrewsstatus=`expr $status + $ret`
fbd9aaa58c32abaeab1bd3ca6943b18ce19ea023Mark Andrews
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsn=`expr $n + 1`
43e2c588ba773f471a7a2459b10a67a800c576c6Mark Andrewsecho "I: check that named-checkconf -z handles in-view ($n)"
075a3d60c23140f05db10d70126ff271ef6469c9Mark Andrewsret=0
075a3d60c23140f05db10d70126ff271ef6469c9Mark Andrews$CHECKCONF -z in-view-good.conf > checkconf.out7 2>&1 || ret=1
075a3d60c23140f05db10d70126ff271ef6469c9Mark Andrewsgrep "zone shared.example/IN: loaded serial" < checkconf.out7 > /dev/null || ret=1
075a3d60c23140f05db10d70126ff271ef6469c9Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
075a3d60c23140f05db10d70126ff271ef6469c9Mark Andrewsstatus=`expr $status + $ret`
075a3d60c23140f05db10d70126ff271ef6469c9Mark Andrews
9052766cc5ae39b9341253f863360ae679133a35Mark Andrewsn=`expr $n + 1`
9052766cc5ae39b9341253f863360ae679133a35Mark Andrewsecho "I: check that named-checkconf prints max-cache-size <percentage> correctly ($n)"
e6d0a391f5f9b18f5bd497aefff269e474ee560cWitold Krecickiret=0
e6d0a391f5f9b18f5bd497aefff269e474ee560cWitold Krecicki$CHECKCONF -p max-cache-size-good.conf > checkconf.out8 2>&1 || ret=1
e6d0a391f5f9b18f5bd497aefff269e474ee560cWitold Krecickigrep "max-cache-size 60%;" checkconf.out8 > /dev/null || ret=1
e6d0a391f5f9b18f5bd497aefff269e474ee560cWitold Krecickiif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
e6d0a391f5f9b18f5bd497aefff269e474ee560cWitold Krecickistatus=`expr $status + $ret`
e6d0a391f5f9b18f5bd497aefff269e474ee560cWitold Krecicki
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsn=`expr $n + 1`
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsecho "I: check that 'dnssec-lookaside auto;' generates a warning ($n)"
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsret=0
7382f5160274938d143d82bda1941b32822dac53Mark Andrews$CHECKCONF warn-dlv-auto.conf > checkconf.out$n 2>/dev/null || ret=1
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsgrep "dnssec-lookaside 'auto' is no longer supported" checkconf.out$n > /dev/null || ret=1
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsstatus=`expr $status + $ret`
7382f5160274938d143d82bda1941b32822dac53Mark Andrews
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsn=`expr $n + 1`
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsecho "I: check that 'dnssec-lookaside . trust-anchor dlv.isc.org;' generates a warning ($n)"
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsret=0
7382f5160274938d143d82bda1941b32822dac53Mark Andrews$CHECKCONF warn-dlv-dlv.isc.org.conf > checkconf.out$n 2>/dev/null || ret=1
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsgrep "dlv.isc.org has been shut down" checkconf.out$n > /dev/null || ret=1
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsstatus=`expr $status + $ret`
7382f5160274938d143d82bda1941b32822dac53Mark Andrews
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsn=`expr $n + 1`
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsecho "I: check that 'dnssec-lookaside . trust-anchor dlv.example.com;' doesn't generates a warning ($n)"
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsret=0
7382f5160274938d143d82bda1941b32822dac53Mark Andrews$CHECKCONF good-dlv-dlv.example.com.conf > checkconf.out$n 2>/dev/null || ret=1
7382f5160274938d143d82bda1941b32822dac53Mark Andrews[ -s checkconf.out$n ] && ret=1
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
7382f5160274938d143d82bda1941b32822dac53Mark Andrewsstatus=`expr $status + $ret`
7382f5160274938d143d82bda1941b32822dac53Mark Andrews
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsn=`expr $n + 1`
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsecho "I: check that the 2010 ICANN ROOT KSK without the 2017 ICANN ROOT KSK generates a warning ($n)"
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsret=0
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews$CHECKCONF check-root-ksk-2010.conf > checkconf.out$n 2>/dev/null || ret=1
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews[ -s checkconf.out$n ] || ret=1
c8b2cbe1e004a8c0d8fdfa1bc70c3eb952b79d21Mark Andrewsgrep "trusted-key for root from 2010 without updated" checkconf.out$n > /dev/null || ret=1
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsstatus=`expr $status + $ret`
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsecho "I: check that the 2010 ICANN ROOT KSK with the 2017 ICANN ROOT KSK does not warning ($n)"
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsret=0
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews$CHECKCONF check-root-ksk-both.conf > checkconf.out$n 2>/dev/null || ret=1
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews[ -s checkconf.out$n ] && ret=1
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsstatus=`expr $status + $ret`
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsecho "I: check that the 2017 ICANN ROOT KSK alone does not warning ($n)"
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsret=0
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews$CHECKCONF check-root-ksk-2017.conf > checkconf.out$n 2>/dev/null || ret=1
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews[ -s checkconf.out$n ] && ret=1
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsstatus=`expr $status + $ret`
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsecho "I: check that the dlv.isc.org KSK generates a warning ($n)"
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsret=0
b071744673b81b67bc8941149629733c4bf2b022Mark Andrews$CHECKCONF check-dlv-ksk-key.conf > checkconf.out$n 2>/dev/null || ret=1
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews[ -s checkconf.out$n ] || ret=1
c8b2cbe1e004a8c0d8fdfa1bc70c3eb952b79d21Mark Andrewsgrep "trusted-key for dlv.isc.org still present" checkconf.out$n > /dev/null || ret=1
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsif [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrewsstatus=`expr $status + $ret`
30ca20f720ad0887772a79e7abb25b4fa0e4b5b0Mark Andrews
2bef3713093349af52ba61eaab07adf3207da873Mark Andrewsecho "I:exit status: $status"
3635d8f9104e70e141a8f191a0e6c1502ceed2f3Mark Andrews[ $status -eq 0 ] || exit 1