From 551bc7c0738772195fa0c136010973477988e3d3 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 19 May 2024 23:49:45 +0200 Subject: [PATCH] CI: update actions, check DNSSEC capability --- .github/workflows/ci.yml | 2 +- .github/workflows/prcheck.sh | 28 ++++++++++++++++++++++++++-- .github/workflows/prcheck.yml | 2 +- .github/workflows/resolverscheck.sh | 2 +- .github/workflows/resolverscheck.yml | 2 +- 5 files changed, 30 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index be2b4b52..b7003cbb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ jobs: run: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: check with dnscrypt-proxy run: | diff --git a/.github/workflows/prcheck.sh b/.github/workflows/prcheck.sh index bb8dea8b..94a414fe 100755 --- a/.github/workflows/prcheck.sh +++ b/.github/workflows/prcheck.sh @@ -1,6 +1,6 @@ #! /bin/sh -DNSLOOKUP_VERSION=1.5.1 +DNSLOOKUP_VERSION=1.10.1 case "$(uname -ms)" in Darwin\ x86_64) DNSLOOKUP_ARCH=darwin-amd64 ;; @@ -74,7 +74,7 @@ if [ ! -s "$NEW_ENTRIES" ]; then exit 0 fi -curl -qL https://github.com/jedisct1/dnscrypt-proxy/releases/download/2.1.3/dnscrypt-proxy-linux_x86_64-2.1.3.tar.gz | tar xzvf - +curl -qL https://github.com/jedisct1/dnscrypt-proxy/releases/download/2.1.5/dnscrypt-proxy-linux_x86_64-2.1.5.tar.gz | tar xzvf - cd linux-x86_64 || exit 1 exit_code=0 @@ -83,6 +83,8 @@ CONFIG="test-dnscrypt-proxy.toml" PIDFILE="dnscrypt-proxy.pid" LOGFILE="dnscrypt-proxy.log" while read -r stamp; do + echo + echo ======================== echo echo "* Checking resolver with stamp:" echo "$stamp" @@ -97,7 +99,24 @@ while read -r stamp; do echo '[static."test"]' echo "stamp = '${stamp}'" } >"$CONFIG" + + if ! ./dnscrypt-proxy -config "$CONFIG" -show-certs; then + exit_code=1 + fi + echo + echo --- + echo + + dnssec=false + if ./dnscrypt-proxy -config "$CONFIG" -list -json | grep -F '"dnssec": true' >/dev/null; then + dnssec=true + echo "DNSSEC support is expected" + else + echo "DNSSEC support is not expected" + fi + ./dnscrypt-proxy -config "$CONFIG" -pidfile "$PIDFILE" -logfile "$LOGFILE" -loglevel 1 & + sleep 5 skip_log=false if grep -q 'DNSCrypt relay' "$LOGFILE"; then @@ -110,6 +129,11 @@ while read -r stamp; do echo "** UNABLE TO GET A RESPONSE FROM THE RESOLVER **" echo "Bogus stamp: ${stamp}" exit_code=1 + elif $dnssec; then + if ./dnscrypt-proxy -config "$CONFIG" -resolve -check example.com | grep -F "resolver doesn't support DNSSEC" >/dev/null; then + echo "** DNSSEC SUPPORT IS EXPECTED BUT NOT DETECTED **" + exit_code=1 + fi fi kill $(cat "$PIDFILE") if [ "$skip_log" = false ]; then diff --git a/.github/workflows/prcheck.yml b/.github/workflows/prcheck.yml index 17560a12..bdb0164e 100644 --- a/.github/workflows/prcheck.yml +++ b/.github/workflows/prcheck.yml @@ -11,7 +11,7 @@ jobs: prcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: new entries run: .github/workflows/prcheck.sh diff --git a/.github/workflows/resolverscheck.sh b/.github/workflows/resolverscheck.sh index aa1923d2..4bbe23ec 100755 --- a/.github/workflows/resolverscheck.sh +++ b/.github/workflows/resolverscheck.sh @@ -1,6 +1,6 @@ #! /bin/sh -DNSLOOKUP_VERSION=1.5.1 +DNSLOOKUP_VERSION=1.10.1 case "$(uname -ms)" in Darwin\ x86_64) DNSLOOKUP_ARCH=darwin-amd64 ;; diff --git a/.github/workflows/resolverscheck.yml b/.github/workflows/resolverscheck.yml index 2ce1e3a4..bfe9a5c2 100644 --- a/.github/workflows/resolverscheck.yml +++ b/.github/workflows/resolverscheck.yml @@ -11,7 +11,7 @@ jobs: resolverscheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: resolvers check run: .github/workflows/resolverscheck.sh