FISHER_/dnscrypt-resolvers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dnscrypt-resolvers/.github/workflows/prcheck.sh
Frank Denis 551bc7c073 CI: update actions, check DNSSEC capability
2024-05-19 23:49:45 +02:00

155 lines
4.4 KiB
Bash
Executable File
Raw Permalink Blame History

#! /bin/sh
DNSLOOKUP_VERSION=1.10.1
case "$(uname -ms)" in
Darwin\ x86_64) DNSLOOKUP_ARCH=darwin-amd64 ;;
Linux\ x86_64) DNSLOOKUP_ARCH=linux-amd64 ;;
*)
echo "Unsupported platform" >&2
exit 2
;;
esac
if [ ! -x "${DNSLOOKUP_ARCH}/dnslookup" ]; then
curl -sL https://github.com/ameshkov/dnslookup/releases/download/v${DNSLOOKUP_VERSION}/dnslookup-${DNSLOOKUP_ARCH}-v${DNSLOOKUP_VERSION}.tar.gz | tar xzpf - || exit 1
fi
PATH="$(pwd)/${DNSLOOKUP_ARCH}:$PATH"
try_resolver() {
ERROR_LOG_TMP=".errors"
resolver_name="$1"
stamp="$2"
if dnslookup one.net "$stamp" >/dev/null 2>&1; then
echo "pass: ${resolver_name}"
elif dnslookup one.net "$stamp" >/dev/null 2>&1; then
echo "pass: ${resolver_name} (1 retry)"
elif dnslookup one.net "$stamp" >/dev/null 2>&1; then
echo "pass: ${resolver_name} (2 retries)"
elif dnslookup one.net "$stamp" >/dev/null 2>"$ERROR_LOG_TMP"; then
echo "pass: ${resolver_name} (3 retries)"
else
if grep -Eq "(no route|unreachable)" "$ERROR_LOG_TMP"; then
echo "ipv6: ${resolver_name}"
else
(
echo "* FAILED: ${resolver_name}"
echo "$stamp"
cat "$ERROR_LOG_TMP"
echo
) >&2
return 1
fi
fi
}
for aux in v3/parental-control.md v3/opennic.md; do
grep '^## ' "$aux" | while read -r entry; do
if ! grep -Fq "$entry" v3/public-resolvers.md; then
echo "Present in [$aux] but not in public-resolvers.md:"
echo "$entry"
exit 1
fi
done
done
DUPLICATES="duplicates.txt"
for aux in v3/*.md; do
(
grep '^##' "$aux" | tr A-Z a-z
grep '^sdns://' "$aux"
) | sort | uniq -d >"$DUPLICATES"
if [ -s "$DUPLICATES" ]; then
echo "** DUPLICATES FOUND in [$aux] **"
cat "$DUPLICATES"
exit 1
fi
done
NEW_ENTRIES="$(pwd)/new-entries.txt"
git fetch --all
git diff origin/master -- $(ls v3/*.md | grep -Ev 'onion|relay|odoh') | grep -F '+sdns://' | cut -d'+' -f2- | sort >"$NEW_ENTRIES"
if [ ! -s "$NEW_ENTRIES" ]; then
echo "No new entries found"
exit 0
fi
curl -qL https://github.com/jedisct1/dnscrypt-proxy/releases/download/2.1.5/dnscrypt-proxy-linux_x86_64-2.1.5.tar.gz | tar xzvf -
cd linux-x86_64 || exit 1
exit_code=0
CONFIG="test-dnscrypt-proxy.toml"
PIDFILE="dnscrypt-proxy.pid"
LOGFILE="dnscrypt-proxy.log"
while read -r stamp; do
echo
echo ========================
echo
echo "* Checking resolver with stamp:"
echo "$stamp"
echo
try_resolver "(new entry)" "$stamp" || exit 1
{
echo 'listen_addresses = ["127.0.0.1:5300"]'
echo 'http3 = true'
echo 'server_names = ["test"]'
echo '[static."test"]'
echo "stamp = '${stamp}'"
} >"$CONFIG"
if ! ./dnscrypt-proxy -config "$CONFIG" -show-certs; then
exit_code=1
fi
echo
echo ---
echo
dnssec=false
if ./dnscrypt-proxy -config "$CONFIG" -list -json | grep -F '"dnssec": true' >/dev/null; then
dnssec=true
echo "DNSSEC support is expected"
else
echo "DNSSEC support is not expected"
fi
./dnscrypt-proxy -config "$CONFIG" -pidfile "$PIDFILE" -logfile "$LOGFILE" -loglevel 1 &
sleep 5
skip_log=false
if grep -q 'DNSCrypt relay' "$LOGFILE"; then
echo "(skipping due to IPv6 not being supported by GitHub Actions)"
skip_log=true
elif grep -q 'ERROR.*\[.*:.*]:' "$LOGFILE"; then
echo "(skipping due to relays not being handled by this test)"
skip_log=true
elif ! ./dnscrypt-proxy -config "$CONFIG" -resolve example.com; then
echo "** UNABLE TO GET A RESPONSE FROM THE RESOLVER **"
echo "Bogus stamp: ${stamp}"
exit_code=1
elif $dnssec; then
if ./dnscrypt-proxy -config "$CONFIG" -resolve -check example.com | grep -F "resolver doesn't support DNSSEC" >/dev/null; then
echo "** DNSSEC SUPPORT IS EXPECTED BUT NOT DETECTED **"
exit_code=1
fi
fi
kill $(cat "$PIDFILE")
if [ "$skip_log" = false ]; then
cat "$LOGFILE"
if grep -v 'ERROR.*\[.*:.*]:' "$LOGFILE" | grep -q 'ERROR|CRITICAL|FATAL'; then
echo "** ERRORS FOUND **"
exit_code=1
fi
echo "Done!"
fi
echo
done <"$NEW_ENTRIES"
if [ $exit_code != 0 ]; then
echo "** ONE OR MORE CHECKS FAILED **"
fi
exit $exit_code
Reference in New Issue View Git Blame Copy Permalink