public inbox for openembedded-devel@lists.openembedded.org
 help / color / mirror / Atom feed
From: Jackson James <jackson.james9803@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: jacksonj2@kpit.com
Subject: [meta-networking][scarthgap][PATCH 2/2] unbound: Add ptest for unbound
Date: Fri, 10 Apr 2026 12:11:13 +0530	[thread overview]
Message-ID: <20260410064113.1498301-2-jacksonj2@kpit.com> (raw)
In-Reply-To: <20260410064113.1498301-1-jacksonj2@kpit.com>

Adapt the compile 'test' phony target from Makefile and deploy as
ptest for unbound.

All test are successful on a trial and took around >9min and <10min.
Duration of ptest execution was 587 seconds on an average.

The previously used minimal CVE-2025-11411.patch caused ptest failures.
This update switches to the complete upstream patch
for CVE-2025-11411, which resolves the ptest issues and applies the
complete security fix.

Reference to master ptest:
https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/unbound?id=d8f21b1dc87408aa86336970e4cb9a9a36a0950b

Signed-off-by: Jackson James <jacksonj2@kpit.com>
---
 .../recipes-support/unbound/unbound/run-ptest | 29 +++++++++++++++++++
 .../recipes-support/unbound/unbound_1.19.3.bb | 22 +++++++++++++-
 2 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 meta-networking/recipes-support/unbound/unbound/run-ptest

diff --git a/meta-networking/recipes-support/unbound/unbound/run-ptest b/meta-networking/recipes-support/unbound/unbound/run-ptest
new file mode 100644
index 0000000000..3801233eeb
--- /dev/null
+++ b/meta-networking/recipes-support/unbound/unbound/run-ptest
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+cd tests || exit 1
+retVal=0
+if ./unittest; then
+    echo PASS: unittest
+else
+    echo FAIL: unittest
+    retVal=1
+fi
+
+if ./testbound -s; then
+    echo PASS: testbound selftest
+else
+    echo FAIL: testbound selftest
+    retVal=1
+fi
+
+for x in ./testdata/*.rpl; do
+	output="$(./testbound -p $x -o -vvvvv 2>&1)"
+        if test $? -eq 0; then
+                echo "PASS: $x"
+        else
+                echo "$output"
+                echo "FAIL: $x"
+                retVal=1
+        fi
+done
+exit $retVal
diff --git a/meta-networking/recipes-support/unbound/unbound_1.19.3.bb b/meta-networking/recipes-support/unbound/unbound_1.19.3.bb
index 6841049ac5..2489e3c235 100644
--- a/meta-networking/recipes-support/unbound/unbound_1.19.3.bb
+++ b/meta-networking/recipes-support/unbound/unbound_1.19.3.bb
@@ -10,6 +10,7 @@ LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=5308494bc0590c0cb036afd781d78f06"
 
 SRC_URI = "git://github.com/NLnetLabs/unbound.git;protocol=https;nobranch=1 \
+           file://run-ptest \
            file://CVE-2024-8508.patch \
            file://CVE-2024-33655.patch \
            file://0001-CVE-2025-11411-1.patch \
@@ -21,7 +22,7 @@ SRC_URI = "git://github.com/NLnetLabs/unbound.git;protocol=https;nobranch=1 \
            "
 SRCREV = "48b6c60a24e9a5d6d369a7a37c9fe2a767f26abd"
 
-inherit autotools pkgconfig systemd update-rc.d
+inherit autotools pkgconfig systemd update-rc.d ptest
 
 DEPENDS = "openssl libtool-native bison-native expat"
 RDEPENDS:${PN} = "bash openssl-bin daemonize"
@@ -41,6 +42,10 @@ do_configure:append() {
 	sed -i -e 's#${RECIPE_SYSROOT}##g' ${B}/config.h
 }
 
+do_compile_ptest() {
+        oe_runmake tests CFLAGS="${CFLAGS} -USRCDIR -DSRCDIR=${PTEST_PATH}/tests"
+}
+
 do_install:append() {
 	install -d ${D}${systemd_unitdir}/system
 	install -m 0644 ${B}/contrib/unbound.service ${D}${systemd_unitdir}/system
@@ -49,6 +54,21 @@ do_install:append() {
 	install -m 0755 ${S}/contrib/unbound.init_yocto ${D}${sysconfdir}/init.d/unbound
 }
 
+do_install_ptest() {
+        install -d ${D}${PTEST_PATH}/tests
+        install -d ${D}${PTEST_PATH}/tests/testdata
+
+        install -m 0544 ${B}/unittest ${D}${PTEST_PATH}/tests/
+        install -m 0544 ${B}/testbound ${D}${PTEST_PATH}/tests/
+        install -m 0644 ${S}/testdata/test_signatures* ${D}${PTEST_PATH}/tests/testdata
+        install -m 0644 ${S}/testdata/test_sigs* ${D}${PTEST_PATH}/tests/testdata
+        install -m 0644 ${S}/testdata/test_ds* ${D}${PTEST_PATH}/tests/testdata
+        install -m 0644 ${S}/testdata/test_nsec3_hash* ${D}${PTEST_PATH}/tests/testdata
+        install -m 0664 ${S}/testdata/test_ldnsrr* ${D}${PTEST_PATH}/tests/testdata
+        install -m 0664 ${S}/testdata/zonemd.example* ${D}${PTEST_PATH}/tests/testdata
+        install -m 0644 ${S}/testdata/*.rpl ${D}/${PTEST_PATH}/tests/testdata/
+}
+
 SYSTEMD_SERVICE:${PN} = "${BPN}.service"
 
 INITSCRIPT_NAME = "unbound"
-- 
2.34.1



      reply	other threads:[~2026-04-10  6:53 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-10  6:41 [meta-networking][scarthgap][PATCH 1/2] unbound: Fix CVE-2025-11411 Jackson James
2026-04-10  6:41 ` Jackson James [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260410064113.1498301-2-jacksonj2@kpit.com \
    --to=jackson.james9803@gmail.com \
    --cc=jacksonj2@kpit.com \
    --cc=openembedded-devel@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox