new file mode 100644
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+cd tests || exit 1
+retVal=0
+if ./unittest; then
+ echo PASS: unittest
+else
+ echo FAIL: unittest
+ retVal=1
+fi
+
+if ./testbound -s; then
+ echo PASS: testbound selftest
+else
+ echo FAIL: testbound selftest
+ retVal=1
+fi
+
+for x in ./testdata/*.rpl; do
+ output="$(./testbound -p $x -o -vvvvv 2>&1)"
+ if test $? -eq 0; then
+ echo "PASS: $x"
+ else
+ echo "$output"
+ echo "FAIL: $x"
+ retVal=1
+ fi
+done
+exit $retVal
@@ -10,6 +10,7 @@ LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=5308494bc0590c0cb036afd781d78f06"
SRC_URI = "git://github.com/NLnetLabs/unbound.git;protocol=https;nobranch=1 \
+ file://run-ptest \
file://CVE-2024-8508.patch \
file://CVE-2024-33655.patch \
file://0001-CVE-2025-11411-1.patch \
@@ -21,7 +22,7 @@ SRC_URI = "git://github.com/NLnetLabs/unbound.git;protocol=https;nobranch=1 \
"
SRCREV = "48b6c60a24e9a5d6d369a7a37c9fe2a767f26abd"
-inherit autotools pkgconfig systemd update-rc.d
+inherit autotools pkgconfig systemd update-rc.d ptest
DEPENDS = "openssl libtool-native bison-native expat"
RDEPENDS:${PN} = "bash openssl-bin daemonize"
@@ -41,6 +42,10 @@ do_configure:append() {
sed -i -e 's#${RECIPE_SYSROOT}##g' ${B}/config.h
}
+do_compile_ptest() {
+ oe_runmake tests CFLAGS="${CFLAGS} -USRCDIR -DSRCDIR=${PTEST_PATH}/tests"
+}
+
do_install:append() {
install -d ${D}${systemd_unitdir}/system
install -m 0644 ${B}/contrib/unbound.service ${D}${systemd_unitdir}/system
@@ -49,6 +54,21 @@ do_install:append() {
install -m 0755 ${S}/contrib/unbound.init_yocto ${D}${sysconfdir}/init.d/unbound
}
+do_install_ptest() {
+ install -d ${D}${PTEST_PATH}/tests
+ install -d ${D}${PTEST_PATH}/tests/testdata
+
+ install -m 0544 ${B}/unittest ${D}${PTEST_PATH}/tests/
+ install -m 0544 ${B}/testbound ${D}${PTEST_PATH}/tests/
+ install -m 0644 ${S}/testdata/test_signatures* ${D}${PTEST_PATH}/tests/testdata
+ install -m 0644 ${S}/testdata/test_sigs* ${D}${PTEST_PATH}/tests/testdata
+ install -m 0644 ${S}/testdata/test_ds* ${D}${PTEST_PATH}/tests/testdata
+ install -m 0644 ${S}/testdata/test_nsec3_hash* ${D}${PTEST_PATH}/tests/testdata
+ install -m 0664 ${S}/testdata/test_ldnsrr* ${D}${PTEST_PATH}/tests/testdata
+ install -m 0664 ${S}/testdata/zonemd.example* ${D}${PTEST_PATH}/tests/testdata
+ install -m 0644 ${S}/testdata/*.rpl ${D}/${PTEST_PATH}/tests/testdata/
+}
+
SYSTEMD_SERVICE:${PN} = "${BPN}.service"
INITSCRIPT_NAME = "unbound"
Adapt the compile 'test' phony target from Makefile and deploy as ptest for unbound. All test are successful on a trial and took around >9min and <10min. Duration of ptest execution was 587 seconds on an average. The previously used minimal CVE-2025-11411.patch caused ptest failures. This update switches to the complete upstream patch for CVE-2025-11411, which resolves the ptest issues and applies the complete security fix. Reference to master ptest: https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/unbound?id=d8f21b1dc87408aa86336970e4cb9a9a36a0950b Signed-off-by: Jackson James <jacksonj2@kpit.com> --- .../recipes-support/unbound/unbound/run-ptest | 29 +++++++++++++++++++ .../recipes-support/unbound/unbound_1.19.3.bb | 22 +++++++++++++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 meta-networking/recipes-support/unbound/unbound/run-ptest