[Swan-dev] Generate test certificates iff missing

Antony Antony antony at phenome.org
Wed Dec 9 13:26:17 UTC 2015


this has more side effects. 
how do I disable expired certs check in Makefile.inc.local?
If not I thinking disable this check in the master.

the side effect  is 
when I use 'make check "UPDATEONLY=1"' and the rule think the cert 'expired' it abort UPDATEONLY.
That is not desired behavior.

make check "UPDATEONLY=1" is used while working one specific test case that has nothing to do with certs and want update the pluto on vm. Especially the uncommited working directory.

On Fri, Nov 20, 2015 at 10:02:22AM +0100, Antony Antony wrote:
> On Thu, Nov 19, 2015 at 01:50:48PM -0500, Andrew Cagney wrote:
> > Heads up!
> > 
> > On 23 October 2015 at 10:21, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> > > On 22 October 2015 at 11:02, Matt Rogers <mrogers at redhat.com> wrote:
> > >>
> > >> One note is that the CRLs (except for needupdate.crl) are valid for 15
> > >> days, so at that point dist_certs should be re-run.
> > >
> > > Ouch; I guess I'm luck that I almost always rebuild my keys.  One easy
> > > fudge to detect this would be:
> > >
> > >    test $(find testing/x509/*/ -type f -ctime +14 | wc -l) -eq 0 &&
> > > echo keys are recent
> > 
> > > I guess something like that should be added as a predicate to "make check".
> > 
> > I added the top-level target "kvm-keys-up-to-date" (see
> > mk/kvm-targets.mk) which will fail if the key files are "old".  It
> > suggests:
> >   make kvm-clean-keys kvm-keys
> > as a way to fix this.
> > 
> > Since "make check" is calling the above, the test run won't start if
> > the tests are out-of-date.   It doesn't try to automatically update
> > out-of-date keys, or generate keys when they appear missing.
> 
> is there a clean way to disable this check? 
> tests using certs are minority. If I am not interested in them I should be able to run make check. Also nice to archive the old keys instead of overwriting them. 
> 
> 
> 
> 
> 
> 
> > 
> > > Andrew
> > _______________________________________________
> > Swan-dev mailing list
> > Swan-dev at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan-dev


More information about the Swan-dev mailing list