[Swan-dev] generating x509 certificates
Paul Wouters
paul at nohats.ca
Tue Feb 3 22:35:14 EET 2015
On Tue, 3 Feb 2015, Andrew Cagney wrote:
> -- I had to add kvmsetup.sh by hand, i think that is a bug
people have different ideas of where the pool should live. Or what OS
to use inside the guest. So we provide kvmsetup.sh.sample.
> -- I had to add Makefile.inc.local to add -Werror, I think that is a bug
I thought we said that was going to be okay soon? :)
> - run testing/libvirt/install.sh to set up the test framework
> -> if I think the VMs are corrupt then I should be able to run
> uninstall.sh ; install.sh to rebuild them
I don't trust uninstallers :/
> - build/install: swan-update on west, then swan-install on the others
> -> it would be nice to automate this
make check UPDATE=1
(hit ctrl-c when it starts on basic-pluto-01 :)
> - strongswan in FC21 doesn't include GCM or CTR; for the GCM and CTR
> interop tests to work, a custom version of strongswan is needed
We could automate pulling it in from a repository on
download.libreswan.org. I hadn't because I thought the fedora maintainer
would fix these. The latest spec file in fedora does enable CCM and CTR
but not GCM.
> - the "wip" tests need to be disabled, it was one of those that hung
> (If it is possible to clearly identify wip results as something to
> ignore and ensure they don't hang then running them is probably
> mostely harmless; google for "KFAIL")
I've not had a test "hung" permanently. I had VMs hanging permanently
not taking commands from virsh though.
We could change swantest that if it is run with --x509 and it does not
see the expected certificates, that it will run dist_certs.whatever ?
Paul
More information about the Swan-dev
mailing list