[Swan-dev] time to delete old dist_certs shell script (attempt #2)?

Andrew Cagney andrew.cagney at gmail.com
Wed Jun 24 21:28:27 EEST 2015


On 24 June 2015 at 12:06, Matt Rogers <mrogers at 0x83.com> wrote:
>
> In the new certificate tests I made them always launch nic, to use it as the ocsp and crl server available regardless of the vpn status. So I say  we can make nic flexible with its configuration, and let that handle cert generation. I always assumed a tester would generate certs on the host machine (and I just patch the installed pyopenssl files on the host). But I see the value of it running at the start of a test run. Maybe the first test in a run can be a dummy test that runs distcerts on nic.

We need to be careful here and not generate new certificates on each
test run.  If we do that we get into a situation where it isn't
possible to consistently re-run tests.

I've found that having "check" depend on one of the local cert files
and generating everything when it is missing to be simple and robust
and one less thing to remember . However, I suspect we're some way off
from having that enabled in mainline.

Andrew

PS: Feel free to fix my mysterious can't create cert/ directory problem :-)


More information about the Swan-dev mailing list