[Swan-dev] Generate test certificates iff missing
Antony Antony
antony at phenome.org
Fri Nov 20 09:02:22 UTC 2015
On Thu, Nov 19, 2015 at 01:50:48PM -0500, Andrew Cagney wrote:
> Heads up!
>
> On 23 October 2015 at 10:21, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> > On 22 October 2015 at 11:02, Matt Rogers <mrogers at redhat.com> wrote:
> >>
> >> One note is that the CRLs (except for needupdate.crl) are valid for 15
> >> days, so at that point dist_certs should be re-run.
> >
> > Ouch; I guess I'm luck that I almost always rebuild my keys. One easy
> > fudge to detect this would be:
> >
> > test $(find testing/x509/*/ -type f -ctime +14 | wc -l) -eq 0 &&
> > echo keys are recent
>
> > I guess something like that should be added as a predicate to "make check".
>
> I added the top-level target "kvm-keys-up-to-date" (see
> mk/kvm-targets.mk) which will fail if the key files are "old". It
> suggests:
> make kvm-clean-keys kvm-keys
> as a way to fix this.
>
> Since "make check" is calling the above, the test run won't start if
> the tests are out-of-date. It doesn't try to automatically update
> out-of-date keys, or generate keys when they appear missing.
is there a clean way to disable this check?
tests using certs are minority. If I am not interested in them I should be able to run make check. Also nice to archive the old keys instead of overwriting them.
>
> > Andrew
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list