[Swan-dev] Generate test certificates iff missing
Andrew Cagney
andrew.cagney at gmail.com
Fri Nov 20 14:33:26 UTC 2015
On 20 November 2015 at 04:02, Antony Antony <antony at phenome.org> wrote:
> On Thu, Nov 19, 2015 at 01:50:48PM -0500, Andrew Cagney wrote:
>> Heads up!
>>
>> On 23 October 2015 at 10:21, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>> > On 22 October 2015 at 11:02, Matt Rogers <mrogers at redhat.com> wrote:
>> >>
>> >> One note is that the CRLs (except for needupdate.crl) are valid for 15
>> >> days, so at that point dist_certs should be re-run.
>> >
>> > Ouch; I guess I'm luck that I almost always rebuild my keys. One easy
>> > fudge to detect this would be:
>> >
>> > test $(find testing/x509/*/ -type f -ctime +14 | wc -l) -eq 0 &&
>> > echo keys are recent
>>
>> > I guess something like that should be added as a predicate to "make check".
>>
>> I added the top-level target "kvm-keys-up-to-date" (see
>> mk/kvm-targets.mk) which will fail if the key files are "old". It
>> suggests:
>> make kvm-clean-keys kvm-keys
>> as a way to fix this.
>>
>> Since "make check" is calling the above, the test run won't start if
>> the tests are out-of-date. It doesn't try to automatically update
>> out-of-date keys, or generate keys when they appear missing.
>
> is there a clean way to disable this check?
I don't see any sense in disabling it.
Just running:
find testing/x509/*/ -print | xargs touch
before make check will defeat the check. Feel free to add another
hack like UPDATE and UPDATEONLY in testing/pluto/Makefile.
> tests using certs are minority. If I am not interested in them I should be able to run make check. Also nice to archive the old keys instead of overwriting them.
Archiving the keys with the test output sounds like an interesting idea.
>
>
>
>
>
>
>>
>> > Andrew
>> _______________________________________________
>> Swan-dev mailing list
>> Swan-dev at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan-dev
More information about the Swan-dev
mailing list