[Swan-dev] Docker test suite

Andrew Cagney andrew.cagney at gmail.com
Fri Jun 24 15:27:37 UTC 2016

On 24 June 2016 at 10:36, Kim B. Heino <b at bbbs.net> wrote:
>> The order here doesn't seem right - are keys really being re-generated
>> or just reinstalled?
> Keys are re-generated to host's tmp/{west,east} directories. Those
> directories are mounted as docker volumes, they are not included to
> container image.

Ah, that works!  The critical thing is that all domains can, through a
back door, see all the other domains keys.

> Currently I have to compile libreswan first to have a program to
> generate those keys.

As in newhostkey et.al.?

The current test framework really really relies on 'static' hostkeys -
there are magic numbers hardwired through out the config files; not
nice.  For CKAIDs, where I deal with generated x509 files, I had to
pull some tricks to get around this (look at the *ckaid* tests) - the
thing that made it possible was that all domains could access all the

just keep that in mind


More information about the Swan-dev mailing list