[Swan-dev] debian continuous integration

Antony Antony antony at phenome.org
Mon Dec 11 22:41:55 UTC 2017


Here is a proposed fix for the test, to make it asymmetric OE.

However, currently, I think oe.libreswan.org has broken ipseckey. Paul would 
have to fix this.

Once this is fixed your test with this patch, should work. 

Lets try to get the test pass before the next release!


PS: dig +short -x  `dig +short oe.libreswan.org` ipseckey 
+trusted-key=/usr/share/dns/root.key +sigchase

On Thu, Nov 16, 2017 at 08:50:32AM +0800, Daniel Kahn Gillmor wrote:
> Hi folks--
> I want to have more regular full-stack roundtrip tests for libreswan in
> debian.
> So i wrote the following simple test for debian's continuous integration
> initiative:
>   https://anonscm.debian.org/git/collab-maint/libreswan.git/tree/debian/tests/opportunistic
> as you can see, i'm just triyng to get the configuration-free
> opportunistic workflow to Just Work (this is what i want to be able to
> recommend to users who don't have time to think through a stronger
> configuration).
> However, it has never succeeded.  This is initially because i configured
> the debian test suite wrong :P but now i've configured it right, and
> it's still failing.
> here's the log of it failing currently:
>    https://ci.debian.net/data/autopkgtest/unstable/amd64/libr/libreswan/20171115_141544/log.gz
> Am i doing something wrong in the test?  is the responder at
> oe.libreswan.org something i can rely on for this purpose?
> Thoughts and suggestions welcome,
>       --dkg

> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev

-------------- next part --------------
>From b96ef56d6123b343ed64accfe0e4e9a45702e696 Mon Sep 17 00:00:00 2001
From: Antony Antony <antony at phenome.org>
Date: Mon, 11 Dec 2017 23:01:44 +0100
Subject: [PATCH] tests/opportunistic fix, asymetric dnssec teest

- add opportunistic policy, 0/0 to private-or-clear
- add dig output for extra diagnostics
- 'ipsec restart' instead of start. Would help re-run this test.

Signed-off-by: Antony Antony <antony at phenome.org>

diff --git a/debian/tests/opportunistic b/debian/tests/opportunistic
index 3eef227f8..a36aa4101 100755
--- a/debian/tests/opportunistic
+++ b/debian/tests/opportunistic
@@ -7,16 +7,19 @@ badstring='<HTML><BODY><HEAD><TITLE>OH noooooos!!</TITLE>'
 ping -c 5 oe.libreswan.org 2>&1
+dig +short -x  `dig +short oe.libreswan.org` ipseckey +trusted-key=/usr/share/dns/root.key +sigchase
 wget -q --tries=2 --timeout=5 -O "${AUTOPKGTEST_ARTIFACTS}/before.html" http://oe.libreswan.org/ 
 grep -F "$badstring" "${AUTOPKGTEST_ARTIFACTS}/before.html"
+echo "" > /etc/ipsec.d/policies/private-or-clear
 systemctl status ipsec
-#cp /usr/share/doc/libreswan/examples/oe-upgrade-authnull.conf /etc/ipsec.d/
-cp oe-dnssec-client.conf /etc/ipsec.d
+cp /usr/share/doc/libreswan/examples/oe-dnssec-client.conf /etc/ipsec.d/
-systemctl start ipsec
+systemctl restart ipsec
 systemctl status ipsec
diff --git a/packaging/debian/tests/control b/packaging/debian/tests/control
index 71bd04702..1abf59a55 100644
--- a/packaging/debian/tests/control
+++ b/packaging/debian/tests/control
@@ -1,3 +1,3 @@
 Tests: opportunistic
 Restrictions: needs-root, isolation-container
-Depends: @, iputils-ping, wget, systemd
+Depends: @, iputils-ping, wget, systemd, dnsutils

More information about the Swan-dev mailing list