[Swan-dev] debian continuous integration

Antony Antony antony at phenome.org
Mon Dec 11 22:47:50 UTC 2017 

hmm, sorry the previous one won't apply easily.

here is a bit cleaner patch. The previous one wouldn't apply to your tree.

-antony


On Mon, Dec 11, 2017 at 11:41:55PM +0100, Antony Antony wrote:
> Hi DKG,
> 
> Here is a proposed fix for the test, to make it asymmetric OE.
> 
> However, currently, I think oe.libreswan.org has broken ipseckey. Paul would 
> have to fix this.
> 
> Once this is fixed your test with this patch, should work. 
> 
> Lets try to get the test pass before the next release!
> 
> regards,
> -antony
> 
> PS: dig +short -x  `dig +short oe.libreswan.org` ipseckey 
> +trusted-key=/usr/share/dns/root.key +sigchase
> fails
> 
> 
> On Thu, Nov 16, 2017 at 08:50:32AM +0800, Daniel Kahn Gillmor wrote:
> > Hi folks--
> > 
> > I want to have more regular full-stack roundtrip tests for libreswan in
> > debian.
> > 
> > So i wrote the following simple test for debian's continuous integration
> > initiative:
> > 
> >   https://anonscm.debian.org/git/collab-maint/libreswan.git/tree/debian/tests/opportunistic
> > 
> > as you can see, i'm just triyng to get the configuration-free
> > opportunistic workflow to Just Work (this is what i want to be able to
> > recommend to users who don't have time to think through a stronger
> > configuration).
> > 
> > However, it has never succeeded.  This is initially because i configured
> > the debian test suite wrong :P but now i've configured it right, and
> > it's still failing.
> > 
> > here's the log of it failing currently:
> > 
> >    https://ci.debian.net/data/autopkgtest/unstable/amd64/libr/libreswan/20171115_141544/log.gz
> > 
> > Am i doing something wrong in the test?  is the responder at
> > oe.libreswan.org something i can rely on for this purpose?
> > 
> > Thoughts and suggestions welcome,
> > 
> >       --dkg
> 
> 
> 
> > _______________________________________________
> > Swan-dev mailing list
> > Swan-dev at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan-dev
> 

> From b96ef56d6123b343ed64accfe0e4e9a45702e696 Mon Sep 17 00:00:00 2001
> From: Antony Antony <antony at phenome.org>
> Date: Mon, 11 Dec 2017 23:01:44 +0100
> Subject: [PATCH] tests/opportunistic fix, asymetric dnssec teest
> 
> - add opportunistic policy, 0/0 to private-or-clear
> - add dig output for extra diagnostics
> - 'ipsec restart' instead of start. Would help re-run this test.
> 
> Signed-off-by: Antony Antony <antony at phenome.org>
> 
> diff --git a/debian/tests/opportunistic b/debian/tests/opportunistic
> index 3eef227f8..a36aa4101 100755
> --- a/debian/tests/opportunistic
> +++ b/debian/tests/opportunistic
> @@ -7,16 +7,19 @@ badstring='<HTML><BODY><HEAD><TITLE>OH noooooos!!</TITLE>'
>  
>  ping -c 5 oe.libreswan.org 2>&1
>  
> +dig +short -x  `dig +short oe.libreswan.org` ipseckey +trusted-key=/usr/share/dns/root.key +sigchase
> +
>  wget -q --tries=2 --timeout=5 -O "${AUTOPKGTEST_ARTIFACTS}/before.html" http://oe.libreswan.org/ 
>  
>  grep -F "$badstring" "${AUTOPKGTEST_ARTIFACTS}/before.html"
>  
> +echo "0.0.0.0/0" > /etc/ipsec.d/policies/private-or-clear
> +
>  systemctl status ipsec
>  
> -#cp /usr/share/doc/libreswan/examples/oe-upgrade-authnull.conf /etc/ipsec.d/
> -cp oe-dnssec-client.conf /etc/ipsec.d
> +cp /usr/share/doc/libreswan/examples/oe-dnssec-client.conf /etc/ipsec.d/
>  
> -systemctl start ipsec
> +systemctl restart ipsec
>  
>  systemctl status ipsec
>  
> diff --git a/packaging/debian/tests/control b/packaging/debian/tests/control
> index 71bd04702..1abf59a55 100644
> --- a/packaging/debian/tests/control
> +++ b/packaging/debian/tests/control
> @@ -1,3 +1,3 @@
>  Tests: opportunistic
>  Restrictions: needs-root, isolation-container
> -Depends: @, iputils-ping, wget, systemd
> +Depends: @, iputils-ping, wget, systemd, dnsutils

-------------- next part --------------
>From 6f10b276609f97a9c9953cd6fece7bf107d19349 Mon Sep 17 00:00:00 2001
From: Antony Antony <antony at phenome.org>
Date: Mon, 11 Dec 2017 21:52:26 +0100
Subject: [PATCH] tests/opportunistic fix, asymetric dnssec teest

- add opportunistic policy, 0/0 to private-or-clear
- add dig output for extra diagnostics
- 'ipsec restart' instead of start. Would help re-run this test.

Signed-off-by: Antony Antony <antony at phenome.org>

diff --git a/debian/tests/opportunistic b/debian/tests/opportunistic
index 97a40ac50..a36aa4101 100755
--- a/debian/tests/opportunistic
+++ b/debian/tests/opportunistic
@@ -7,15 +7,19 @@ badstring='<HTML><BODY><HEAD><TITLE>OH noooooos!!</TITLE>'
 
 ping -c 5 oe.libreswan.org 2>&1
 
+dig +short -x  `dig +short oe.libreswan.org` ipseckey +trusted-key=/usr/share/dns/root.key +sigchase
+
 wget -q --tries=2 --timeout=5 -O "${AUTOPKGTEST_ARTIFACTS}/before.html" http://oe.libreswan.org/ 
 
 grep -F "$badstring" "${AUTOPKGTEST_ARTIFACTS}/before.html"
 
+echo "0.0.0.0/0" > /etc/ipsec.d/policies/private-or-clear
+
 systemctl status ipsec
 
-cp /usr/share/doc/libreswan/examples/oe-upgrade-authnull.conf /etc/ipsec.d/
+cp /usr/share/doc/libreswan/examples/oe-dnssec-client.conf /etc/ipsec.d/
 
-systemctl start ipsec
+systemctl restart ipsec
 
 systemctl status ipsec
 
diff --git a/packaging/debian/tests/control b/packaging/debian/tests/control
index 71bd04702..1abf59a55 100644
--- a/packaging/debian/tests/control
+++ b/packaging/debian/tests/control
@@ -1,3 +1,3 @@
 Tests: opportunistic
 Restrictions: needs-root, isolation-container
-Depends: @, iputils-ping, wget, systemd
+Depends: @, iputils-ping, wget, systemd, dnsutils

More information about the Swan-dev mailing list