[Swan-dev] debian continuous integration
Antony Antony
antony at phenome.org
Mon Dec 11 22:47:50 UTC 2017
hmm, sorry the previous one won't apply easily.
here is a bit cleaner patch. The previous one wouldn't apply to your tree.
-antony
On Mon, Dec 11, 2017 at 11:41:55PM +0100, Antony Antony wrote:
> Hi DKG,
>
> Here is a proposed fix for the test, to make it asymmetric OE.
>
> However, currently, I think oe.libreswan.org has broken ipseckey. Paul would
> have to fix this.
>
> Once this is fixed your test with this patch, should work.
>
> Lets try to get the test pass before the next release!
>
> regards,
> -antony
>
> PS: dig +short -x `dig +short oe.libreswan.org` ipseckey
> +trusted-key=/usr/share/dns/root.key +sigchase
> fails
>
>
> On Thu, Nov 16, 2017 at 08:50:32AM +0800, Daniel Kahn Gillmor wrote:
> > Hi folks--
> >
> > I want to have more regular full-stack roundtrip tests for libreswan in
> > debian.
> >
> > So i wrote the following simple test for debian's continuous integration
> > initiative:
> >
> > https://anonscm.debian.org/git/collab-maint/libreswan.git/tree/debian/tests/opportunistic
> >
> > as you can see, i'm just triyng to get the configuration-free
> > opportunistic workflow to Just Work (this is what i want to be able to
> > recommend to users who don't have time to think through a stronger
> > configuration).
> >
> > However, it has never succeeded. This is initially because i configured
> > the debian test suite wrong :P but now i've configured it right, and
> > it's still failing.
> >
> > here's the log of it failing currently:
> >
> > https://ci.debian.net/data/autopkgtest/unstable/amd64/libr/libreswan/20171115_141544/log.gz
> >
> > Am i doing something wrong in the test? is the responder at
> > oe.libreswan.org something i can rely on for this purpose?
> >
> > Thoughts and suggestions welcome,
> >
> > --dkg
>
>
>
> > _______________________________________________
> > Swan-dev mailing list
> > Swan-dev at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan-dev
>
> From b96ef56d6123b343ed64accfe0e4e9a45702e696 Mon Sep 17 00:00:00 2001
> From: Antony Antony <antony at phenome.org>
> Date: Mon, 11 Dec 2017 23:01:44 +0100
> Subject: [PATCH] tests/opportunistic fix, asymetric dnssec teest
>
> - add opportunistic policy, 0/0 to private-or-clear
> - add dig output for extra diagnostics
> - 'ipsec restart' instead of start. Would help re-run this test.
>
> Signed-off-by: Antony Antony <antony at phenome.org>
>
> diff --git a/debian/tests/opportunistic b/debian/tests/opportunistic
> index 3eef227f8..a36aa4101 100755
> --- a/debian/tests/opportunistic
> +++ b/debian/tests/opportunistic
> @@ -7,16 +7,19 @@ badstring='<HTML><BODY><HEAD><TITLE>OH noooooos!!</TITLE>'
>
> ping -c 5 oe.libreswan.org 2>&1
>
> +dig +short -x `dig +short oe.libreswan.org` ipseckey +trusted-key=/usr/share/dns/root.key +sigchase
> +
> wget -q --tries=2 --timeout=5 -O "${AUTOPKGTEST_ARTIFACTS}/before.html" http://oe.libreswan.org/
>
> grep -F "$badstring" "${AUTOPKGTEST_ARTIFACTS}/before.html"
>
> +echo "0.0.0.0/0" > /etc/ipsec.d/policies/private-or-clear
> +
> systemctl status ipsec
>
> -#cp /usr/share/doc/libreswan/examples/oe-upgrade-authnull.conf /etc/ipsec.d/
> -cp oe-dnssec-client.conf /etc/ipsec.d
> +cp /usr/share/doc/libreswan/examples/oe-dnssec-client.conf /etc/ipsec.d/
>
> -systemctl start ipsec
> +systemctl restart ipsec
>
> systemctl status ipsec
>
> diff --git a/packaging/debian/tests/control b/packaging/debian/tests/control
> index 71bd04702..1abf59a55 100644
> --- a/packaging/debian/tests/control
> +++ b/packaging/debian/tests/control
> @@ -1,3 +1,3 @@
> Tests: opportunistic
> Restrictions: needs-root, isolation-container
> -Depends: @, iputils-ping, wget, systemd
> +Depends: @, iputils-ping, wget, systemd, dnsutils
-------------- next part --------------
>From 6f10b276609f97a9c9953cd6fece7bf107d19349 Mon Sep 17 00:00:00 2001
From: Antony Antony <antony at phenome.org>
Date: Mon, 11 Dec 2017 21:52:26 +0100
Subject: [PATCH] tests/opportunistic fix, asymetric dnssec teest
- add opportunistic policy, 0/0 to private-or-clear
- add dig output for extra diagnostics
- 'ipsec restart' instead of start. Would help re-run this test.
Signed-off-by: Antony Antony <antony at phenome.org>
diff --git a/debian/tests/opportunistic b/debian/tests/opportunistic
index 97a40ac50..a36aa4101 100755
--- a/debian/tests/opportunistic
+++ b/debian/tests/opportunistic
@@ -7,15 +7,19 @@ badstring='<HTML><BODY><HEAD><TITLE>OH noooooos!!</TITLE>'
ping -c 5 oe.libreswan.org 2>&1
+dig +short -x `dig +short oe.libreswan.org` ipseckey +trusted-key=/usr/share/dns/root.key +sigchase
+
wget -q --tries=2 --timeout=5 -O "${AUTOPKGTEST_ARTIFACTS}/before.html" http://oe.libreswan.org/
grep -F "$badstring" "${AUTOPKGTEST_ARTIFACTS}/before.html"
+echo "0.0.0.0/0" > /etc/ipsec.d/policies/private-or-clear
+
systemctl status ipsec
-cp /usr/share/doc/libreswan/examples/oe-upgrade-authnull.conf /etc/ipsec.d/
+cp /usr/share/doc/libreswan/examples/oe-dnssec-client.conf /etc/ipsec.d/
-systemctl start ipsec
+systemctl restart ipsec
systemctl status ipsec
diff --git a/packaging/debian/tests/control b/packaging/debian/tests/control
index 71bd04702..1abf59a55 100644
--- a/packaging/debian/tests/control
+++ b/packaging/debian/tests/control
@@ -1,3 +1,3 @@
Tests: opportunistic
Restrictions: needs-root, isolation-container
-Depends: @, iputils-ping, wget, systemd
+Depends: @, iputils-ping, wget, systemd, dnsutils
More information about the Swan-dev
mailing list