[Swan-dev] building rpm target and using namespaces based testing

Tue Sep 24 07:02:17 UTC 2019

a9ebfa04957 is an interesting idea. However, there should be a way to 
disable this and let INITSYSTEM do it is job. Sometimes I want invoke the 
INITSYSTEM that is compiled and installed not override by nsenter. e.g 
docker with systemd in it. I  also use docker or podman with systemd for 
testing and this commit would break some of the use cases. 

Could you refine it? so this can be disabled when necessary.
Initially I thought adding "ipsec --no-sudo-check" that is also not so 
smart. It would would intefear with testing "ipsec stop" and "ipsec start" 
should just wor. So far my thinking a compile time option to disable it?

To be clear:
This patch will break my docker test! The docker is configured with systemd 
and can enter with nsenter. I am not sure how to make it conditional and yet 
easy to use. 

see more bellow about the namespace testing itself.

On Fri, Sep 20, 2019 at 07:57:14PM -0400, Paul Wouters wrote:
> 
> Hi,
> 
> I just pushed a change to "make rpm" that auto builds an rpm. Depending
> on fedora or centos/rhel/foobar it will pick up the right spec file in
> packaging/XXX/YYY/libreswan.spec.
> 
> Stock rpms should now be able to run namespace tests without modifications.

I quickly tried and noticed "ipsec stop" does not work yet? That means tests 
with nsrun --ns --shutdown will be break, 

When you install with "make nsinstall" ipsec stop works.
The means the pluto instances will not get cleaned.  This need need fixing.

> There is some Makefile.inc.local handling in Antony's version that does 
> not translate
> to rpmbuilding that hardcodes various features based on distro. But I
> don't think anything from there is still needed and was done mostly to
> ack the INITSYSTEM stuff?

NO just INITSYSTEM. This rpm started for KVM it has several tricks for 
testing.   Install in /usr/local and other needs for testing, and also some 
of the reasons you mentioned bellow.

For the record do not remove packaging/fedora/libreswan-testing.spec.in that 
has some specific tricks for testig. It is also used on KVM and docker (with 
sytemd). 

> I can see it might be useful to select the "devel" build, maybe using
> "make rpm-devel" that will then run rpmbuild --define with_development=1
> to get a version with full debug and electric fence.

It pass IPSECVERSION to make porgrams.  So pluto --version show the right version.
It do not install documentation
I suspect your rpm file name will not match with plutoversion?
Due to these minor but important features keep libreswan-testing.spec.in for 
now. It call RPM_BUILD_CLEAN.

> I did not port over the support for RPM_BUILD_CLEAN in "make rpm"
> because it breaks the subsequent build by deleting the source files
> (ikev*fax.bz2) when done. 

this is on puropse. for devlopment nightly run otherwise lot of directoies
will pile up in ${HOME}/rpmbuild/SOURCES. It is also a must feature for 
testig. May be I will make it optional.