[Swan-dev] regarding: testing: adding missing : ==== end ==== to nicinit

Paul Wouters paul at nohats.ca
Tue Jan 28 16:46:03 UTC 2020

On Tue, 28 Jan 2020, Antony Antony wrote:

> If the nic does not need final.sh it can be sanitized away using
> ": ==== end ====" marker.

when does nic ever need to run final.sh ? Can you point to one test
where it is actually used ? I don't know of any:

paul at bofh:~/libreswan/testing/pluto (master)$ grep hostname */final.sh |grep nic | grep "&"
paul at bofh:~/libreswan/testing/pluto (master)$

> But majority of test cases where it is not needed, better use
> ": ==== end ===="

If there is really only one or two that need anything to be run on nic
as part of the simple init/run/final set, perhaps just convert those to
the 1/2/3/4 syntax?

> And it is better split to nn-<host>[-foo*].sh tests.

> Here is case with out ": ==== end ====" in nicinit.sh
> https://testing.libreswan.org/v3.28-1525-g757fa8d7c3-master/certoe-03-cop-whack/OUTPUT/nic.console.txt

right, there it is just needed like basically everywhere? Why do we not
simple never run final.sh on nic ?

> If we add  acbcf816e6b3e commit to certoe-03-cop-whack that nic.console.txt
> will be much cleaner. and can avoid lines such as the following in the
> final.sh
> hostname | grep nic > /dev/null || ipsec whack --trafficstatus

> I argue 8a628e94cbb7 "hostname | grep nic" is the wrong direction to go.

The reason for this is due to namespaces. In the part, lots of nic
consoles were just run without :=== end === marker and the nic's console
show "ipsec: file not found" when running kvm based tests. but with
namespace based tests, nic's /usr/sbin is from the host and it does
contain the ipsec command, so the output would change from "file not
found" to "pluto not running" depending on the test type. Hence the
above workaround to ensure the same output regardless of test type.

All of that could be removed if we just not run final.sh on nic ever.

Note that the only tests I know of that look for something "near the
end" of a test on nic, are the OCSP tests that verify the ocsp server
on nic was contacted. Those do not use final.sh but the numbered *.sh

> For stats:
> grep "==== end ==="  */nicinit.sh |wc -l
> 286
> grep ausearch */nic.console.txt |wc -l
> 18
> so why not use ": ==== end ===="?
> Why do you think it is a bad idea?

Why not never run final.sh on nic ?

> AFIK markers are not part of test kvmrunner, afik it is part of the
> sanitizer. If my argument is correct, a logical step would be - the
> kvmrunner check for ": ==== end ====" in nicinit.sh, if it finds it can
> avoid running final.sh on nic, possibly can shave off a second or two.
> But that is minor optimization.

I agree not running final.sh on nic ever might shave of a few seconds
and would be good.


More information about the Swan-dev mailing list