On 20 November 2015 at 04:02, Antony Antony <[email protected]> wrote: > On Thu, Nov 19, 2015 at 01:50:48PM -0500, Andrew Cagney wrote: >> Heads up! >> >> On 23 October 2015 at 10:21, Andrew Cagney <[email protected]> wrote: >> > On 22 October 2015 at 11:02, Matt Rogers <[email protected]> wrote: >> >> >> >> One note is that the CRLs (except for needupdate.crl) are valid for 15 >> >> days, so at that point dist_certs should be re-run. >> > >> > Ouch; I guess I'm luck that I almost always rebuild my keys. One easy >> > fudge to detect this would be: >> > >> > test $(find testing/x509/*/ -type f -ctime +14 | wc -l) -eq 0 && >> > echo keys are recent >> >> > I guess something like that should be added as a predicate to "make check". >> >> I added the top-level target "kvm-keys-up-to-date" (see >> mk/kvm-targets.mk) which will fail if the key files are "old". It >> suggests: >> make kvm-clean-keys kvm-keys >> as a way to fix this. >> >> Since "make check" is calling the above, the test run won't start if >> the tests are out-of-date. It doesn't try to automatically update >> out-of-date keys, or generate keys when they appear missing. > > is there a clean way to disable this check?
I don't see any sense in disabling it. Just running: find testing/x509/*/ -print | xargs touch before make check will defeat the check. Feel free to add another hack like UPDATE and UPDATEONLY in testing/pluto/Makefile. > tests using certs are minority. If I am not interested in them I should be > able to run make check. Also nice to archive the old keys instead of > overwriting them. Archiving the keys with the test output sounds like an interesting idea. > > > > > > >> >> > Andrew >> _______________________________________________ >> Swan-dev mailing list >> [email protected] >> https://lists.libreswan.org/mailman/listinfo/swan-dev _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
