On Mon, 16 Jul 2018, Andrew Cagney wrote:
It shouldn’t as the dnssec signatures time out after a few days or so? It
should be rerun at the start of a full test run.
The real number is:
KVM_KEYS_EXPIRATION_DAY = 7
for re-building all keys. If the keys are older than that then 'make
kvm-test' dies. Should it be shorter?
The argument against re-building them for each test run is that it
causes test results to unexpectedly change (testing.libreswan.org
forces a key re-build before each run).
I believe if you "run all tests" then it should just regenerate all X509
and DNSSEC keys. If you are investigating a particular issue, you are
running the same test case a few times to see what happens and there is
little to no gain having yesterday's result be the identical key.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
