On Sun, 22 Jul 2018 at 15:15, Paul Wouters <[email protected]> wrote: > > On Mon, 16 Jul 2018, Andrew Cagney wrote: > > >> It shouldn’t as the dnssec signatures time out after a few days or so? It > >> should be rerun at the start of a full test run. > > > > The real number is: > > KVM_KEYS_EXPIRATION_DAY = 7 > > for re-building all keys. If the keys are older than that then 'make > > kvm-test' dies. Should it be shorter? > > > > The argument against re-building them for each test run is that it > > causes test results to unexpectedly change (testing.libreswan.org > > forces a key re-build before each run). > > I believe if you "run all tests" then it should just regenerate all X509 > and DNSSEC keys. If you are investigating a particular issue, you are > running the same test case a few times to see what happens and there is > little to no gain having yesterday's result be the identical key.
At what point do these keys start to be a problems? I suspect all this is a no-win - there are many work-flows at play. For instance, when I'm testing code I'll re-run all the tests, the failing tests, or a subset of tests and this can be spread across multiple days. It all goes with the assumption that only the changes to the test system being made were made by me. I guess I could do something evil where: make kvm-check is an alias for 'make kvm-clean kvm-install kvm-test' (check is the GNU target) make kvm-test/kvm-retest are incremental but I'm not really comfortable with that. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
