ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,934 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

1916 Commits

Author SHA1 Message Date
Tobias Brunner fde5374a86 testing: Explicitly encode backing image format in metadata 
Apparently, there is no probing anymore in newer versions of qemu due
to security considerations.
 2021-01-08 11:39:44 +01:00
Andreas Steffen fcb595f961 Version bump to 5.9.2dr1 2021-01-08 11:00:15 +01:00
Tobias Brunner b58740996f testing: Use build-strongswan to implement build-rootimage 2020-11-27 12:05:22 +01:00
Tobias Brunner 88c94063d2 testing: Make building guest images after strongSwan optional 
This is basically only for the build-rootimage use case.
 2020-11-27 12:05:22 +01:00
Tobias Brunner 386e9a96a1 testing: Optionally build strongSwan from a release tarball 
This will allow us to replace the build-rootimage script.
 2020-11-27 12:05:22 +01:00
Tobias Brunner a7d920059e testing: Optionally replace root image when building strongSwan 2020-11-27 12:05:22 +01:00
Tobias Brunner c1dc7c4149 testing: Optionally use a new strongSwan build directory 
This can be useful when building completely different versions for the
first time to avoid issues with build artifacts of previous builds.
 2020-11-27 12:05:22 +01:00
Tobias Brunner 543d09c4b4 testing: Add option to build all software recipes when building strongSwan 
This is like building the root image but using a specific strongSwan
source tree, which is helpful if code changes depend on other software
packages (e.g. TKM-related or testing new crypto libraries).  If the script
is called and the root image does not exist, the new option is enabled
automatically.

The option to build in a specific guest image is now also moved to an
explicit command line option so that the source dir path is the only
remaining positional argument (see --help for details).
 2020-11-27 12:05:22 +01:00
Tobias Brunner edc55f0876 testing: Create root image if it does not exist yet when building strongSwan 
This allows running the script directly after building the base image.
 2020-11-27 12:05:22 +01:00
Tobias Brunner 29c59885ca Use Botan 2.17.1 for tests 2020-11-27 12:05:22 +01:00
Tobias Brunner 1c2f5eea2c testing: Improve building different revisions of Git-recipes 
If we check out and build a certain revision of a dependency in a branch and
switch to another that requires a different revision and then switch back,
the previous approach installed the wrong revision as it would incorrectly
assume the required revision was already built and ready to install.
 2020-11-27 12:05:22 +01:00
Andreas Steffen 0fc6767097 Version bump to 5.9.1 2020-11-10 20:45:13 +01:00
Tobias Brunner a6f0e19bf5 Fixed some typos, courtesy of codespell 2020-11-04 10:06:46 +01:00
Andreas Steffen d63e6156bb Version bump to 5.9.1rc1 2020-11-01 18:45:34 +01:00
Tobias Brunner 8f2b6d7094 testing: Ignore hosts that are not running during shutdown 
This allows properly terminating the environment if a host has crashed
or was terminated manually for some reason.
 2020-10-29 10:22:51 +01:00
Tobias Brunner 60caa4f6c6 testing: Use silent rules to build strongSwan 2020-10-27 16:42:00 +01:00
Andreas Steffen f3d96b7bc9 Version bump to 5.9.1dr1 2020-10-07 16:54:32 +02:00
Tobias Brunner 78015d14ac Use Botan 2.16.0 for tests 2020-10-07 12:38:52 +02:00
Tobias Brunner 428c0b293d testing: Build certificates when make-testing is called 2020-09-30 12:52:43 +02:00
Tobias Brunner 6638191cd7 testing: Increase memory of alice by 20 MiB 
It's ever so close with strongTNC, sometimes the OOM killer got triggered
and the tests failed, or even worse, the whole guest system got stuck.
This might just be enough for now.
 2020-09-04 15:48:12 +02:00
Tobias Brunner 64148f046e testing: Fix dependency issue with strongTNC 
Apparently, djangorestframework-camel-case, in the referenced version,
uses `six` but does not itself require/install it (later versions removed
Python 2 support altogether).
 2020-09-04 14:56:58 +02:00
Tobias Brunner 210c1e2628 testing: Fix route-based/net2net-xfrmi-ike scenario 
On newer systems, the upper hard limit for open file descriptors (see
`ulimit -H -n`) was increased from 4096 to 524288.  Due to how python-daemon
closes potentially open file descriptors (basically stores them in a set,
removes those excluded by config, and loops through all of them), the updown
script was either killed immediately (by the OOM killer) or not ready yet
when updown events occurred.
 2020-09-03 15:46:46 +02:00
Tobias Brunner 5bba0ec0f7 testing: Use Debian buster as base image 2020-09-03 15:24:37 +02:00
Tobias Brunner 1f97415fe7 testing: Use latest x509-ada release 
This fixes an issue with newer compiler versions where crashes would be
caused if functions of the generated C X.509 parser are not aligned.
 2020-09-03 15:24:37 +02:00
Tobias Brunner fb78b0e533 testing: Add man, valgrind and strace to base image 2020-09-03 13:34:19 +02:00
Tobias Brunner dcd8327933 testing: Install vici Python module manually 
easy_install is not included in Debian's python-setuptools package
anymore, so we install it manually using setup.py.
 2020-09-03 13:34:19 +02:00
Tobias Brunner d9785b36a3 testing: Replace deprecated/removed `pip install --download` command 
It was deprecated for a while and has been replaced by `pip download`.
 2020-09-03 13:34:19 +02:00
Tobias Brunner 94eebc9c2c testing: Use legacy iptables on Debian buster 
The iptables-nft wrapper that uses the nftables framework can't handle
the CLUSTERIP target (plus we'd require nftables in the kernel).
 2020-09-03 13:34:19 +02:00
Tobias Brunner 5c4ebbdde8 testing: Increase maximum guest image size 
Seems that each Debian release increases the image size by about 200 MiB.
But increase it a bit more so we have room for logs/tools/debug symbols.
 2020-09-03 13:34:19 +02:00
Tobias Brunner 3d1e2c56df testing: Use pkill to reload rsyslogd config/recreate log files 
The PID location changes with newer Debian releases so it's more
portable this way.
 2020-09-03 13:34:19 +02:00
Tobias Brunner d538b22afe testing: Remove deprecated UsePrivilegeSeparation option from sshd_config 2020-09-03 13:34:19 +02:00
Tobias Brunner 0d84b32e82 testing: Add Linux 5.8 kernel config 
Enables TCP encap for ESP.
 2020-09-03 13:34:19 +02:00
Tobias Brunner 5747ec4eae testing: Use host's /dev/urandom as /dev/random on guests via VirtIO RNG 
Newer versions of systemd etc. seem to require quite a lot of entropy
from /dev/random while booting, which can block and therefore delay the
start of other services (in particular sshd) by more than a minute.
Using the host's /dev/urandom via VirtIO RNG, we can avoid blocking the
guests.

The required kernel options are added for kernel versions 5.4+.
 2020-09-03 13:34:19 +02:00
Tobias Brunner ad7d712cb5 testing: Support build with Debian buster base image 2020-09-03 13:33:32 +02:00
Andreas Steffen 2205c75bad Version bump to 5.9.0 2020-07-29 13:08:09 +02:00
Andreas Steffen 2eec7efd46 Version bump to 5.9.0rc1 2020-07-21 22:43:36 +02:00
Tobias Brunner 59455137b4 Use Botan 2.15.0 for tests 2020-07-20 16:58:03 +02:00
Tobias Brunner f2d240954a testing: Skip tests with missing files, don't abort the test run 
This allows simple test configs in testing/tests/local that are no
actual test cases.
 2020-06-23 16:24:18 +02:00
Andreas Steffen d470422974 Version bump to 5.9.0dr2 2020-06-14 12:15:44 +02:00
Tobias Brunner 84bce03a64 testing: Fix SQL scenarios after preferring AEAD for ESP 
sql/net2net-route|start-pem seem to be the only ones that configure a
proposal via database.
 2020-06-12 13:45:58 +02:00
Tobias Brunner 4261f915d6 testing: Fix ikev2/net2net-fragmentation scenario 
The IKE_AUTH message from moon is now larger because of the AEAD proposal.
 2020-06-12 13:45:58 +02:00
Andreas Steffen 12e4dbb231 Version bump to 5.9.0dr1 2020-06-06 15:02:42 +02:00
Tobias Brunner e0b1b12028 Use Botan 2.14.0 for tests 
Requires at least GCC 5.0 to build with `--amalgamation`, so it's
disabled for our Ubuntu 16.04 build.
 2020-04-07 16:37:27 +02:00
Andreas Steffen 3273667b0b Version bump to 5.8.4 2020-03-29 12:49:52 +02:00
Andreas Steffen 0728387ea9 Version bump to 5.8.3 2020-03-24 16:01:04 +01:00
Andreas Steffen c88a4996fa Version bump to 5.8.3rc1 2020-03-19 08:43:10 +01:00
Andreas Steffen 68e8fedccb Version bump to 5.8.3dr1 2020-03-04 22:27:13 +01:00
Josh Soref b3ab7a48cc Spelling fixes 
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.
 2020-02-11 18:23:07 +01:00
Tobias Brunner b0b928dd0a Use Botan 2.13.0 for tests 2020-01-16 08:30:47 +01:00
Andreas Steffen e5f18a46b7 Version bump to 5.8.2 2019-12-17 14:30:41 +01:00
Andreas Steffen b9eade0ca2 Version bump to 5.8.2rc2 2019-12-16 22:11:43 +01:00
Andreas Steffen c2d6ac1124 Version bump to 5.8.2rc1 2019-12-07 23:06:22 +01:00
Martin Willi f95d512251 testing: Use identity based CA restrictions in rw-hash-and-url-multi-level 
This is a prominent example where the identity based CA constraint is
benefical. While the description of the test claims a strict binding
of the client to the intermediate CA, this is not fully true if CA operators
are not fully trusted: A rogue OU=Sales intermediate may issue certificates
containing a OU=Research.

By binding the connection to the CA, we can avoid this, and using the identity
based constraint still allows moon to receive the intermediate over IKE
or hash-and-url.
 2019-12-06 10:07:47 +01:00
Andreas Steffen ccaedf8761 Version bump to 5.8.2dr2 2019-11-26 22:36:55 +01:00
Tobias Brunner 91dabace11 testing: Add scenario with hash-and-URL encoding for intermediate CA certificates 2019-11-26 11:12:26 +01:00
Tobias Brunner 29b4b2e8e2 testing: Import sys in Python updown script 2019-11-21 16:57:25 +01:00
Tobias Brunner 662574386a testing: Accept LANG and LC_* env variables via SSH on guests 
The client config already includes SendEnv for them.  Without that these
variables currently default to POSIX.
 2019-11-14 16:11:03 +01:00
zhangkaiheb@126.com a5b3c62091 testing: Remove unused connection definition in ikev2/force-udp-encaps 2019-11-07 11:35:43 +01:00
zhangkaiheb@126.com 9d8d85f23c testing: Fix SHA description in ikev*/esp-alg-null scenarios 2019-11-07 11:33:09 +01:00
Andreas Steffen 4f4e026d3b Version bump to 5.8.2dr1 2019-10-18 16:26:41 +02:00
Andreas Steffen f05e9eebb0 testing: Added drbg plugin where required 2019-10-18 16:24:39 +02:00
Tobias Brunner 9cc24ca39e Use Botan 2.12.1 for tests 2019-10-14 11:43:58 +02:00
Tobias Brunner 0736882678 Use Botan 2.12.0 for tests 2019-10-07 14:31:40 +02:00
Andreas Steffen 1e38151b30 Version bump to 5.8.1 2019-09-02 14:39:16 +02:00
Andreas Steffen 7cfe85cc85 Version bump to 5.8.1rc2 2019-08-29 11:15:18 +02:00
Andreas Steffen d2b771203f Version bump to 5.8.1rc1 2019-08-28 16:38:40 +02:00
Tobias Brunner 17c9972252 Fixed some typos, courtesy of codespell 2019-08-28 14:03:41 +02:00
Tobias Brunner b9949e98c2 Some whitespace fixes 
Didn't change some of the larger testing scripts that use an inconsistent
indentation style.
 2019-08-22 15:18:06 +02:00
Tobias Brunner de07b77442 Use Botan 2.11.0 for tests 2019-07-02 11:35:21 +02:00
Andreas Steffen ab1aa03bf5 Version bump to 5.8.1dr1 2019-06-26 17:32:33 +02:00
Andreas Steffen 55dd0361b8 Version bump to 5.8.0 2019-05-20 12:31:08 +02:00
Andreas Steffen 74ac0c9efd Version bump to 5.8.0rc1 2019-05-10 12:55:48 +02:00
Andreas Steffen 47879ca638 testing: Use strongswan systemd service 2019-05-10 12:55:09 +02:00
Andreas Steffen 6d8e6ec61b testing: Load PEM keys in ikev2/net2-net-rsa scenario 2019-05-10 12:54:28 +02:00
Andreas Steffen c9d898c9f4 testing: Copy keys and certs to swanctl/rw-newhope-bliss scenario 2019-05-10 12:53:33 +02:00
Tobias Brunner 27f6d37544 testing: Return an error if any command in the certificate build script fails 2019-05-08 14:56:48 +02:00
Tobias Brunner d3f678c08f testing: Build certificates before guests after building strongSwan 
If the script is run on a clean working copy, building the guests will
fail if the certificates don't exist.
 2019-05-08 14:56:48 +02:00
Tobias Brunner 287149cbf9 testing: Automatically build guest images after generating certificates 
This (re-)generates the CRLs on winnetou.
 2019-05-08 14:56:48 +02:00
Tobias Brunner ac66ca25f9 testing: Use custom plugin configuration to build SHA-3 CA 2019-05-08 14:56:48 +02:00
Tobias Brunner 21280da9f5 testing: Fix ikev2/net2net-rsa scenario 2019-05-08 14:56:48 +02:00
Tobias Brunner da8e33f3ca testing: Add wrapper script to build certificates in root image 
This does not modify the root image but uses the strongSwan version
installed there (avoids build dependencies on version installed on the
host to use pki to generate all the keys and certificates).
 2019-05-08 14:56:48 +02:00
Andreas Steffen a89ad28b89 testing: Upgrade to Linux 5.1 kernel 2019-05-08 14:56:48 +02:00
Andreas Steffen b213204b3b testing: Updated build-certs script 2019-05-08 14:56:48 +02:00
Andreas Steffen cfeae14b06 testing: Deleting dynamic test keys and certificates 2019-05-08 14:56:48 +02:00
Tobias Brunner 2a72056cee testing: Exclude files that are ignored in Git from the distribution 
Since the complete hosts and tests directories are part of the tarball
this would include generated certificates and keys.
 2019-05-08 14:56:48 +02:00
Andreas Steffen 92c001f766 testing: Remove dynamic keys and certs from repository 2019-05-08 14:56:48 +02:00
Andreas Steffen 00f1d09729 testing: Build data.sql files for SQL test cases 2019-05-08 14:56:48 +02:00
Tobias Brunner 05275905ef testing: Build CERT and IPSECKEY RRs for strongswan.org zone 
Also copy generated keys to DNSSEC test cases.
 2019-05-08 14:56:48 +02:00
Tobias Brunner 1e059c837b testing: Rename public keys in DNSSEC scenarios 
We will generate PEM-encoded public keys with the script.
 2019-05-08 14:56:48 +02:00
Tobias Brunner 326bb5f2c5 testing: Convert keys and certificates for all TKM scenarios 2019-05-08 14:56:48 +02:00
Tobias Brunner 0136852f19 testing: Disable leak detective in build-certs script 2019-05-08 14:56:48 +02:00
Andreas Steffen 8db01c6a3f testing: Script building fresh certificates 2019-05-08 14:56:48 +02:00
Tobias Brunner bc0a01ff2e testing: Update documentation in headers of all updown scripts 2019-04-29 17:43:04 +02:00
Tobias Brunner 012221a867 testing: Add swanctl/net2net-childless scenario 2019-04-25 15:23:19 +02:00
Tobias Brunner 35392aa869 testing: Use renamed systemd unit 
While the alias is available after enabling the unit, we don't
actually do that in our testing environment (adding a symlink manually
would work too, then again, why not just use the proper name?).
 2019-04-24 13:57:48 +02:00
Tobias Brunner e601b89c00 testing: Use latest tkm-rpc and x509-ada versions 
Includes fixes for larger signatures, critical extensions and
utf8Strings in DNs.
 2019-04-15 18:31:12 +02:00
Tobias Brunner cfac7305ab testing: Create new files in mounted strongSwan sources as regular user 2019-04-15 14:01:02 +02:00
Tobias Brunner 072de7c150 testing: Add scenario that uses IKE-specific interface IDs 2019-04-04 09:36:38 +02:00
Tobias Brunner 14e999c8d5 testing: Install python-daemon with strongSwan for use in updown scripts 2019-04-04 09:36:38 +02:00
Tobias Brunner 181801317b testing: Add /etc/resolv.conf when building strongSwan 2019-04-04 09:36:38 +02:00