Tobias Brunner
b58740996f
testing: Use build-strongswan to implement build-rootimage
2020-11-27 12:05:22 +01:00
Tobias Brunner
88c94063d2
testing: Make building guest images after strongSwan optional
...
This is basically only for the build-rootimage use case.
2020-11-27 12:05:22 +01:00
Tobias Brunner
386e9a96a1
testing: Optionally build strongSwan from a release tarball
...
This will allow us to replace the build-rootimage script.
2020-11-27 12:05:22 +01:00
Tobias Brunner
a7d920059e
testing: Optionally replace root image when building strongSwan
2020-11-27 12:05:22 +01:00
Tobias Brunner
c1dc7c4149
testing: Optionally use a new strongSwan build directory
...
This can be useful when building completely different versions for the
first time to avoid issues with build artifacts of previous builds.
2020-11-27 12:05:22 +01:00
Tobias Brunner
543d09c4b4
testing: Add option to build all software recipes when building strongSwan
...
This is like building the root image but using a specific strongSwan
source tree, which is helpful if code changes depend on other software
packages (e.g. TKM-related or testing new crypto libraries). If the script
is called and the root image does not exist, the new option is enabled
automatically.
The option to build in a specific guest image is now also moved to an
explicit command line option so that the source dir path is the only
remaining positional argument (see --help for details).
2020-11-27 12:05:22 +01:00
Tobias Brunner
edc55f0876
testing: Create root image if it does not exist yet when building strongSwan
...
This allows running the script directly after building the base image.
2020-11-27 12:05:22 +01:00
Tobias Brunner
29c59885ca
Use Botan 2.17.1 for tests
2020-11-27 12:05:22 +01:00
Tobias Brunner
1c2f5eea2c
testing: Improve building different revisions of Git-recipes
...
If we check out and build a certain revision of a dependency in a branch and
switch to another that requires a different revision and then switch back,
the previous approach installed the wrong revision as it would incorrectly
assume the required revision was already built and ready to install.
2020-11-27 12:05:22 +01:00
Andreas Steffen
0fc6767097
Version bump to 5.9.1
2020-11-10 20:45:13 +01:00
Tobias Brunner
a6f0e19bf5
Fixed some typos, courtesy of codespell
2020-11-04 10:06:46 +01:00
Andreas Steffen
d63e6156bb
Version bump to 5.9.1rc1
2020-11-01 18:45:34 +01:00
Tobias Brunner
8f2b6d7094
testing: Ignore hosts that are not running during shutdown
...
This allows properly terminating the environment if a host has crashed
or was terminated manually for some reason.
2020-10-29 10:22:51 +01:00
Tobias Brunner
60caa4f6c6
testing: Use silent rules to build strongSwan
2020-10-27 16:42:00 +01:00
Andreas Steffen
f3d96b7bc9
Version bump to 5.9.1dr1
2020-10-07 16:54:32 +02:00
Tobias Brunner
78015d14ac
Use Botan 2.16.0 for tests
2020-10-07 12:38:52 +02:00
Tobias Brunner
428c0b293d
testing: Build certificates when make-testing is called
2020-09-30 12:52:43 +02:00
Tobias Brunner
6638191cd7
testing: Increase memory of alice by 20 MiB
...
It's ever so close with strongTNC, sometimes the OOM killer got triggered
and the tests failed, or even worse, the whole guest system got stuck.
This might just be enough for now.
2020-09-04 15:48:12 +02:00
Tobias Brunner
64148f046e
testing: Fix dependency issue with strongTNC
...
Apparently, djangorestframework-camel-case, in the referenced version,
uses `six` but does not itself require/install it (later versions removed
Python 2 support altogether).
2020-09-04 14:56:58 +02:00
Tobias Brunner
210c1e2628
testing: Fix route-based/net2net-xfrmi-ike scenario
...
On newer systems, the upper hard limit for open file descriptors (see
`ulimit -H -n`) was increased from 4096 to 524288. Due to how python-daemon
closes potentially open file descriptors (basically stores them in a set,
removes those excluded by config, and loops through all of them), the updown
script was either killed immediately (by the OOM killer) or not ready yet
when updown events occurred.
2020-09-03 15:46:46 +02:00
Tobias Brunner
5bba0ec0f7
testing: Use Debian buster as base image
2020-09-03 15:24:37 +02:00
Tobias Brunner
1f97415fe7
testing: Use latest x509-ada release
...
This fixes an issue with newer compiler versions where crashes would be
caused if functions of the generated C X.509 parser are not aligned.
2020-09-03 15:24:37 +02:00
Tobias Brunner
fb78b0e533
testing: Add man, valgrind and strace to base image
2020-09-03 13:34:19 +02:00
Tobias Brunner
dcd8327933
testing: Install vici Python module manually
...
easy_install is not included in Debian's python-setuptools package
anymore, so we install it manually using setup.py.
2020-09-03 13:34:19 +02:00
Tobias Brunner
d9785b36a3
testing: Replace deprecated/removed `pip install --download` command
...
It was deprecated for a while and has been replaced by `pip download`.
2020-09-03 13:34:19 +02:00
Tobias Brunner
94eebc9c2c
testing: Use legacy iptables on Debian buster
...
The iptables-nft wrapper that uses the nftables framework can't handle
the CLUSTERIP target (plus we'd require nftables in the kernel).
2020-09-03 13:34:19 +02:00
Tobias Brunner
5c4ebbdde8
testing: Increase maximum guest image size
...
Seems that each Debian release increases the image size by about 200 MiB.
But increase it a bit more so we have room for logs/tools/debug symbols.
2020-09-03 13:34:19 +02:00
Tobias Brunner
3d1e2c56df
testing: Use pkill to reload rsyslogd config/recreate log files
...
The PID location changes with newer Debian releases so it's more
portable this way.
2020-09-03 13:34:19 +02:00
Tobias Brunner
d538b22afe
testing: Remove deprecated UsePrivilegeSeparation option from sshd_config
2020-09-03 13:34:19 +02:00
Tobias Brunner
0d84b32e82
testing: Add Linux 5.8 kernel config
...
Enables TCP encap for ESP.
2020-09-03 13:34:19 +02:00
Tobias Brunner
5747ec4eae
testing: Use host's /dev/urandom as /dev/random on guests via VirtIO RNG
...
Newer versions of systemd etc. seem to require quite a lot of entropy
from /dev/random while booting, which can block and therefore delay the
start of other services (in particular sshd) by more than a minute.
Using the host's /dev/urandom via VirtIO RNG, we can avoid blocking the
guests.
The required kernel options are added for kernel versions 5.4+.
2020-09-03 13:34:19 +02:00
Tobias Brunner
ad7d712cb5
testing: Support build with Debian buster base image
2020-09-03 13:33:32 +02:00
Andreas Steffen
2205c75bad
Version bump to 5.9.0
2020-07-29 13:08:09 +02:00
Andreas Steffen
2eec7efd46
Version bump to 5.9.0rc1
2020-07-21 22:43:36 +02:00
Tobias Brunner
59455137b4
Use Botan 2.15.0 for tests
2020-07-20 16:58:03 +02:00
Tobias Brunner
f2d240954a
testing: Skip tests with missing files, don't abort the test run
...
This allows simple test configs in testing/tests/local that are no
actual test cases.
2020-06-23 16:24:18 +02:00
Andreas Steffen
d470422974
Version bump to 5.9.0dr2
2020-06-14 12:15:44 +02:00
Tobias Brunner
84bce03a64
testing: Fix SQL scenarios after preferring AEAD for ESP
...
sql/net2net-route|start-pem seem to be the only ones that configure a
proposal via database.
2020-06-12 13:45:58 +02:00
Tobias Brunner
4261f915d6
testing: Fix ikev2/net2net-fragmentation scenario
...
The IKE_AUTH message from moon is now larger because of the AEAD proposal.
2020-06-12 13:45:58 +02:00
Andreas Steffen
12e4dbb231
Version bump to 5.9.0dr1
2020-06-06 15:02:42 +02:00
Tobias Brunner
e0b1b12028
Use Botan 2.14.0 for tests
...
Requires at least GCC 5.0 to build with `--amalgamation`, so it's
disabled for our Ubuntu 16.04 build.
2020-04-07 16:37:27 +02:00
Andreas Steffen
3273667b0b
Version bump to 5.8.4
2020-03-29 12:49:52 +02:00
Andreas Steffen
0728387ea9
Version bump to 5.8.3
2020-03-24 16:01:04 +01:00
Andreas Steffen
c88a4996fa
Version bump to 5.8.3rc1
2020-03-19 08:43:10 +01:00
Andreas Steffen
68e8fedccb
Version bump to 5.8.3dr1
2020-03-04 22:27:13 +01:00
Josh Soref
b3ab7a48cc
Spelling fixes
...
* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior
Closes strongswan/strongswan#164 .
2020-02-11 18:23:07 +01:00
Tobias Brunner
b0b928dd0a
Use Botan 2.13.0 for tests
2020-01-16 08:30:47 +01:00
Andreas Steffen
e5f18a46b7
Version bump to 5.8.2
2019-12-17 14:30:41 +01:00
Andreas Steffen
b9eade0ca2
Version bump to 5.8.2rc2
2019-12-16 22:11:43 +01:00
Andreas Steffen
c2d6ac1124
Version bump to 5.8.2rc1
2019-12-07 23:06:22 +01:00
Martin Willi
f95d512251
testing: Use identity based CA restrictions in rw-hash-and-url-multi-level
...
This is a prominent example where the identity based CA constraint is
benefical. While the description of the test claims a strict binding
of the client to the intermediate CA, this is not fully true if CA operators
are not fully trusted: A rogue OU=Sales intermediate may issue certificates
containing a OU=Research.
By binding the connection to the CA, we can avoid this, and using the identity
based constraint still allows moon to receive the intermediate over IKE
or hash-and-url.
2019-12-06 10:07:47 +01:00
Andreas Steffen
ccaedf8761
Version bump to 5.8.2dr2
2019-11-26 22:36:55 +01:00
Tobias Brunner
91dabace11
testing: Add scenario with hash-and-URL encoding for intermediate CA certificates
2019-11-26 11:12:26 +01:00
Tobias Brunner
29b4b2e8e2
testing: Import sys in Python updown script
2019-11-21 16:57:25 +01:00
Tobias Brunner
662574386a
testing: Accept LANG and LC_* env variables via SSH on guests
...
The client config already includes SendEnv for them. Without that these
variables currently default to POSIX.
2019-11-14 16:11:03 +01:00
zhangkaiheb@126.com
a5b3c62091
testing: Remove unused connection definition in ikev2/force-udp-encaps
2019-11-07 11:35:43 +01:00
zhangkaiheb@126.com
9d8d85f23c
testing: Fix SHA description in ikev*/esp-alg-null scenarios
2019-11-07 11:33:09 +01:00
Andreas Steffen
4f4e026d3b
Version bump to 5.8.2dr1
2019-10-18 16:26:41 +02:00
Andreas Steffen
f05e9eebb0
testing: Added drbg plugin where required
2019-10-18 16:24:39 +02:00
Tobias Brunner
9cc24ca39e
Use Botan 2.12.1 for tests
2019-10-14 11:43:58 +02:00
Tobias Brunner
0736882678
Use Botan 2.12.0 for tests
2019-10-07 14:31:40 +02:00
Andreas Steffen
1e38151b30
Version bump to 5.8.1
2019-09-02 14:39:16 +02:00
Andreas Steffen
7cfe85cc85
Version bump to 5.8.1rc2
2019-08-29 11:15:18 +02:00
Andreas Steffen
d2b771203f
Version bump to 5.8.1rc1
2019-08-28 16:38:40 +02:00
Tobias Brunner
17c9972252
Fixed some typos, courtesy of codespell
2019-08-28 14:03:41 +02:00
Tobias Brunner
b9949e98c2
Some whitespace fixes
...
Didn't change some of the larger testing scripts that use an inconsistent
indentation style.
2019-08-22 15:18:06 +02:00
Tobias Brunner
de07b77442
Use Botan 2.11.0 for tests
2019-07-02 11:35:21 +02:00
Andreas Steffen
ab1aa03bf5
Version bump to 5.8.1dr1
2019-06-26 17:32:33 +02:00
Andreas Steffen
55dd0361b8
Version bump to 5.8.0
2019-05-20 12:31:08 +02:00
Andreas Steffen
74ac0c9efd
Version bump to 5.8.0rc1
2019-05-10 12:55:48 +02:00
Andreas Steffen
47879ca638
testing: Use strongswan systemd service
2019-05-10 12:55:09 +02:00
Andreas Steffen
6d8e6ec61b
testing: Load PEM keys in ikev2/net2-net-rsa scenario
2019-05-10 12:54:28 +02:00
Andreas Steffen
c9d898c9f4
testing: Copy keys and certs to swanctl/rw-newhope-bliss scenario
2019-05-10 12:53:33 +02:00
Tobias Brunner
27f6d37544
testing: Return an error if any command in the certificate build script fails
2019-05-08 14:56:48 +02:00
Tobias Brunner
d3f678c08f
testing: Build certificates before guests after building strongSwan
...
If the script is run on a clean working copy, building the guests will
fail if the certificates don't exist.
2019-05-08 14:56:48 +02:00
Tobias Brunner
287149cbf9
testing: Automatically build guest images after generating certificates
...
This (re-)generates the CRLs on winnetou.
2019-05-08 14:56:48 +02:00
Tobias Brunner
ac66ca25f9
testing: Use custom plugin configuration to build SHA-3 CA
2019-05-08 14:56:48 +02:00
Tobias Brunner
21280da9f5
testing: Fix ikev2/net2net-rsa scenario
2019-05-08 14:56:48 +02:00
Tobias Brunner
da8e33f3ca
testing: Add wrapper script to build certificates in root image
...
This does not modify the root image but uses the strongSwan version
installed there (avoids build dependencies on version installed on the
host to use pki to generate all the keys and certificates).
2019-05-08 14:56:48 +02:00
Andreas Steffen
a89ad28b89
testing: Upgrade to Linux 5.1 kernel
2019-05-08 14:56:48 +02:00
Andreas Steffen
b213204b3b
testing: Updated build-certs script
2019-05-08 14:56:48 +02:00
Andreas Steffen
cfeae14b06
testing: Deleting dynamic test keys and certificates
2019-05-08 14:56:48 +02:00
Tobias Brunner
2a72056cee
testing: Exclude files that are ignored in Git from the distribution
...
Since the complete hosts and tests directories are part of the tarball
this would include generated certificates and keys.
2019-05-08 14:56:48 +02:00
Andreas Steffen
92c001f766
testing: Remove dynamic keys and certs from repository
2019-05-08 14:56:48 +02:00
Andreas Steffen
00f1d09729
testing: Build data.sql files for SQL test cases
2019-05-08 14:56:48 +02:00
Tobias Brunner
05275905ef
testing: Build CERT and IPSECKEY RRs for strongswan.org zone
...
Also copy generated keys to DNSSEC test cases.
2019-05-08 14:56:48 +02:00
Tobias Brunner
1e059c837b
testing: Rename public keys in DNSSEC scenarios
...
We will generate PEM-encoded public keys with the script.
2019-05-08 14:56:48 +02:00
Tobias Brunner
326bb5f2c5
testing: Convert keys and certificates for all TKM scenarios
2019-05-08 14:56:48 +02:00
Tobias Brunner
0136852f19
testing: Disable leak detective in build-certs script
2019-05-08 14:56:48 +02:00
Andreas Steffen
8db01c6a3f
testing: Script building fresh certificates
2019-05-08 14:56:48 +02:00
Tobias Brunner
bc0a01ff2e
testing: Update documentation in headers of all updown scripts
2019-04-29 17:43:04 +02:00
Tobias Brunner
012221a867
testing: Add swanctl/net2net-childless scenario
2019-04-25 15:23:19 +02:00
Tobias Brunner
35392aa869
testing: Use renamed systemd unit
...
While the alias is available after enabling the unit, we don't
actually do that in our testing environment (adding a symlink manually
would work too, then again, why not just use the proper name?).
2019-04-24 13:57:48 +02:00
Tobias Brunner
e601b89c00
testing: Use latest tkm-rpc and x509-ada versions
...
Includes fixes for larger signatures, critical extensions and
utf8Strings in DNs.
2019-04-15 18:31:12 +02:00
Tobias Brunner
cfac7305ab
testing: Create new files in mounted strongSwan sources as regular user
2019-04-15 14:01:02 +02:00
Tobias Brunner
072de7c150
testing: Add scenario that uses IKE-specific interface IDs
2019-04-04 09:36:38 +02:00
Tobias Brunner
14e999c8d5
testing: Install python-daemon with strongSwan for use in updown scripts
2019-04-04 09:36:38 +02:00
Tobias Brunner
181801317b
testing: Add /etc/resolv.conf when building strongSwan
2019-04-04 09:36:38 +02:00
Tobias Brunner
ceca26c88e
testing: Enable Python eggs in testing environment (i.e. vici's Python bindings)
2019-04-04 09:36:38 +02:00
Tobias Brunner
760d7c9b4f
testing: Add scenarios that use XFRM interfaces
...
The network namespace scenario requires a kernel patch in 4.19 and 4.20
kernels (the fix is included in 5.0 kernels).
2019-04-04 09:31:38 +02:00