Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package nbdkit for openSUSE:Factory checked
in at 2025-09-14 18:50:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nbdkit (Old)
and /work/SRC/openSUSE:Factory/.nbdkit.new.1977 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nbdkit"
Sun Sep 14 18:50:11 2025 rev:23 rq:1304462 version:1.44.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/nbdkit/nbdkit.changes 2025-08-05
14:21:50.778641235 +0200
+++ /work/SRC/openSUSE:Factory/.nbdkit.new.1977/nbdkit.changes 2025-09-14
18:50:50.563774212 +0200
@@ -1,0 +2,18 @@
+Fri Sep 05 21:07:32 UTC 2025 - Charles Arnold <carn...@suse.com>
+
+- Update to version 1.44.3:
+ * Version 1.44.3.
+ * server/public.c: Use lrint() instead of implicit conversion to int
+ * delay: Rearrange the options in alphabetical order in the documentation
+ * docs/nbdkit-client.pod: Document attaching NBD devices to QEMU VMs
+ * docs/nbdkit-client.pod: Combine and rename "LIMITATIONS" section
+ * tests/test-golang-fork-warning.sh: Fix hanging test
+ * tests: Use 'define script' in a few more places
+ * tests: Modify make-pki and make-psk scripts to be atomic
+ * tests: Define common functions for requiring TLS certs and PSK
+ * tests/test-tls.sh: Remove unused export of pkidir
+ * tests: Generate make-psk.sh
+ * tests/make-psk.sh: Fix typo "pkstool" -> "psktool"
+ * tests: Fix typo "An good" -> "A good"
+
+-------------------------------------------------------------------
Old:
----
nbdkit-1.44.2.tar.xz
New:
----
nbdkit-1.44.3.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ nbdkit.spec ++++++
--- /var/tmp/diff_new_pack.EWhXT5/_old 2025-09-14 18:50:51.059794997 +0200
+++ /var/tmp/diff_new_pack.EWhXT5/_new 2025-09-14 18:50:51.063795164 +0200
@@ -27,7 +27,7 @@
%global broken_test_arches %{arm} aarch64 %{ix86}
Name: nbdkit
-Version: 1.44.2
+Version: 1.44.3
Release: 0
Summary: Network Block Device server
License: BSD-3-Clause
@@ -181,6 +181,7 @@
# The plugins below have non-trivial dependencies are so are
# packaged separately.
+
%package cdi-plugin
Summary: Containerized Data Import plugin for %{name}
Requires: %{name}-server = %{version}-%{release}
@@ -207,6 +208,7 @@
# In theory this is noarch, but because plugins are placed in _libdir
# which varies across architectures, RPM does not allow this.
+
%package gcs-plugin
Summary: Gooogle Cloud Storage plugin %{name}
Requires: %{name}-python-plugin = %{version}-%{release}
++++++ _service ++++++
--- /var/tmp/diff_new_pack.EWhXT5/_old 2025-09-14 18:50:51.091796337 +0200
+++ /var/tmp/diff_new_pack.EWhXT5/_new 2025-09-14 18:50:51.095796506 +0200
@@ -1,7 +1,7 @@
<services>
<service name="tar_scm" mode="manual">
<param name="filename">nbdkit</param>
- <param name="revision">v1.44.2</param>
+ <param name="revision">v1.44.3</param>
<param name="scm">git</param>
<param name="submodules">disable</param>
<param name="url">https://gitlab.com/nbdkit/nbdkit.git</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.EWhXT5/_old 2025-09-14 18:50:51.131798014 +0200
+++ /var/tmp/diff_new_pack.EWhXT5/_new 2025-09-14 18:50:51.135798181 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://gitlab.com/nbdkit/nbdkit.git</param>
- <param
name="changesrevision">8d0fbe1d893ae0e12451481986daaa79cc5652fb</param></service></servicedata>
+ <param
name="changesrevision">aaa47f1ff93ec90133669f5721ff804fe00f1792</param></service></servicedata>
(No newline at EOF)
++++++ nbdkit-1.44.2.tar.xz -> nbdkit-1.44.3.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/.gitignore new/nbdkit-1.44.3/.gitignore
--- old/nbdkit-1.44.2/.gitignore 2025-08-02 22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/.gitignore 2025-08-23 18:53:58.000000000 +0200
@@ -141,6 +141,7 @@
/tests/functions.sh
/tests/keys.psk
/tests/make-pki.sh
+/tests/make-psk.sh
/tests/nbdkit
/tests/partition-disk
/tests/pki
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/configure.ac
new/nbdkit-1.44.3/configure.ac
--- old/nbdkit-1.44.2/configure.ac 2025-08-02 22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/configure.ac 2025-08-23 18:53:58.000000000 +0200
@@ -31,7 +31,7 @@
m4_define([NBDKIT_VERSION_MAJOR], [1])
m4_define([NBDKIT_VERSION_MINOR], [44])
-m4_define([NBDKIT_VERSION_MICRO], [2])
+m4_define([NBDKIT_VERSION_MICRO], [3])
AC_INIT([nbdkit],
NBDKIT_VERSION_MAJOR.NBDKIT_VERSION_MINOR.NBDKIT_VERSION_MICRO)
AC_CONFIG_MACRO_DIR([m4])
@@ -1722,6 +1722,8 @@
[chmod +x,-w common/protocol/generate-protostrings.sh])
AC_CONFIG_FILES([tests/make-pki.sh],
[chmod +x,-w tests/make-pki.sh])
+AC_CONFIG_FILES([tests/make-psk.sh],
+ [chmod +x,-w tests/make-psk.sh])
AC_CONFIG_FILES([Makefile
bash-completion/Makefile
common/allocators/Makefile
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/docs/nbdkit-client.pod
new/nbdkit-1.44.3/docs/nbdkit-client.pod
--- old/nbdkit-1.44.2/docs/nbdkit-client.pod 2025-08-02 22:57:32.000000000
+0200
+++ new/nbdkit-1.44.3/docs/nbdkit-client.pod 2025-08-23 18:53:58.000000000
+0200
@@ -5,15 +5,10 @@
=head1 DESCRIPTION
For NBD exports that contain filesystems there are several approaches
-to mounting them on a client machine.
+to mounting them on a physical machine.
-To ensure the nbd kernel module is loaded you may need to do:
-
- # echo nbd > /etc/modules-load.d/nbd.conf
-
-This will not take effect until you reboot, so also do:
-
- # modprobe nbd
+For virtual machines, see the section
+L</ATTACHING NBD DEVICES TO A VIRTUAL MACHINE> at the end.
=head2 Easy mounting at boot time
@@ -69,7 +64,20 @@
Other systemd services which need this mount point can depend on this
mount unit.
-=head1 LIMITATIONS
+=head1 LOADING THE LINUX KERNEL MODULE
+
+The native Linux NBD client is a kernel module called C<nbd.ko>. It
+is not always loaded on demand. To ensure it is loaded you may need
+to do:
+
+ # echo nbd > /etc/modules-load.d/nbd.conf
+
+This will not take effect until you reboot, so to load it right away
+do:
+
+ # modprobe nbd
+
+=head2 RHEL and nbd.ko
Red Hat Enterprise Linux 8 enabled the C<nbd.ko> Linux kernel module
but only for Unix domain sockets (ie. local connections). This means
@@ -81,6 +89,69 @@
kernel as an NBD client. Userspace Linux clients such as L<libnbd(3)>
tools will work.
+=head1 ATTACHING NBD DEVICES TO A VIRTUAL MACHINE
+
+Notice in these cases that the virtual machine does not use the NBD
+protocol directly. Instead, the virtual machine sees a local disk.
+Thus there is no need to enable an NBD client or kernel module inside
+the virtual machine. Behind the scenes the hypervisor (eg. Qemu)
+converts the local disk into an NBD connection.
+
+=head2 Using libvirt XML
+
+Use the L<virsh(1)> C<edit> subcommand to modify the libvirt XML of a
+virtual machine:
+
+ # virsh edit guest-name
+
+The E<lt>diskE<gt> element should be placed in the E<lt>devicesE<gt>
+section of the XML, after any other E<lt>diskE<gt> elements. For more
+information about libvirt XML see
+L<https://libvirt.org/formatdomain.html>
+
+For NBD devices served over a Unix domain socket (nbdkit I<-U> option)
+add:
+
+ <disk device="disk" type="network">
+ <source protocol="nbd">
+ <host transport="unix" socket="/path/to/unix.sock"/>
+ </source>
+ <target dev="vdb" bus="virtio"/>
+ <driver name="qemu" type="raw"/>
+ </disk>
+
+If using a TCP socket (nbdkit I<-p> option):
+
+ <disk device="disk" type="network">
+ <source protocol="nbd">
+ <host name="localhost" port="10809"/>
+ </source>
+ <target dev="vdb" bus="virtio"/>
+ <driver name="qemu" type="raw"/>
+ </disk>
+
+=head2 Using qemu directly
+
+Qemu can open NBD URIs. To get nbdkit to show the URI it is serving
+use the I<--print-uri> option.
+
+For example:
+
+ $ nbdkit -f -U - --print-uri memory 1G
+ nbd+unix://?socket=/tmp/nbdkitTV6kS8/socket
+ Shell-quoted URI: "nbd+unix://?socket=/tmp/nbdkitTV6kS8/socket"
+ Command to query the NBD endpoint:
+ nbdinfo "nbd+unix://?socket=/tmp/nbdkitTV6kS8/socket"
+
+ $ qemu-system-x86_64 [...] \
+ -drive
file="nbd+unix://?socket=/tmp/nbdkitTV6kS8/socket",format=raw,if=virtio
+
+=begin comment
+
+XXX We should document other hypervisors here ...
+
+=end comment
+
=head1 SEE ALSO
L<nbdkit(1)>,
@@ -89,7 +160,9 @@
L<nbd-client(8)>,
L<nbdtab(5)>,
L<systemd(1)>,
-L<systemd.mount(5)>.
+L<systemd.mount(5)>,
+L<virsh(1)>,
+L<https://libvirt.org/formatdomain.html>.
=head1 AUTHORS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/filters/delay/nbdkit-delay-filter.pod
new/nbdkit-1.44.3/filters/delay/nbdkit-delay-filter.pod
--- old/nbdkit-1.44.2/filters/delay/nbdkit-delay-filter.pod 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/filters/delay/nbdkit-delay-filter.pod 2025-08-23
18:53:58.000000000 +0200
@@ -61,29 +61,21 @@
=over 4
-=item B<rdelay=>DELAY
-
-=item B<delay-read=>DELAY
-
-Delay read operations by C<DELAY>.
-
-The two forms C<rdelay> and C<delay-read> work identically.
-
-=item B<delay-write=>DELAY
-
-Delay write operations by C<DELAY>.
-
-=item B<delay-zero=>DELAY
+=item B<delay-cache=>DELAY
-(nbdkit E<ge> 1.10)
+(nbdkit E<ge> 1.14)
-Delay zero operations by C<DELAY>. See also B<delay-fast-zero>.
+Delay advisory cache operations by C<DELAY>.
-=item B<delay-trim=>DELAY
+=item B<delay-close=>DELAY
-(nbdkit E<ge> 1.10)
+(nbdkit E<ge> 1.28)
-Delay trim/discard operations by C<DELAY>.
+Delay close (client disconnection) by C<DELAY>. This can also cause
+server shutdown to be delayed if clients are connected at the time.
+This only affects clients that gracefully disconnect (using
+C<NBD_CMD_DISC> / libnbd function L<nbd_shutdown(3)>). Clients that
+abruptly disconnect from the server cannot be delayed.
=item B<delay-extents=>DELAY
@@ -91,16 +83,6 @@
Delay block status (extents) operations by C<DELAY>.
-=item B<delay-cache=>DELAY
-
-(nbdkit E<ge> 1.14)
-
-Delay advisory cache operations by C<DELAY>.
-
-=item B<wdelay=>DELAY
-
-Delay write, zero and trim operations by C<DELAY>.
-
=item B<delay-fast-zero=>BOOL
(nbdkit E<ge> 1.16)
@@ -120,15 +102,36 @@
Delay open (client connection) by C<DELAY>.
-=item B<delay-close=>DELAY
+=item B<delay-read=>DELAY
-(nbdkit E<ge> 1.28)
+=item B<rdelay=>DELAY
-Delay close (client disconnection) by C<DELAY>. This can also cause
-server shutdown to be delayed if clients are connected at the time.
-This only affects clients that gracefully disconnect (using
-C<NBD_CMD_DISC> / libnbd function L<nbd_shutdown(3)>). Clients that
-abruptly disconnect from the server cannot be delayed.
+Delay read operations by C<DELAY>.
+
+The two forms C<delay-read> and C<rdelay> work identically.
+
+=item B<delay-trim=>DELAY
+
+(nbdkit E<ge> 1.10)
+
+Delay trim/discard operations by C<DELAY>.
+
+=item B<delay-write=>DELAY
+
+Delay write operations by C<DELAY>.
+
+=item B<delay-zero=>DELAY
+
+(nbdkit E<ge> 1.10)
+
+Delay zero operations by C<DELAY>. See also the C<delay-fast-zero>
+option.
+
+=item B<wdelay=>DELAY
+
+Delay write, zero and trim operations by C<DELAY>. (This is the same
+as setting C<delay-write>, C<delay-zero> and C<delay-trim> options
+together.)
=back
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/server/public.c
new/nbdkit-1.44.3/server/public.c
--- old/nbdkit-1.44.2/server/public.c 2025-08-02 22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/server/public.c 2025-08-23 18:53:58.000000000 +0200
@@ -464,8 +464,10 @@
if (rsec)
*rsec = d;
- if (rnsec)
- *rnsec = (d - *rsec) * 1000000000.;
+ if (rnsec) {
+ long m = lrint ((d - *rsec) * 1000000000.);
+ *rnsec = m;
+ }
return 0;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/Makefile.am
new/nbdkit-1.44.3/tests/Makefile.am
--- old/nbdkit-1.44.2/tests/Makefile.am 2025-08-02 22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/Makefile.am 2025-08-23 18:53:58.000000000 +0200
@@ -215,6 +215,7 @@
test-tests-requires-nbdinfo.sh \
test-tests-requires-nbdsh.sh \
test-tests-requires-run.sh \
+ test-tests-requires-tls.sh \
test-tests-set-options.sh \
$(NULL)
EXTRA_DIST += \
@@ -224,6 +225,7 @@
test-tests-requires-nbdinfo.sh \
test-tests-requires-nbdsh.sh \
test-tests-requires-run.sh \
+ test-tests-requires-tls.sh \
test-tests-set-options.sh \
$(NULL)
@@ -622,13 +624,17 @@
check_DATA += pki/.stamp
EXTRA_DIST += make-pki.sh
pki/.stamp: make-pki.sh
- ./make-pki.sh
+ rm -rf pki pki-t
+ ./make-pki.sh pki-t
+ mv pki-t pki
# PSK keys for the TLS-PSK tests.
check_DATA += keys.psk
EXTRA_DIST += make-psk.sh
-keys.psk: $(srcdir)/make-psk.sh
- SRCDIR=$(srcdir) $(srcdir)/make-psk.sh
+keys.psk: ./make-psk.sh
+ rm -f $@ $@-t
+ ./make-psk.sh $@-t
+ mv $@-t $@
# Keys are expensive to recreate so only delete them when we do
# ‘make distclean’.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/functions.sh.in
new/nbdkit-1.44.3/tests/functions.sh.in
--- old/nbdkit-1.44.2/tests/functions.sh.in 2025-08-02 22:57:32.000000000
+0200
+++ new/nbdkit-1.44.3/tests/functions.sh.in 2025-08-23 18:53:58.000000000
+0200
@@ -80,6 +80,14 @@
# rather than using $(()) calculations.
largest_qemu_disk=9223372035781033984
+# The TLS certificates directory. However this is only valid if you
+# use 'requires_tls_certificates'.
+pkidir="@abs_top_builddir@/tests/pki"
+
+# The TLS PSK keys file. However this is only valid if you use
+# 'requires_tls_psk'.
+pskfile="@abs_top_builddir@/tests/keys.psk"
+
#----------------------------------------------------------------------
# Cleanup primitives; functions to start and stop an nbdkit background
# process.
@@ -304,6 +312,38 @@
requires test "$(printf "$kver\n$min" | sort -V | head -n 1)" = "$min"
}
+# For any test using TLS.
+requires_tls ()
+{
+ # Does the nbdkit binary support TLS?
+ if ! nbdkit --dump-config | grep -sq tls=yes; then
+ echo "$0: nbdkit built without TLS support"
+ exit 77
+ fi
+}
+
+# For tests that need the TLS certificates, use this.
+# Note that $pkidir points to the certificates directory.
+requires_tls_certificates ()
+{
+ requires_tls
+ if [ ! -f "$pkidir/ca-cert.pem" ]; then
+ echo "$0: PKI files were not created by the test harness"
+ exit 77
+ fi
+}
+
+# For tests that need the TLS PSK keys file.
+# Note that $pskfile points to the file.
+requires_tls_psk ()
+{
+ requires_tls
+ if [ ! -s "$pskfile" ]; then
+ echo "$0: PSK keys file was not created by the test harness"
+ exit 77
+ fi
+}
+
# Test if nbdsh was compiled with support for URIs.
requires_nbdsh_uri ()
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/make-pki.sh.in
new/nbdkit-1.44.3/tests/make-pki.sh.in
--- old/nbdkit-1.44.2/tests/make-pki.sh.in 2025-08-02 22:57:32.000000000
+0200
+++ new/nbdkit-1.44.3/tests/make-pki.sh.in 2025-08-23 18:53:58.000000000
+0200
@@ -35,37 +35,38 @@
# This creates the PKI files for the TLS tests. However if certtool
# doesn't exist, just create an empty directory instead.
+# See also: requires_tls_certificates in functions.sh.in
-rm -rf pki pki-t
+pkidir="$1"
+test -n "$pkidir"
-mkdir pki-t
+mkdir "$pkidir"
if ! @CERTTOOL@ --help >/dev/null 2>&1; then
echo "$0: certtool not found, TLS tests will be skipped."
- touch pki-t/.stamp
- mv pki-t pki
+ touch "$pkidir"/.stamp
exit 0
fi
# Create the CA.
-@CERTTOOL@ --generate-privkey > pki-t/ca-key.pem
-chmod 0600 pki-t/ca-key.pem
+@CERTTOOL@ --generate-privkey > "$pkidir"/ca-key.pem
+chmod 0600 "$pkidir"/ca-key.pem
-cat > pki-t/ca.info <<EOF
+cat > "$pkidir"/ca.info <<EOF
cn = Test
ca
cert_signing_key
EOF
@CERTTOOL@ --generate-self-signed \
- --load-privkey pki-t/ca-key.pem \
- --template pki-t/ca.info \
- --outfile pki-t/ca-cert.pem
+ --load-privkey "$pkidir"/ca-key.pem \
+ --template "$pkidir"/ca.info \
+ --outfile "$pkidir"/ca-cert.pem
# Create the server certificate and key.
-@CERTTOOL@ --generate-privkey > pki-t/server-key.pem
-chmod 0600 pki-t/server-key.pem
+@CERTTOOL@ --generate-privkey > "$pkidir"/server-key.pem
+chmod 0600 "$pkidir"/server-key.pem
-cat > pki-t/server.info <<EOF
+cat > "$pkidir"/server.info <<EOF
organization = Test
cn = localhost
dns_name = localhost
@@ -76,17 +77,17 @@
signing_key
EOF
@CERTTOOL@ --generate-certificate \
- --load-ca-certificate pki-t/ca-cert.pem \
- --load-ca-privkey pki-t/ca-key.pem \
- --load-privkey pki-t/server-key.pem \
- --template pki-t/server.info \
- --outfile pki-t/server-cert.pem
+ --load-ca-certificate "$pkidir"/ca-cert.pem \
+ --load-ca-privkey "$pkidir"/ca-key.pem \
+ --load-privkey "$pkidir"/server-key.pem \
+ --template "$pkidir"/server.info \
+ --outfile "$pkidir"/server-cert.pem
# Create a client certificate and key.
-@CERTTOOL@ --generate-privkey > pki-t/client-key.pem
-chmod 0600 pki-t/client-key.pem
+@CERTTOOL@ --generate-privkey > "$pkidir"/client-key.pem
+chmod 0600 "$pkidir"/client-key.pem
-cat > pki-t/client.info <<EOF
+cat > "$pkidir"/client.info <<EOF
country = US
state = New York
locality = New York
@@ -97,12 +98,11 @@
signing_key
EOF
@CERTTOOL@ --generate-certificate \
- --load-ca-certificate pki-t/ca-cert.pem \
- --load-ca-privkey pki-t/ca-key.pem \
- --load-privkey pki-t/client-key.pem \
- --template pki-t/client.info \
- --outfile pki-t/client-cert.pem
+ --load-ca-certificate "$pkidir"/ca-cert.pem \
+ --load-ca-privkey "$pkidir"/ca-key.pem \
+ --load-privkey "$pkidir"/client-key.pem \
+ --template "$pkidir"/client.info \
+ --outfile "$pkidir"/client-cert.pem
# Finish off.
-touch pki-t/.stamp
-mv pki-t pki
+touch "$pkidir"/.stamp
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/make-psk.sh
new/nbdkit-1.44.3/tests/make-psk.sh
--- old/nbdkit-1.44.2/tests/make-psk.sh 2025-08-02 22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/make-psk.sh 1970-01-01 01:00:00.000000000 +0100
@@ -1,53 +0,0 @@
-#!/usr/bin/env bash
-# nbdkit
-# Copyright Red Hat
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#
-# * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# * Redistributions in binary form must reproduce the above copyright
-# notice, this list of conditions and the following disclaimer in the
-# documentation and/or other materials provided with the distribution.
-#
-# * Neither the name of Red Hat nor the names of its contributors may be
-# used to endorse or promote products derived from this software without
-# specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
-# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
-# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
-# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
-# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-# SUCH DAMAGE.
-
-set -e
-
-# This creates the PSK keys for the TLS-PSK tests. However if pkstool
-# doesn't exist, just create an empty directory instead.
-
-if [ -z "$SRCDIR" ] || [ ! -f "$SRCDIR/test-tls-psk.sh" ]; then
- echo "$0: script is being run from the wrong directory."
- echo "Don't try to run this script by hand."
- exit 1
-fi
-
-rm -f keys.psk
-
-if ! psktool --help >/dev/null 2>&1; then
- echo "$0: psktool not found, TLS-PSK tests will be skipped."
- touch keys.psk
- exit 0
-fi
-
-# Create the keys file.
-psktool -u qemu -p keys.psk
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/make-psk.sh.in
new/nbdkit-1.44.3/tests/make-psk.sh.in
--- old/nbdkit-1.44.2/tests/make-psk.sh.in 1970-01-01 01:00:00.000000000
+0100
+++ new/nbdkit-1.44.3/tests/make-psk.sh.in 2025-08-23 18:53:58.000000000
+0200
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+# nbdkit
+# @configure_input@
+# Copyright Red Hat
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# * Neither the name of Red Hat nor the names of its contributors may be
+# used to endorse or promote products derived from this software without
+# specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+set -e
+
+# This creates the PSK keys for the TLS-PSK tests. However if psktool
+# doesn't exist, create an empty file instead.
+# See also: requires_tls_psk in functions.sh.in
+
+pskfile="$1"
+test -n "$pskfile"
+
+if ! psktool --help >/dev/null 2>&1; then
+ echo "$0: psktool not found, TLS-PSK tests will be skipped."
+ touch "$pskfile"
+ exit 0
+fi
+
+# Create the keys file.
+psktool -u qemu -p "$pskfile"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-captive-tls-certificates.sh
new/nbdkit-1.44.3/tests/test-captive-tls-certificates.sh
--- old/nbdkit-1.44.2/tests/test-captive-tls-certificates.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-captive-tls-certificates.sh 2025-08-23
18:53:58.000000000 +0200
@@ -38,20 +38,7 @@
set -u
requires_run
-
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
-
-# Did we create the PKI files?
-# Probably 'certtool' is missing.
-pkidir="pki"
-if [ ! -f "$pkidir/ca-cert.pem" ]; then
- echo "$0: PKI files were not created by the test harness"
- exit 77
-fi
+requires_tls_certificates
out=test-captive-tls-certificates.out
cleanup_fn rm -f $out
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-captive-tls-psk.sh
new/nbdkit-1.44.3/tests/test-captive-tls-psk.sh
--- old/nbdkit-1.44.2/tests/test-captive-tls-psk.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-captive-tls-psk.sh 2025-08-23
18:53:58.000000000 +0200
@@ -38,27 +38,15 @@
set -u
requires_run
-
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
-
-# Did we create the PSK keys file?
-# Probably 'psktool' is missing.
-if [ ! -s keys.psk ]; then
- echo "$0: PSK keys file was not created by the test harness"
- exit 77
-fi
+requires_tls_psk
out=test-captive-tls-psk.out
cleanup_fn rm -f $out
rm -f $out
LANG=C \
-nbdkit --tls=require --tls-psk=keys.psk \
+nbdkit --tls=require --tls-psk="$pskfile" \
null \
--run 'echo OUTPUT: "$tls_psk"' > $out
cat $out
-grep "OUTPUT: keys.psk" $out
+grep "OUTPUT: .*/keys.psk" $out
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-captive-tls.sh
new/nbdkit-1.44.3/tests/test-captive-tls.sh
--- old/nbdkit-1.44.2/tests/test-captive-tls.sh 2025-08-02 22:57:32.000000000
+0200
+++ new/nbdkit-1.44.3/tests/test-captive-tls.sh 2025-08-23 18:53:58.000000000
+0200
@@ -46,20 +46,7 @@
requires_run
requires_nbdinfo
requires nbdsh -c 'exit(not h.supports_tls())'
-
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
-
-# Did we create the PKI files?
-# Probably 'certtool' is missing.
-pkidir="$PWD/pki"
-if [ ! -f "$pkidir/ca-cert.pem" ]; then
- echo "$0: PKI files were not created by the test harness"
- exit 77
-fi
+requires_tls_certificates
out=test-captive-tls.out
cleanup_fn rm -f $out
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-client-death-tls.sh
new/nbdkit-1.44.3/tests/test-client-death-tls.sh
--- old/nbdkit-1.44.2/tests/test-client-death-tls.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-client-death-tls.sh 2025-08-23
18:53:58.000000000 +0200
@@ -44,26 +44,14 @@
fi
requires nbdsh -c 'exit(not h.supports_tls())'
-
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
-
-# Did we create the PSK keys file?
-# Probably 'certtool' is missing.
-if [ ! -s keys.psk ]; then
- echo "$0: PSK keys file was not created by the test harness"
- exit 77
-fi
+requires_tls_psk
sock=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
files="client-death-tls.pid $sock"
cleanup_fn rm -f $files
# Start long-running nbdkit
-start_nbdkit -P client-death-tls.pid --tls require --tls-psk=keys.psk \
+start_nbdkit -P client-death-tls.pid --tls require --tls-psk="$pskfile" \
-U $sock memory 2M
pid=`cat client-death-tls.pid`
@@ -72,9 +60,12 @@
# Run a client that abandons several in-flight requests, each large enough
# that we should see EPIPE on one handler while other handlers are still
# waiting to send their response.
+export pskfile
nbdsh -c '
+import os
+
h.set_tls(nbd.TLS_REQUIRE)
-h.set_tls_psk_file("keys.psk")
+h.set_tls_psk_file(os.getenv("pskfile"))
h.set_tls_username("qemu")
h.connect_unix("'"$sock"'")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-disconnect-tls.sh
new/nbdkit-1.44.3/tests/test-disconnect-tls.sh
--- old/nbdkit-1.44.2/tests/test-disconnect-tls.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-disconnect-tls.sh 2025-08-23
18:53:58.000000000 +0200
@@ -44,19 +44,7 @@
fi
requires nbdsh -c 'exit(not h.supports_tls())'
-
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
-
-# Did we create the PSK keys file?
-# Probably 'certtool' is missing.
-if [ ! -s keys.psk ]; then
- echo "$0: PSK keys file was not created by the test harness"
- exit 77
-fi
+requires_tls_psk
plugin=.libs/test-disconnect-plugin.$SOEXT
requires test -f $plugin
@@ -67,7 +55,7 @@
# Start nbdkit with the disconnect plugin, which has delayed reads and
# does disconnect on write based on export name.
-start_nbdkit -P disconnect-tls.pid --tls require --tls-psk=keys.psk \
+start_nbdkit -P disconnect-tls.pid --tls require --tls-psk="$pskfile" \
-U $sock $plugin
pid=`cat disconnect-tls.pid`
@@ -75,11 +63,13 @@
# We can't use 'nbdsh -u "$uri" because of nbd_set_uri_allow_local_file.
# Empty export name does soft disconnect on write; the write and the
# pending read should still succeed, but second read attempt should fail.
+export pskfile
nbdsh -c '
import errno
+import os
h.set_tls(nbd.TLS_REQUIRE)
-h.set_tls_psk_file("keys.psk")
+h.set_tls_psk_file(os.getenv("pskfile"))
h.set_tls_username("qemu")
h.connect_unix("'"$sock"'")
@@ -112,9 +102,10 @@
# pending read should fail with lost connection.
nbdsh -c '
import errno
+import os
h.set_tls(nbd.TLS_REQUIRE)
-h.set_tls_psk_file("keys.psk")
+h.set_tls_psk_file(os.getenv("pskfile"))
h.set_tls_username("qemu")
h.set_export_name("a")
h.connect_unix("'"$sock"'")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-golang-fork-warning.sh
new/nbdkit-1.44.3/tests/test-golang-fork-warning.sh
--- old/nbdkit-1.44.2/tests/test-golang-fork-warning.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-golang-fork-warning.sh 2025-08-23
18:53:58.000000000 +0200
@@ -40,6 +40,7 @@
export LANG=C
requires_run
+requires timeout 60s true
plugin=../plugins/golang/examples/minimal/nbdkit-gominimal-plugin.so
requires test -r $plugin
@@ -50,9 +51,10 @@
rm -f $logfile
cleanup_fn rm -f $logfile
-# Using --run is sufficient to cause nbdkit to fork and trigger
-# the warning.
-nbdkit --log="$logfile" $plugin --run 'exit 0' ||:
+# Using --run is sufficient to cause nbdkit to fork and trigger the
+# warning. It's possible that golang gets so messed up after fork
+# that it hangs, which is why we need the timeout.
+timeout 360s nbdkit --log="$logfile" $plugin --run 'exit 0' ||:
# Check the log file was created.
cat $logfile
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-ip-filter-deny-list.sh
new/nbdkit-1.44.3/tests/test-ip-filter-deny-list.sh
--- old/nbdkit-1.44.2/tests/test-ip-filter-deny-list.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-ip-filter-deny-list.sh 2025-08-23
18:53:58.000000000 +0200
@@ -46,9 +46,7 @@
nbdkit -v null -D ip.rules=1 --filter=ip allow=all --run 'nbdinfo --list
"$uri"'
# Listing exports should be denied in the early filtering case.
-nbdkit -v null \
- -D ip.rules=1 --filter=ip deny=all \
- --run 'export uri; nbdsh -c -' <<'EOF'
+define script1 <<'EOF'
import os
uri = os.getenv('uri')
h = nbd.NBD()
@@ -62,10 +60,13 @@
pass
EOF
-# Same in the late filtering case.
+export script1
nbdkit -v null \
- -D ip.rules=1 --filter=ip allow=dn:123 deny=all \
- --run 'export uri; nbdsh -c -' <<'EOF'
+ -D ip.rules=1 --filter=ip deny=all \
+ --run 'export uri; nbdsh -c "$script1"'
+
+# Same in the late filtering case.
+define script2 <<'EOF'
import os
uri = os.getenv('uri')
h = nbd.NBD()
@@ -78,3 +79,8 @@
# Expect opt_list to fail.
pass
EOF
+
+export script2
+nbdkit -v null \
+ -D ip.rules=1 --filter=ip allow=dn:123 deny=all \
+ --run 'export uri; nbdsh -c "$script2"'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-ip-filter-dn.sh
new/nbdkit-1.44.3/tests/test-ip-filter-dn.sh
--- old/nbdkit-1.44.2/tests/test-ip-filter-dn.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-ip-filter-dn.sh 2025-08-23
18:53:58.000000000 +0200
@@ -39,12 +39,7 @@
requires_nbdinfo
requires_run
-
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
+requires_tls_certificates
# RHEL 8 libnbd / nbdinfo doesn't support the tls-certificates
# parameter in URIs, so connections always fail. It's hard to detect
@@ -52,14 +47,6 @@
# commit adding this feature was 847e0b9830, added in libnbd 1.9.5.
requires_libnbd_version 1.10
-# Did we create the PKI files?
-# Probably 'certtool' is missing.
-pkidir="$PWD/pki"
-if [ ! -f "$pkidir/ca-cert.pem" ]; then
- echo "$0: PKI files were not created by the test harness"
- exit 77
-fi
-
# This is expected to succeed.
nbdkit -v --tls=require --tls-certificates="$pkidir" --tls-verify-peer \
-D nbdkit.tls.session=1 \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-ip-filter-issuer-dn.sh
new/nbdkit-1.44.3/tests/test-ip-filter-issuer-dn.sh
--- old/nbdkit-1.44.2/tests/test-ip-filter-issuer-dn.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-ip-filter-issuer-dn.sh 2025-08-23
18:53:58.000000000 +0200
@@ -39,12 +39,7 @@
requires_nbdinfo
requires_run
-
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
+requires_tls_certificates
# RHEL 8 libnbd / nbdinfo doesn't support the tls-certificates
# parameter in URIs, so connections always fail. It's hard to detect
@@ -52,14 +47,6 @@
# commit adding this feature was 847e0b9830, added in libnbd 1.9.5.
requires_libnbd_version 1.10
-# Did we create the PKI files?
-# Probably 'certtool' is missing.
-pkidir="$PWD/pki"
-if [ ! -f "$pkidir/ca-cert.pem" ]; then
- echo "$0: PKI files were not created by the test harness"
- exit 77
-fi
-
# This is expected to succeed.
nbdkit -v --tls=require --tls-certificates="$pkidir" --tls-verify-peer \
-D nbdkit.tls.session=1 \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-long-name.sh
new/nbdkit-1.44.3/tests/test-long-name.sh
--- old/nbdkit-1.44.2/tests/test-long-name.sh 2025-08-02 22:57:32.000000000
+0200
+++ new/nbdkit-1.44.3/tests/test-long-name.sh 2025-08-23 18:53:58.000000000
+0200
@@ -89,8 +89,7 @@
nbd+unix:///'a$name4k'\?socket=$unixsocket' && fail=1
# Use nbdsh to provoke an extremely large NBD_OPT_SET_META_CONTEXT.
-nbdkit -e $almost4k null --run 'export exportname uri
-nbdsh -c - <<\EOF
+define script <<'EOF'
import os
long = os.environ["exportname"]
h.set_export_name(long)
@@ -102,7 +101,11 @@
h.connect_uri(os.environ["uri"])
assert h.get_size() == 0
EOF
-'
+
+export script
+nbdkit -e $almost4k null --run '
+ export exportname uri; nbdsh -c "$script"
+ '
# See also test-eval-exports.sh for NBD_OPT_LIST with long name
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-nbd-client-tls.sh
new/nbdkit-1.44.3/tests/test-nbd-client-tls.sh
--- old/nbdkit-1.44.2/tests/test-nbd-client-tls.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-nbd-client-tls.sh 2025-08-23
18:53:58.000000000 +0200
@@ -49,24 +49,12 @@
requires dd --version
requires hexdump --version
+requires_tls_certificates
+
# NBD support was added in 2.1.55! Mainly we're using this to check
# this is Linux.
requires_linux_kernel_version 2.2
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
-
-# Did we create the PKI files?
-# Probably 'certtool' is missing.
-pkidir="$PWD/pki"
-if [ ! -f "$pkidir/ca-cert.pem" ]; then
- echo "$0: PKI files were not created by the test harness"
- exit 77
-fi
-
sock=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
pid=nbd-client-tls.pid
rm -f $sock $pid
@@ -86,9 +74,9 @@
# Open a connection with nbd-client.
nbd-client -unix $sock $nbddev \
- -cacertfile $pkidir/ca-cert.pem \
- -certfile $pkidir/client-cert.pem \
- -keyfile $pkidir/client-key.pem
+ -cacertfile "$pkidir/ca-cert.pem" \
+ -certfile "$pkidir/client-cert.pem" \
+ -keyfile "$pkidir/client-key.pem"
# Check the device exists.
nbd-client -c $nbddev
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-nbd-tls-psk.sh
new/nbdkit-1.44.3/tests/test-nbd-tls-psk.sh
--- old/nbdkit-1.44.2/tests/test-nbd-tls-psk.sh 2025-08-02 22:57:32.000000000
+0200
+++ new/nbdkit-1.44.3/tests/test-nbd-tls-psk.sh 2025-08-23 18:53:58.000000000
+0200
@@ -36,12 +36,7 @@
set -u
requires qemu-img --version
-
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
+requires_tls_psk
# Does the nbd plugin support TLS?
if ! nbdkit --dump-plugin nbd | grep -sq libnbd_tls=1; then
@@ -49,13 +44,6 @@
exit 77
fi
-# Did we create the PSK keys file?
-# Probably 'psktool' is missing.
-if [ ! -s keys.psk ]; then
- echo "$0: PSK keys file was not created by the test harness"
- exit 77
-fi
-
sock1=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
sock2=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
pid1="test-nbd-tls-psk.pid1"
@@ -72,7 +60,7 @@
# read()ing on a blocking socket) if both sides are waiting for the other
# to perform gnutls_bye() before closing the socket.
start_nbdkit -P "$pid2" -U "$sock2" --tls=off nbd retry=10 \
- tls=require tls-psk=keys.psk tls-username=qemu socket="$sock1"
+ tls=require tls-psk="$pskfile" tls-username=qemu socket="$sock1"
# Run unencrypted client in background, so that retry will be required
qemu-img info --output=json -f raw "nbd+unix:///?socket=$sock2" \
@@ -82,7 +70,7 @@
# Run encrypted server
start_nbdkit -P "$pid1" -U "$sock1" \
- --tls=require --tls-psk=keys.psk -D nbdkit.tls.session=1 example1
+ --tls=require --tls-psk="$pskfile" -D nbdkit.tls.session=1 example1
wait $info_pid
cat nbd-tls-psk.out
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-nbd-tls.sh
new/nbdkit-1.44.3/tests/test-nbd-tls.sh
--- old/nbdkit-1.44.2/tests/test-nbd-tls.sh 2025-08-02 22:57:32.000000000
+0200
+++ new/nbdkit-1.44.3/tests/test-nbd-tls.sh 2025-08-23 18:53:58.000000000
+0200
@@ -36,12 +36,7 @@
set -u
requires qemu-img --version
-
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
+requires_tls_certificates
# Does the nbd plugin support TLS?
if ! nbdkit --dump-plugin nbd | grep -sq libnbd_tls=1; then
@@ -49,14 +44,6 @@
exit 77
fi
-# Did we create the PKI files?
-# Probably 'certtool' is missing.
-pkidir="$PWD/pki"
-if [ ! -f "$pkidir/ca-cert.pem" ]; then
- echo "$0: PKI files were not created by the test harness"
- exit 77
-fi
-
sock1=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
sock2=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
pid1="test-nbd-tls.pid1"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-not-linked-to-libssl.sh
new/nbdkit-1.44.3/tests/test-not-linked-to-libssl.sh
--- old/nbdkit-1.44.2/tests/test-not-linked-to-libssl.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-not-linked-to-libssl.sh 2025-08-23
18:53:58.000000000 +0200
@@ -39,10 +39,7 @@
set -u
# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
+requires_tls
# This will only work for the glibc version, but that's fine.
requires ldd --version
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-print-uri-tls.sh
new/nbdkit-1.44.3/tests/test-print-uri-tls.sh
--- old/nbdkit-1.44.2/tests/test-print-uri-tls.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-print-uri-tls.sh 2025-08-23
18:53:58.000000000 +0200
@@ -37,20 +37,7 @@
requires_plugin null
requires_run
-
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
-
-# Did we create the PKI files?
-# Probably 'certtool' is missing.
-pkidir="$PWD/pki"
-if [ ! -f "$pkidir/ca-cert.pem" ]; then
- echo "$0: PKI files were not created by the test harness"
- exit 77
-fi
+requires_tls_certificates
out="print-uri-tls.out"
rm -f $out
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-python-is-tls.sh
new/nbdkit-1.44.3/tests/test-python-is-tls.sh
--- old/nbdkit-1.44.2/tests/test-python-is-tls.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-python-is-tls.sh 2025-08-23
18:53:58.000000000 +0200
@@ -41,20 +41,13 @@
skip_if_valgrind "because Python code leaks memory"
requires_nbdinfo
requires_run
+requires_tls_certificates
requires jq --version
out="test-python-is-tls.out"
rm -f $out
cleanup_fn rm -f $out
-# Did we create the PKI files?
-# Probably 'certtool' is missing.
-pkidir="$PWD/pki"
-if [ ! -f "$pkidir/ca-cert.pem" ]; then
- echo "$0: PKI files were not created by the test harness"
- exit 77
-fi
-
# Test without TLS.
nbdkit --tls=off python $script \
--run 'nbdinfo --json --no-content "$uri"' > $out
@@ -63,7 +56,7 @@
test "$( jq -c '."TLS"' $out )" = "false"
# Test with TLS.
-nbdkit --tls=require --tls-certificates=$pkidir python $script \
+nbdkit --tls=require --tls-certificates="$pkidir" python $script \
--run 'nbdinfo --json --no-content "$uri"' > $out
cat $out
test "$( jq -c '.exports[0]."export-size"' $out )" -eq 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-tests-requires-nbdcopy.sh
new/nbdkit-1.44.3/tests/test-tests-requires-nbdcopy.sh
--- old/nbdkit-1.44.2/tests/test-tests-requires-nbdcopy.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-tests-requires-nbdcopy.sh 2025-08-23
18:53:58.000000000 +0200
@@ -37,7 +37,7 @@
#set -x
set -u
-# Try to get a list of tests written in shell script. An good
+# Try to get a list of tests written in shell script. A good
# approximation is to see which ones include 'functions.sh'.
tests="$( grep -l functions.sh $srcdir/test-*.sh )"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-tests-requires-nbdinfo.sh
new/nbdkit-1.44.3/tests/test-tests-requires-nbdinfo.sh
--- old/nbdkit-1.44.2/tests/test-tests-requires-nbdinfo.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-tests-requires-nbdinfo.sh 2025-08-23
18:53:58.000000000 +0200
@@ -37,7 +37,7 @@
#set -x
set -u
-# Try to get a list of tests written in shell script. An good
+# Try to get a list of tests written in shell script. A good
# approximation is to see which ones include 'functions.sh'.
tests="$( grep -l functions.sh $srcdir/test-*.sh )"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-tests-requires-nbdsh.sh
new/nbdkit-1.44.3/tests/test-tests-requires-nbdsh.sh
--- old/nbdkit-1.44.2/tests/test-tests-requires-nbdsh.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-tests-requires-nbdsh.sh 2025-08-23
18:53:58.000000000 +0200
@@ -41,7 +41,7 @@
#set -x
set -u
-# Try to get a list of tests written in shell script. An good
+# Try to get a list of tests written in shell script. A good
# approximation is to see which ones include 'functions.sh'.
tests="$( grep -l functions.sh $srcdir/test-*.sh )"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-tests-requires-run.sh
new/nbdkit-1.44.3/tests/test-tests-requires-run.sh
--- old/nbdkit-1.44.2/tests/test-tests-requires-run.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-tests-requires-run.sh 2025-08-23
18:53:58.000000000 +0200
@@ -37,7 +37,7 @@
#set -x
set -u
-# Try to get a list of tests written in shell script. An good
+# Try to get a list of tests written in shell script. A good
# approximation is to see which ones include 'functions.sh'.
tests="$( grep -l functions.sh $srcdir/test-*.sh )"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-tests-requires-tls.sh
new/nbdkit-1.44.3/tests/test-tests-requires-tls.sh
--- old/nbdkit-1.44.2/tests/test-tests-requires-tls.sh 1970-01-01
01:00:00.000000000 +0100
+++ new/nbdkit-1.44.3/tests/test-tests-requires-tls.sh 2025-08-23
18:53:58.000000000 +0200
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+# nbdkit
+# Copyright Red Hat
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# * Neither the name of Red Hat nor the names of its contributors may be
+# used to endorse or promote products derived from this software without
+# specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
+# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+
+# Check that tests that use --tls-certificates or --tls-psk declare
+# requires_tls_certificates or requires_tls_psk respectively.
+
+source ./functions.sh
+set -e
+#set -x
+set -u
+
+# Try to get a list of tests written in shell script. A good
+# approximation is to see which ones include 'functions.sh'.
+tests="$( grep -l functions.sh $srcdir/test-*.sh )"
+
+errors=0
+
+for t in $tests; do
+ echo checking $t ...
+
+ if grep -sq -- "--tls-certificates" $t; then
+ if ! grep -sq -- "requires_tls_certificates" $t; then
+ echo "error: $t: test uses --tls-certificates but does not declare
'requires_tls_certificates'"
+ ((errors++)) ||:
+ fi
+ else # and the negative:
+ if grep -sq -- "requires_tls_certificates" $t; then
+ echo "error: $t: test does not use --tls-certificates but declares
'requires_tls_certificates'"
+ ((errors++)) ||:
+ fi
+ fi
+
+ if grep -sq -- "--tls-psk" $t; then
+ if ! grep -sq -- "requires_tls_psk" $t; then
+ echo "error: $t: test uses --tls-psk but does not declare
'requires_tls_psk'"
+ ((errors++)) ||:
+ fi
+ else # and the negative:
+ if grep -sq -- "requires_tls_psk" $t; then
+ echo "error: $t: test does not use --tls-psk but declares
'requires_tls_psk'"
+ ((errors++)) ||:
+ fi
+ fi
+done
+
+if [ "$errors" -ge 1 ]; then exit 1; fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-tests-set-options.sh
new/nbdkit-1.44.3/tests/test-tests-set-options.sh
--- old/nbdkit-1.44.2/tests/test-tests-set-options.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-tests-set-options.sh 2025-08-23
18:53:58.000000000 +0200
@@ -45,7 +45,7 @@
#set -x
set -u
-# Try to get a list of tests written in shell script. An good
+# Try to get a list of tests written in shell script. A good
# approximation is to see which ones include 'functions.sh'.
tests="$( grep -l functions.sh $srcdir/test-*.sh )"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-tls-fallback.sh
new/nbdkit-1.44.3/tests/test-tls-fallback.sh
--- old/nbdkit-1.44.2/tests/test-tls-fallback.sh 2025-08-02
22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-tls-fallback.sh 2025-08-23
18:53:58.000000000 +0200
@@ -36,23 +36,11 @@
set -u
requires_plugin sh
+requires_tls_psk
requires nbdsh -c 'print(h.set_full_info)' -c 'exit(not h.supports_tls())'
requires dd iflag=count_bytes </dev/null
requires dd iflag=skip_bytes </dev/null
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
-
-# Did we create the PSK keys file?
-# Probably 'certtool' is missing.
-if [ ! -s keys.psk ]; then
- echo "$0: PSK keys file was not created by the test harness"
- exit 77
-fi
-
export sock=$(mktemp -u /tmp/nbdkit-test-sock.XXXXXX)
pid="tls-fallback.pid"
@@ -82,7 +70,7 @@
# Run dual-mode server
start_nbdkit -P $pid -U $sock \
- --tls=on --tls-psk=keys.psk -D nbdkit.tls.session=1 \
+ --tls=on --tls-psk="$pskfile" -D nbdkit.tls.session=1 \
--filter=tls-fallback \
sh - <<<"$plugin" tlsreadme=$'dummy\n'
@@ -113,6 +101,7 @@
'
# Encrypted client sees desired volumes
+export pskfile
nbdsh -c '
import os
@@ -127,7 +116,7 @@
h.set_opt_mode(True)
h.set_full_info(True)
h.set_tls(nbd.TLS_REQUIRE)
-h.set_tls_psk_file("keys.psk")
+h.set_tls_psk_file(os.getenv("pskfile"))
h.set_tls_username("qemu")
h.connect_unix(os.environ["sock"])
assert h.opt_list(f) == 2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-tls-psk.sh
new/nbdkit-1.44.3/tests/test-tls-psk.sh
--- old/nbdkit-1.44.2/tests/test-tls-psk.sh 2025-08-02 22:57:32.000000000
+0200
+++ new/nbdkit-1.44.3/tests/test-tls-psk.sh 2025-08-23 18:53:58.000000000
+0200
@@ -37,29 +37,18 @@
requires_run
requires_nbdinfo
-
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
-
-# Did we create the PSK keys file?
-# Probably 'psktool' is missing.
-if [ ! -s keys.psk ]; then
- echo "$0: PSK keys file was not created by the test harness"
- exit 77
-fi
+requires_tls_psk
out="tls-psk.out"
rm -f $out
cleanup_fn rm -f $out
-nbdkit --tls=require --tls-psk=keys.psk -D nbdkit.tls.session=1 \
+export pskfile
+nbdkit --tls=require --tls-psk="$pskfile" -D nbdkit.tls.session=1 \
example1 \
--run '
# Run nbdinfo against the server.
- nbdinfo "nbds+unix://qemu@/?socket=$unixsocket&tls-psk-file=keys.psk"
+ nbdinfo "nbds+unix://qemu@/?socket=$unixsocket&tls-psk-file=$pskfile"
' > $out
cat $out
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/nbdkit-1.44.2/tests/test-tls.sh
new/nbdkit-1.44.3/tests/test-tls.sh
--- old/nbdkit-1.44.2/tests/test-tls.sh 2025-08-02 22:57:32.000000000 +0200
+++ new/nbdkit-1.44.3/tests/test-tls.sh 2025-08-23 18:53:58.000000000 +0200
@@ -36,14 +36,9 @@
set -u
requires_run
+requires_tls_certificates
requires_nbdinfo
-# Does the nbdkit binary support TLS?
-if ! nbdkit --dump-config | grep -sq tls=yes; then
- echo "$0: nbdkit built without TLS support"
- exit 77
-fi
-
# RHEL 7 GnuTLS did not support --tls-verify-peer.
requires nbdkit --tls-verify-peer null --run 'exit 0'
@@ -53,19 +48,10 @@
# commit adding this feature was 847e0b9830, added in libnbd 1.9.5.
requires_libnbd_version 1.10
-# Did we create the PKI files?
-# Probably 'certtool' is missing.
-pkidir="$PWD/pki"
-if [ ! -f "$pkidir/ca-cert.pem" ]; then
- echo "$0: PKI files were not created by the test harness"
- exit 77
-fi
-
out="tls.out"
rm -f $out
cleanup_fn rm -f $out
-export pkidir
nbdkit --tls=require --tls-certificates="$pkidir" --tls-verify-peer \
-D nbdkit.tls.session=1 \
example1 \
