Re: [Swan-dev] generating x509 certificates

| From: Antony Antony | Hugh and Paul you guys may want to install pyOpenSSL | manually on your host before this change hits mainstream. Otherwise make | check will break for you. Thanks for the heads up. For some reason it was already installed. I see you added it to

Re: [Swan-dev] generating x509 certificates

On Wed, 4 Feb 2015, Antony Antony wrote: I agree, as a small step, I just added pyOpenSSL to .ks Dockerfile and the web page. Hugh and Paul you guys may want to install pyOpenSSL manually on your host before this change hits mainstream. Otherwise make check will break for you. Will do. No

Re: [Swan-dev] generating x509 certificates

On Wed, Feb 04, 2015 at 11:02:53AM -0500, Matt Rogers wrote: > Using pyOpenSSL served to be a lot better for our need than the openssl > commands, of course, and will make it easier to cover more of the > certificate code than before. Plus I like writing python a lot more than > bash :) I agree, a

Re: [Swan-dev] generating x509 certificates

On 02/04, Andrew Cagney wrote: > Matt, > thanks for the reply, > > On 3 February 2015 at 17:27, Matt Rogers wrote: > > > Hey, sorry for the late reply here. Been away from email/irc for the > > day. In short the dist_certs.py is the WIP replacement for the > > shell script, however right now it

Re: [Swan-dev] generating x509 certificates

Matt, thanks for the reply, On 3 February 2015 at 17:27, Matt Rogers wrote: > Hey, sorry for the late reply here. Been away from email/irc for the > day. In short the dist_certs.py is the WIP replacement for the > shell script, however right now it is only tuned to x509 tests that > are not a pa

Re: [Swan-dev] generating x509 certificates

On 02/03, Andrew Cagney wrote: > Hi, > > I've hit a few problems when trying to run the tests that require > certificates. The main one is that the script dist_certs fails as > openssl (Fedora release 20 (Heisenbug) at least) doesn't like > generating the bad certificate: > > The organizationNam

Re: [Swan-dev] generating x509 certificates

[inline] On 3 February 2015 at 15:35, Paul Wouters wrote: > On Tue, 3 Feb 2015, Andrew Cagney wrote: > >> -- I had to add kvmsetup.sh by hand, i think that is a bug > > > people have different ideas of where the pool should live. Or what OS > to use inside the guest. So we provide kvmsetup.sh.sam

Re: [Swan-dev] generating x509 certificates

On Tue, 3 Feb 2015, Andrew Cagney wrote: -- I had to add kvmsetup.sh by hand, i think that is a bug people have different ideas of where the pool should live. Or what OS to use inside the guest. So we provide kvmsetup.sh.sample. -- I had to add Makefile.inc.local to add -Werror, I think that

Re: [Swan-dev] generating x509 certificates

Antony, On 3 February 2015 at 12:08, Antony Antony wrote: > well in the past it would only run after the 10th or 12th of each month or > so:) > > I have a suspicion you committed this change without a full run and comparing > the results of a known 'good' run. If this is the case, there is a c

Re: [Swan-dev] generating x509 certificates

| From: Antony Antony | I am very suspicious of this change, removing the shell script and | adding the py to every make check, in haste. In the past me and others | spend a lot of time on dist_certs and py variant without satisfactory | result. So the switch is postponed. Jumping in with my

Re: [Swan-dev] generating x509 certificates

well in the past it would only run after the 10th or 12th of each month or so:) I have a suspicion you committed this change without a full run and comparing the results of a known 'good' run. If this is the case, there is a chance others may waste time chasing this because dist_certs.* wipes th

Re: [Swan-dev] generating x509 certificates

Antony, To summarize, you're stating that there is no reproducible way to run the x509 test-suite. Be it me, you, or anyone. The conclusion I draw from that is that I shouldn't even bother running them. I'll neuter the changes. Andrew On 3 February 2015 at 11:39, Antony Antony wrote: > Andr

Re: [Swan-dev] generating x509 certificates

Andrew, I am very suspicious of this change, removing the shell script and adding the py to every make check, in haste. In the past me and others spend a lot of time on dist_certs and py variant without satisfactory result. So the switch is postponed. Check the git logs of dist_certs and the te

Re: [Swan-dev] generating x509 certificates

On 3 February 2015 at 11:02, Antony Antony wrote: > On Tue, Feb 03, 2015 at 10:25:45AM -0500, Andrew Cagney wrote: >> Does: >> - purging the shell script > > not yet please. python script hasn't proven to work for me in all cases. Since the old shell script absolutely positively doesn't work that

Re: [Swan-dev] generating x509 certificates

On Tue, Feb 03, 2015 at 10:25:45AM -0500, Andrew Cagney wrote: > Does: > - purging the shell script not yet please. python script hasn't proven to work for me in all cases. > - tweaking the "make check" so it depends on those certs and will generate > them > seem reasonable? no to me. First try

Re: [Swan-dev] generating x509 certificates

On 3 February 2015 at 10:33, Paul Wouters wrote: > On Tue, 3 Feb 2015, Andrew Cagney wrote: > >> - purging the shell script >> - tweaking the "make check" so it depends on those certs and will generate >> them >> seem reasonable? > > > Confirm that with Matt first :) Oops :-) Turned out that dist

Re: [Swan-dev] generating x509 certificates

On Tue, 3 Feb 2015, Andrew Cagney wrote: - purging the shell script - tweaking the "make check" so it depends on those certs and will generate them seem reasonable? Confirm that with Matt first :) Who wishes the code to boot/run commands on a client (in swantest) was available as a separate

Re: [Swan-dev] generating x509 certificates

Does: - purging the shell script - tweaking the "make check" so it depends on those certs and will generate them seem reasonable? Andrew Who wishes the code to boot/run commands on a client (in swantest) was available as a separate script - I could then use the test machine's version of openssl.

Re: [Swan-dev] generating x509 certificates

On Tue, 3 Feb 2015, Andrew Cagney wrote: I've hit a few problems when trying to run the tests that require certificates. The main one is that the script dist_certs fails as openssl (Fedora release 20 (Heisenbug) at least) doesn't like generating the bad certificate: The organizationName field

[Swan-dev] generating x509 certificates

Hi, I've hit a few problems when trying to run the tests that require certificates. The main one is that the script dist_certs fails as openssl (Fedora release 20 (Heisenbug) at least) doesn't like generating the bad certificate: The organizationName field needed to be the same in the CA certifi