|
 |
7711c0 |
From f4ab0fe995c89692656af2c792a66892fcfbb862 Mon Sep 17 00:00:00 2001
|
|
|
7711c0 |
From: John Snow <jsnow@redhat.com>
|
|
|
7711c0 |
Date: Wed, 27 Mar 2019 17:23:06 +0100
|
|
|
7711c0 |
Subject: [PATCH 128/163] iotests: avoid broken pipe with certtool
|
|
|
7711c0 |
MIME-Version: 1.0
|
|
|
7711c0 |
Content-Type: text/plain; charset=UTF-8
|
|
|
7711c0 |
Content-Transfer-Encoding: 8bit
|
|
|
7711c0 |
|
|
|
7711c0 |
RH-Author: John Snow <jsnow@redhat.com>
|
|
|
7711c0 |
Message-id: <20190327172308.31077-54-jsnow@redhat.com>
|
|
|
7711c0 |
Patchwork-id: 85220
|
|
|
7711c0 |
O-Subject: [RHEL-7.7 qemu-kvm-rhev PATCH 53/55] iotests: avoid broken pipe with certtool
|
|
|
7711c0 |
Bugzilla: 1691009
|
|
|
7711c0 |
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
|
7711c0 |
RH-Acked-by: Max Reitz <mreitz@redhat.com>
|
|
|
7711c0 |
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
7711c0 |
|
|
|
7711c0 |
From: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
7711c0 |
|
|
|
7711c0 |
When we run "certtool 2>&1 | head -1" the latter command is likely to
|
|
|
7711c0 |
complete and exit before certtool has written everything it wants to
|
|
|
7711c0 |
stderr. In at least the RHEL-7 gnutls 3.3.29 this causes certtool to
|
|
|
7711c0 |
quit with broken pipe before it has finished writing the desired
|
|
|
7711c0 |
output file to disk. This causes non-deterministic failures of the
|
|
|
7711c0 |
iotest 233 because the certs are sometimes zero length files.
|
|
|
7711c0 |
If certtool fails the "head -1" means we also lose any useful error
|
|
|
7711c0 |
message it would have printed.
|
|
|
7711c0 |
|
|
|
7711c0 |
Thus this patch gets rid of the pipe and post-processes the output in a
|
|
|
7711c0 |
more flexible & reliable manner.
|
|
|
7711c0 |
|
|
|
7711c0 |
Reported-by: Thomas Huth <thuth@redhat.com>
|
|
|
7711c0 |
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
|
7711c0 |
Message-Id: <20190220145819.30969-3-berrange@redhat.com>
|
|
|
7711c0 |
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
|
7711c0 |
Signed-off-by: Eric Blake <eblake@redhat.com>
|
|
|
7711c0 |
(cherry picked from commit 3e6f45446b11ccc20b4b751f70331f03d70369b8)
|
|
|
7711c0 |
Signed-off-by: John Snow <jsnow@redhat.com>
|
|
|
7711c0 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
7711c0 |
---
|
|
|
7711c0 |
tests/qemu-iotests/common.tls | 48 ++++++++++++++++++++++++++++---------------
|
|
|
7711c0 |
1 file changed, 32 insertions(+), 16 deletions(-)
|
|
|
7711c0 |
|
|
|
7711c0 |
diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls
|
|
|
7711c0 |
index eae8178..3caf989 100644
|
|
|
7711c0 |
--- a/tests/qemu-iotests/common.tls
|
|
|
7711c0 |
+++ b/tests/qemu-iotests/common.tls
|
|
|
7711c0 |
@@ -29,6 +29,17 @@ tls_x509_cleanup()
|
|
|
7711c0 |
}
|
|
|
7711c0 |
|
|
|
7711c0 |
|
|
|
7711c0 |
+tls_certtool()
|
|
|
7711c0 |
+{
|
|
|
7711c0 |
+ certtool "$@" 1>"${tls_dir}"/certtool.log 2>&1
|
|
|
7711c0 |
+ if test "$?" = 0; then
|
|
|
7711c0 |
+ head -1 "${tls_dir}"/certtool.log
|
|
|
7711c0 |
+ else
|
|
|
7711c0 |
+ cat "${tls_dir}"/certtool.log
|
|
|
7711c0 |
+ fi
|
|
|
7711c0 |
+ rm -f "${tls_dir}"/certtool.log
|
|
|
7711c0 |
+}
|
|
|
7711c0 |
+
|
|
|
7711c0 |
tls_x509_init()
|
|
|
7711c0 |
{
|
|
|
7711c0 |
(certtool --help) >/dev/null 2>&1 || \
|
|
|
7711c0 |
@@ -71,10 +82,11 @@ ca
|
|
|
7711c0 |
cert_signing_key
|
|
|
7711c0 |
EOF
|
|
|
7711c0 |
|
|
|
7711c0 |
- certtool --generate-self-signed \
|
|
|
7711c0 |
- --load-privkey "${tls_dir}/key.pem" \
|
|
|
7711c0 |
- --template "${tls_dir}/ca.info" \
|
|
|
7711c0 |
- --outfile "${tls_dir}/$name-cert.pem" 2>&1 | head -1
|
|
|
7711c0 |
+ tls_certtool \
|
|
|
7711c0 |
+ --generate-self-signed \
|
|
|
7711c0 |
+ --load-privkey "${tls_dir}/key.pem" \
|
|
|
7711c0 |
+ --template "${tls_dir}/ca.info" \
|
|
|
7711c0 |
+ --outfile "${tls_dir}/$name-cert.pem"
|
|
|
7711c0 |
|
|
|
7711c0 |
rm -f "${tls_dir}/ca.info"
|
|
|
7711c0 |
}
|
|
|
7711c0 |
@@ -98,12 +110,14 @@ encryption_key
|
|
|
7711c0 |
signing_key
|
|
|
7711c0 |
EOF
|
|
|
7711c0 |
|
|
|
7711c0 |
- certtool --generate-certificate \
|
|
|
7711c0 |
- --load-ca-privkey "${tls_dir}/key.pem" \
|
|
|
7711c0 |
- --load-ca-certificate "${tls_dir}/$caname-cert.pem" \
|
|
|
7711c0 |
- --load-privkey "${tls_dir}/key.pem" \
|
|
|
7711c0 |
- --template "${tls_dir}/cert.info" \
|
|
|
7711c0 |
- --outfile "${tls_dir}/$name/server-cert.pem" 2>&1 | head -1
|
|
|
7711c0 |
+ tls_certtool \
|
|
|
7711c0 |
+ --generate-certificate \
|
|
|
7711c0 |
+ --load-ca-privkey "${tls_dir}/key.pem" \
|
|
|
7711c0 |
+ --load-ca-certificate "${tls_dir}/$caname-cert.pem" \
|
|
|
7711c0 |
+ --load-privkey "${tls_dir}/key.pem" \
|
|
|
7711c0 |
+ --template "${tls_dir}/cert.info" \
|
|
|
7711c0 |
+ --outfile "${tls_dir}/$name/server-cert.pem"
|
|
|
7711c0 |
+
|
|
|
7711c0 |
ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
|
|
|
7711c0 |
ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/server-key.pem"
|
|
|
7711c0 |
|
|
|
7711c0 |
@@ -127,12 +141,14 @@ encryption_key
|
|
|
7711c0 |
signing_key
|
|
|
7711c0 |
EOF
|
|
|
7711c0 |
|
|
|
7711c0 |
- certtool --generate-certificate \
|
|
|
7711c0 |
- --load-ca-privkey "${tls_dir}/key.pem" \
|
|
|
7711c0 |
- --load-ca-certificate "${tls_dir}/$caname-cert.pem" \
|
|
|
7711c0 |
- --load-privkey "${tls_dir}/key.pem" \
|
|
|
7711c0 |
- --template "${tls_dir}/cert.info" \
|
|
|
7711c0 |
- --outfile "${tls_dir}/$name/client-cert.pem" 2>&1 | head -1
|
|
|
7711c0 |
+ tls_certtool \
|
|
|
7711c0 |
+ --generate-certificate \
|
|
|
7711c0 |
+ --load-ca-privkey "${tls_dir}/key.pem" \
|
|
|
7711c0 |
+ --load-ca-certificate "${tls_dir}/$caname-cert.pem" \
|
|
|
7711c0 |
+ --load-privkey "${tls_dir}/key.pem" \
|
|
|
7711c0 |
+ --template "${tls_dir}/cert.info" \
|
|
|
7711c0 |
+ --outfile "${tls_dir}/$name/client-cert.pem"
|
|
|
7711c0 |
+
|
|
|
7711c0 |
ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
|
|
|
7711c0 |
ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/client-key.pem"
|
|
|
7711c0 |
|
|
|
7711c0 |
--
|
|
|
7711c0 |
1.8.3.1
|
|
|
7711c0 |
|