[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 5/6] tests: add iotests helpers for dealing with
From: |
Daniel P . Berrangé |
Subject: |
Re: [Qemu-devel] [PATCH 5/6] tests: add iotests helpers for dealing with TLS certificates |
Date: |
Mon, 19 Nov 2018 10:27:32 +0000 |
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Fri, Nov 16, 2018 at 10:39:03AM -0600, Eric Blake wrote:
> On 11/16/18 9:53 AM, Daniel P. Berrangé wrote:
> > Add helpers to common.tls for creating TLS certificates for a CA,
> > server and client.
>
> MUCH appreciated! We NEED this coverage, easily automated.
>
> >
> > Signed-off-by: Daniel P. Berrangé <address@hidden>
> > ---
> > tests/qemu-iotests/common.tls | 139 ++++++++++++++++++++++++++++++++++
> > 1 file changed, 139 insertions(+)
> > create mode 100644 tests/qemu-iotests/common.tls
> >
> > diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls
> > new file mode 100644
>
> I was a bit surprised that this wasn't 100755, but this matches the fact
> that none of the other common.* are executable. And after thinking more, it
> makes sense - they aren't standalone scripts, but designed to be sourced,
> and 'source' doesn't care about execute bits.
>
> > +tls_dir="${TEST_DIR}/tls"
> > +
> > +function tls_x509_cleanup()
> > +{
> > + rm -f ${tls_dir}/*.pem
> > + rm -f ${tls_dir}/*/*.pem
> > + rmdir ${tls_dir}/*
> > + rmdir ${tls_dir}
>
> Why not just:
> rm -rf $tls_dir
Yeah, I guess we could do that for simplicity
> Also, the quoting is a bit inconsistent. if ${TEST_DIR} can contain spaces,
> then all uses of ${tls_dir} need to be in "".
Hmm, yes.
> > +}
> > +
> > +
> > +function tls_x509_init()
> > +{
> > + mkdir "${tls_dir}"
>
> And this just highlights the quoting inconsistency. Should this use mkdir
> -p?
I assume $TEST_DIR would already exist, so wouldn't need -p.
> > +
> > +function tls_x509_create_root_ca()
> > +{
> > + name=$1
> > +
> > + test -z "$name" && name=ca-cert
>
> Could also be shortened as:
>
> name=${1:-ca-cert}
ok
> > +
> > + cat > ${tls_dir}/ca.info <<EOF
> > +cn = Cthulu Dark Lord Enterprises $name
>
> s/Cthulu/Cthulhu/ - after all, we don't want him coming after us just
> because we botched the spelling of his name :)
>
> > +ca
> > +cert_signing_key
> > +EOF
> > +
> > + certtool --generate-self-signed \
> > + --load-privkey ${tls_dir}/key.pem \
> > + --template ${tls_dir}/ca.info \
> > + --outfile ${tls_dir}/$name-cert.pem 2>&1 | head -1
>
> More missing ""
>
> > +
> > + rm -f ${tls_dir}/ca.info
> > +}
> > +
> > +
> > +function tls_x509_create_server()
> > +{
> > + caname=$1
> > + name=$2
> > +
> > + mkdir ${tls_dir}/$name
> > + cat > ${tls_dir}/cert.info <<EOF
> > +organization = Cthulu Dark Lord Enterprises $name
>
> Matched spelling
>
> > +function tls_x509_create_client()
> > +{
> > + caname=$1
> > + name=$2
> > +
> > + mkdir ${tls_dir}/$name
> > + cat > ${tls_dir}/cert.info <<EOF
> > +country = South Pacific
> > +locality = R'lyeh
> > +organization = Cthulu Dark Lord Enterprises $name
>
> And again
>
> Needs several touch-ups, but the idea itself is sound.
Yes will fix
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- Re: [Qemu-devel] [PATCH 7/6] iotests: Also test I/O over NBD TLS, (continued)
- Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Eric Blake, 2018/11/19
- Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Kevin Wolf, 2018/11/20
- Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Eric Blake, 2018/11/20
- Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Daniel P . Berrangé, 2018/11/20
- Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Eric Blake, 2018/11/20
- Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Kevin Wolf, 2018/11/20
- Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Daniel P . Berrangé, 2018/11/21
[Qemu-devel] [PATCH 5/6] tests: add iotests helpers for dealing with TLS certificates, Daniel P . Berrangé, 2018/11/16
Re: [Qemu-devel] [PATCH 0/6] Misc fixes to NBD, Eric Blake, 2018/11/17
Re: [Qemu-devel] [PATCH 0/6] Misc fixes to NBD, Eric Blake, 2018/11/27