qemu-block
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-block] [PATCH] iotests: Avoid SIGPIPE death to certtool


From: Thomas Huth
Subject: Re: [Qemu-block] [PATCH] iotests: Avoid SIGPIPE death to certtool
Date: Tue, 19 Feb 2019 17:13:32 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0

On 19/02/2019 17.09, Eric Blake wrote:
> Our use of 'head -1' to log less output of certtool during
> iotest 233 could result in certtool dying early due to SIGPIPE
> if it generates enough output; if that happens, the certificate
> it was supposed to generate may be zero length, which causes
> failures such as:
> 
>   == check TLS client to plain server fails ==
>  -qemu-img: Could not open 
> 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Denied by server for 
> option 5 (starttls)
>  -server reported: TLS not configured
>  -qemu-nbd: Denied by server for option 5 (starttls)
>  -server reported: TLS not configured
>  +qemu-nbd: Unable to import client certificate 
> /tmp/qemu-iotests-quick-28354/tls/client1/client-cert.pem: Base64 unexpected 
> header error.
> 
> Fix the pipelines to consume all output.
> 
> Reported-by: Thomas Huth <address@hidden>
> Signed-off-by: Eric Blake <address@hidden>
> ---
>  tests/qemu-iotests/common.tls | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls
> index eae81789bbc..15c6e8c8425 100644
> --- a/tests/qemu-iotests/common.tls
> +++ b/tests/qemu-iotests/common.tls
> @@ -74,7 +74,7 @@ EOF
>      certtool --generate-self-signed \
>               --load-privkey "${tls_dir}/key.pem" \
>               --template "${tls_dir}/ca.info" \
> -             --outfile "${tls_dir}/$name-cert.pem" 2>&1 | head -1
> +             --outfile "${tls_dir}/$name-cert.pem" 2>&1 | sed -n 1p
> 
>      rm -f "${tls_dir}/ca.info"
>  }
> @@ -103,7 +103,7 @@ EOF
>               --load-ca-certificate "${tls_dir}/$caname-cert.pem" \
>               --load-privkey "${tls_dir}/key.pem" \
>               --template "${tls_dir}/cert.info" \
> -             --outfile "${tls_dir}/$name/server-cert.pem" 2>&1 | head -1
> +             --outfile "${tls_dir}/$name/server-cert.pem" 2>&1 | sed -n 1p
>      ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
>      ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/server-key.pem"
> 
> @@ -132,7 +132,7 @@ EOF
>               --load-ca-certificate "${tls_dir}/$caname-cert.pem" \
>               --load-privkey "${tls_dir}/key.pem" \
>               --template "${tls_dir}/cert.info" \
> -             --outfile "${tls_dir}/$name/client-cert.pem" 2>&1 | head -1
> +             --outfile "${tls_dir}/$name/client-cert.pem" 2>&1 | sed -n 1p
>      ln -s "${tls_dir}/$caname-cert.pem" "${tls_dir}/$name/ca-cert.pem"
>      ln -s "${tls_dir}/key.pem" "${tls_dir}/$name/client-key.pem"
> 

Thanks, this fixes the issue for me!

Tested-by: Thomas Huth <address@hidden>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]