Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests/lib: introduce helpers for setting up /dev/random using /dev/urandom in project prepare #4354

Merged
merged 10 commits into from Dec 11, 2017
Merged

tests/lib: introduce helpers for setting up /dev/random using /dev/urandom in project prepare #4354

merged 10 commits into from Dec 11, 2017

Conversation

bboozzoo
Copy link
Collaborator

@bboozzoo bboozzoo commented Dec 5, 2017

The hosts used for testing may run out of entropy in /dev/random, thus causing
any crypto operations to potentially block. Since we do not need a high quality
RNG source for the tests, set up /dev/random to be the same as /dev/urandom in
project prepare and restore it back to the proper state in project restore
phase.

@bboozzoo
tests/lib: introduce helpers for setting up /dev/random using /dev/ur…
5cc4c0c 
…andom in project prepare

The hosts used for testing may run out of entropy in /dev/random, thus causing
any crypto operations to potentially block. Since we do not need a high quality
RNG source for the tests, set up /dev/random to be the same as /dev/urandom in
project prepare and restore it back to the proper state in project restore
phase.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
zyga
zyga approved these changes Dec 5, 2017
View reviewed changes
Copy link
Collaborator

@zyga zyga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 with note, please check before merging

tests/lib/random.sh Outdated
mknod /dev/random c 1 9
}

restore_dev_random() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is probably not correct since some distributions don't use proper random devices. We should probably mv /dev/random /dev/random.bak or .orig and then mv them back.

In any case, this is my suggestion, LGTM

@bboozzoo
tests/lib/random: keep the original /dev/random and restore it
3e369cf 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@codecov-io
Copy link

codecov-io commented Dec 5, 2017
edited

Codecov Report

Merging #4354 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master    #4354   +/-   ##
=======================================
  Coverage   78.05%   78.05%           
=======================================
  Files         450      450           
  Lines       30899    30899           
=======================================
  Hits        24118    24118           
  Misses       4772     4772           
  Partials     2009     2009

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9544634...84cfe22. Read the comment docs.

@bboozzoo
tests/lib/prepare: do not setup rng-tools on Ubuntu & Debian
b3a41b8 
We have set up /dev/urandom device as /dev/random. No improve entropy anymore.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
zyga
zyga approved these changes Dec 7, 2017
View reviewed changes
Copy link
Collaborator

@zyga zyga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

tests/lib/prepare.sh
@@ -252,30 +252,6 @@ EOF
systemctl start snapd.socket
fi

if [[ "$SPREAD_SYSTEM" == debian-* || "$SPREAD_SYSTEM" == ubuntu-* ]]; then
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ha, much much nicer :)

tests/lib/random.sh
# keep the original /dev/random around
mv /dev/random /dev/random.orig
# same as /dev/urandom
mknod /dev/random c 1 9
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The device numbers are valid for urandom

@bboozzoo
tests/main: source mkpinentry.sh
e6158e9 
mkpinentry.sh script is using MATCH, but this is not defined when running in a
subshell.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
tests/lib/random: kill gpg-agent once /dev/random fixup is applied
cc3375b 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
tests/lib/random: use SIGKILL rather than SIGTERM when killing gpg-agent
cb61ffe 
gpg-agent stuck in blocking read from /dev/random does not react to SIGTERM, use
SIGKILL instead.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
tests/lib/random: helper for dumping debug information for errors rel…
a9a1661 
…ated to /dev/random

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
tests/main/{completion,create-key,snap-sign}: kill gpg-agent in prepare
134e578 
Avoid potential issues with gpg-agent being stuck by tests that ran previously
and make sure that we get a freshly started agent.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
Merge remote-tracking branch 'origin/master' into bboozzoo/fake-random
ad2e0c4
@bboozzoo
tests/lib/prepare-restore: run /dev/random fixups before and after ea…
84cfe22 
…ch task

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
@bboozzoo
Copy link
Collaborator Author

Well, at least it didn't timeout this time. The tasks that were getting stuck before, all passed now. What has failed is:

2017-12-11 13:35:04 Successful tasks: 1581
2017-12-11 13:35:04 Aborted tasks: 1
2017-12-11 13:35:04 Failed tasks: 1
    - linode:ubuntu-core-16-64:tests/main/interfaces-snapd-control-with-manage
2017-12-11 13:35:04 Failed task prepare: 1
    - linode:fedora-26-64:tests/main/revert-sideload
error: unsuccessful run

Looks unrelated, so I've restarted the build.

@bboozzoo
Copy link
Collaborator Author

FWIW, the travis job was filing before as the create-key/snap-sign/completion prepare were taking too long. Collected debug output suggests that the /dev/random node was not changed at all. This is either the fixup_dev_random applied in prepare was reverted (although I did not manage to track down the code where this could happen), didn't run, or project restore was run (?).

Debug log in question:

2017-12-11 11:27:34 Error executing linode:debian-9-64:tests/main/snap-sign : 
-----
+ echo 'Creating a new key without a password'
Creating a new key without a password
+ expect -f create-key.exp
spawn snap create-key

Passphrase: 

Confirm passphrase: 
<kill-timeout reached>
-----
travis_time:end:a4df1e52:start=1512990455705312850,finish=1512991654836096494,duration=1199130783644
travis_fold:end:fold-a4df1e52
.
travis_time:end:aaff80bf:start=1512991654103974079,finish=1512991655057084868,duration=953110789
travis_time:start:e3cf5337
2017-12-11 11:27:35 Restoring linode:ubuntu-16.04-32:tests/main/known-remote...
travis_fold:start:fold-d6a4eb69
travis_time:start:d6a4eb69
2017-12-11 11:27:35 Debug output for linode:debian-9-64:tests/main/snap-sign : 
-----
+ . /home/gopath/src/github.com/snapcore/snapd/tests/lib/random.sh
+ debug_random
+ sysctl kernel.random.entropy_avail
kernel.random.entropy_avail = 44
+ ls -l /dev/random /dev/urandom
crw-rw-rw- 1 root root 1, 8 Dec 11 11:06 /dev/random
crw-rw-rw- 1 root root 1, 9 Dec 11 11:06 /dev/urandom
++ pidof gpg-agent
+ pids=9700
+ for p in $pids
+ ps -q 9700
  PID TTY          TIME CMD
 9700 ?        00:00:00 gpg-agent
+ ls -l /proc/9700/fd
total 0
lr-x------ 1 root root 64 Dec 11 11:27 0 -> /dev/null
l-wx------ 1 root root 64 Dec 11 11:27 1 -> /dev/null
l-wx------ 1 root root 64 Dec 11 11:27 2 -> /dev/null
lrwx------ 1 root root 64 Dec 11 11:27 3 -> socket:[42935]
lrwx------ 1 root root 64 Dec 11 11:27 4 -> socket:[42937]
lrwx------ 1 root root 64 Dec 11 11:27 5 -> socket:[42939]
lrwx------ 1 root root 64 Dec 11 11:27 6 -> socket:[42941]
lr-x------ 1 root root 64 Dec 11 11:27 7 -> anon_inode:inotify
lrwx------ 1 root root 64 Dec 11 11:27 8 -> socket:[42946]
lr-x------ 1 root root 64 Dec 11 11:27 9 -> /dev/random
+ '[' 1 = 1 ']'
+ echo '# journal messages for snapd'

@mvo5 mvo5 merged commit 87e197c into snapcore:master Dec 11, 2017
sergiocazzolato added a commit to sergiocazzolato/snapd that referenced this pull request Feb 13, 2018
@sergiocazzolato
Removing packages that are not needed anymore to generate random data
5f7461e 
These packages are not used any more after PR
snapcore#4354
@sergiocazzolato sergiocazzolato mentioned this pull request Feb 13, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zyga zyga zyga approved these changes

@mvo5 mvo5 mvo5 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@bboozzoo @codecov-io @zyga @mvo5