scion: vmTest should fail if certs expire (#342107)

2024-09-25 17:16:46 +02:00 · 2024-09-25 17:16:46 +02:00 · 2ae5404ed9
commit 2ae5404ed9
parent 6a52e8ec7f a49a45f85e
1 changed files with 18 additions and 5 deletions
--- a/nixos/tests/scion/freestanding-deployment/default.nix
+++ b/nixos/tests/scion/freestanding-deployment/default.nix
@ -131,25 +131,35 @@ in
      addresses="42-ffaa:1:1 42-ffaa:1:2 42-ffaa:1:3 42-ffaa:1:4 42-ffaa:1:5"
      timeout=100
      wait_for_all() {
+        ret=0
        for as in "$@"
        do
          scion showpaths $as --no-probe > /dev/null
-          return 1
+          ret=$?
+          if [ "$ret" -ne "0" ]; then
+            break
+          fi
        done
-        return 0
+        return $ret
      }
      ping_all() {
+        ret=0
        for as in "$@"
        do
          scion ping "$as,127.0.0.1" -c 3
+          ret=$?
+          if [ "$ret" -ne "0" ]; then
+            break
+          fi
        done
-        return 0
+        return $ret
      }
      for i in $(seq 0 $timeout); do
-        wait_for_all $addresses && exit 0
-        ping_all $addresses && exit 0
        sleep 1
+        wait_for_all $addresses || continue
+        ping_all $addresses && exit 0
      done
+      exit 1
    '';
  in
  ''
@ -183,6 +193,9 @@ in
    # Wait for scion-control.service on all instances
    wait_for_unit("scion-control.service")

+    # Ensure cert is valid against TRC
+    succeed("scion-pki certificate verify --trc /etc/scion/certs/*.trc /etc/scion/crypto/as/*.pem >&2")
+
    # Execute pingAll command on all instances
    succeed("${pingAll} >&2")