Skip to content

[9.16] testcrypto.sh: run in TMPDIR if possible

Michal Nowak requested to merge mnowak/testcrypto.sh-run-in-TMPDIR-if-possible into bind-9.16

Avoid creating any temporary files in the current workdir.

Additional/changing files in the bin/tests/system directory are problematic for pytest/xdist collection phase, which assumes the list of files doesn't change between the collection phase of the main pytest thread and the subsequent collection phase of the xdist worker threads.

Since the testcrypto.sh is also called during pytest initialization through conf.sh.common (to detect feature support), this could occasionally cause a race condition when the list of files would be different for the main pytest thread and the xdist worker.

(cherry picked from commit 61330a78)

bind-9.16 and bind-9.16-sub on Alpine Linux sometimes fail like this:

rm: can't remove 'Kfoo.+013+12166.private': No such file or directory
rm: can't remove 'Kfoo.+013+13114.key': No such file or directory
rm: can't remove 'Kfoo.+013+13114.private': No such file or directory
Traceback (most recent call last):
  File "/builds/isc-private/bind9/bin/tests/system/get_algorithms.py", line 240, in <module>
    main()
  File "/builds/isc-private/bind9/bin/tests/system/get_algorithms.py", line 226, in main
    algs = filter_supported(algs)
  File "/builds/isc-private/bind9/bin/tests/system/get_algorithms.py", line 135, in filter_supported
    raise RuntimeError(
RuntimeError: no DEFAULT algorithm from "stable" set supported on this platform
Traceback (most recent call last):
  File "/builds/isc-private/bind9/bin/tests/system/get_algorithms.py", line 240, in <module>
    main()
  File "/builds/isc-private/bind9/bin/tests/system/get_algorithms.py", line 226, in main
    algs = filter_supported(algs)
  File "/builds/isc-private/bind9/bin/tests/system/get_algorithms.py", line 135, in filter_supported
    raise RuntimeError(
RuntimeError: no DEFAULT algorithm from "stable" set supported on this platform

When testcrypto.sh instances are started in parallel, a race condition where testcrypto.sh instance removes DNSSEC keys it did not create, happens.

rm -f returns a non-zero exit code on Alpine Linux when the files it wants to remove are not present anymore. rm from Busybox returns about a hundred exit codes equal to 1, but zero with coreutils:

$ for i in `seq 1 1000`; do ( touch xxx; rm -f xxx*; echo $?) & done 2>&1 | grep -c 1
112
$ for i in `seq 1 1000`; do ( touch xxx; rm -f xxx*; echo $?) & done 2>&1 | grep -c 1
0

When rm -f returns 1 in current testcrypto.sh, the script exits with an exit code 1 even if $KEYGEN supports the requested algorithm.

The following race condition happens when the rm -f Kfoo* command in the first testcrypto.sh instance expands Kfoo* to the existing files, but rm -f Kfoo* from another parallel testcrypto.sh instance removes those files sooner; the first rm -f Kfoo* therefore fails with:

rm: can't remove 'Kfoo.+013+12166.private': No such file or directory
rm: can't remove 'Kfoo.+013+13114.key': No such file or directory
rm: can't remove 'Kfoo.+013+13114.private': No such file or directory

Ensure the particular testcrypto.sh instance removes only the keys it created.

Backport of MR !7347 (merged).

Merge request reports