This new option allows to disable leak detective to reduce the runtime
during development. Either only for the command line (swanctl, pki etc.)
or optionally also for the daemon(s).
Disabling leak detective only for the CLI tools already brings a
considerable reduction in runtime (from 48m to 38m on my dev host) as
there are many such calls in the post-test stage. Any leaks in those
tools are also a lot less of an issue than leaks in the daemon. So using
this during development should be fine as long as a full test run is done
regularly (in particular before releases). Disabling leak detective
completely further reduces the runtime (to 30m on my dev host). But that
should probably only be used for functional regression tests after
verifying new code didn't introduce new leaks.
This also fixes the service script which is used for charon-tkm since
16fcdb460afd ("charon-tkm: Don't use starter/stroke with charon-tkm anymore").
cat << EOF
Usage:
${0##*/} [-h] [-v|-t] [-i|-e] [TESTDIRS]
- --help (-h) show usage information
- --verbose (-v) show complete logs on errors (implies -t)
- --timestamps (-t) show timestamps in console.log
- --pre (-i) run pretest script only (single test only)
- --post (-e) run posttest script only (single test only)
+ --help (-h) show usage information
+ --verbose (-v) show complete logs on errors (implies -t)
+ --timestamps (-t) show timestamps in console.log
+ --pre (-i) run pretest script only (single test only)
+ --post (-e) run posttest script only (single test only)
+ --no-leaks [daemon] (-n) disable leak detective in commands (e.g. swanctl)
+ and optionally the daemon as well
TESTDIRS list of test directories (relative to testing/tests).
wildcards (*) are supported. default is to run all tests.
-e|--post)
posttest_only=YES
;;
+ -n|--no-leaks)
+ export LEAK_DETECTIVE_DISABLE=1
+ if [[ "$2" =~ d(aemon)? ]]; then
+ export LEAK_DETECTIVE_DISABLE_DAEMON=1
+ shift
+ fi
+ ;;
*)
TESTDIRS+=("$1")
;;
PrintLastLog no
UsePAM no
AcceptEnv LANG LC_*
-AcceptEnv LEAK_DETECTIVE_LOG
+AcceptEnv LEAK_DETECTIVE_*
SetEnv LEAK_DETECTIVE_IGNORE_UNKNOWN=1
Subsystem sftp /usr/lib/openssh/sftp-server
# LEAK_DETECTIVE_LOG is set for automated runs, however, `service` strips
# the environment. This wrapper is used to set the variable for the charon
# init script.
+# Similar for LEAK_DETECTIVE_DISABLE. However, we don't pass that along
+# directly, to be able to run the daemon with it while still improving the
+# performance when collecting results etc.
ORIG=/usr/sbin/service
-CONF=/etc/default/charon
+CONF=/etc/default/charon-tkm
-if [[ "$1" != "charon" ]]; then
+if [[ "$1" != "charon-tkm" ]]; then
$ORIG "$@"
fi
-if [[ "$2" == "start" && -n $LEAK_DETECTIVE_LOG ]]; then
+if [[ "$2" == "start" && -n $LEAK_DETECTIVE_DISABLE_DAEMON ]]; then
+ echo "export LEAK_DETECTIVE_DISABLE=$LEAK_DETECTIVE_DISABLE_DAEMON" >> $CONF
+elif [[ "$2" == "start" && -n $LEAK_DETECTIVE_LOG ]]; then
echo "export LEAK_DETECTIVE_LOG=$LEAK_DETECTIVE_LOG" >> $CONF
fi
if [[ "$2" == "stop" ]]; then
sed -i '/LEAK_DETECTIVE_LOG/d' $CONF 2>/dev/null
+ sed -i '/LEAK_DETECTIVE_DISABLE/d' $CONF 2>/dev/null
fi
# LEAK_DETECTIVE_LOG is set for automated runs, however, this is not passed
# to a process started via systemctl. This wrapper is used to set the variable
# for the strongswan.service unit.
+# Similar for LEAK_DETECTIVE_DISABLE. However, we don't pass that along
+# directly, to be able to run the daemon with it while still improving the
+# performance when collecting results etc.
ORIG=/bin/systemctl
CONF=/lib/systemd/system/strongswan.service
exec $ORIG "$@"
fi
-if [[ "$1" == "start" && -n $LEAK_DETECTIVE_LOG ]]; then
+if [[ "$1" == "start" && -n $LEAK_DETECTIVE_DISABLE_DAEMON ]]; then
+ sed -i "s:Type=:Environment=LEAK_DETECTIVE_DISABLE=$LEAK_DETECTIVE_DISABLE_DAEMON\nType=:" $CONF 2>/dev/null
+elif [[ "$1" == "start" && -n $LEAK_DETECTIVE_LOG ]]; then
sed -i "s:Type=:Environment=LEAK_DETECTIVE_LOG=$LEAK_DETECTIVE_LOG\nType=:" $CONF 2>/dev/null
fi
if [[ "$1" == "stop" ]]; then
sed -i '/LEAK_DETECTIVE_LOG/d' $CONF 2>/dev/null
+ sed -i '/LEAK_DETECTIVE_DISABLE/d' $CONF 2>/dev/null
fi
exit $STATUS
--- /dev/null
+#!/bin/bash
+#
+# LEAK_DETECTIVE_DISABLE might be set, however, we only want to actually use
+# it for the daemons if LEAK_DETECTIVE_DISABLE_DAEMON is set.
+
+ORIG=/usr/local/sbin/ipsec.orig
+
+if [[ "$1" == "start" && -z $LEAK_DETECTIVE_DISABLE_DAEMON ]]; then
+ unset LEAK_DETECTIVE_DISABLE
+fi
+
+$ORIG "$@"
blockdev --rereadpt $NBDEV
execute "mount $NBDPARTITION $LOOPDIR" 0
execute "mount -t proc none $LOOPDIR/proc" 0
+ execute "mv $LOOPDIR/usr/local/sbin/ipsec $LOOPDIR/usr/local/sbin/ipsec.orig" 0
execute "cp -rf $HOSTSDIR/default/* $LOOPDIR" 0
execute "cp -rf $HOSTSDIR/${host}/etc $LOOPDIR" 0
execute_chroot "ldconfig" 0
LogLevel QUIET
# debian default
SendEnv LANG LC_*
- SendEnv LEAK_DETECTIVE_LOG
+ SendEnv LEAK_DETECTIVE_*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
GSSAPIAuthentication yes
projects / thirdparty / strongswan.git / commitdiff
