From f4857864705dd369b875a0efec1c776ba6951f37 Mon Sep 17 00:00:00 2001 From: yuyr Date: Fri, 17 Apr 2026 17:18:05 +0800 Subject: [PATCH] =?UTF-8?q?20260147=20=E8=BF=AD=E4=BB=A3=E4=BC=98=E5=8C=96?= =?UTF-8?q?=E5=85=A8=E9=87=8F=E6=B5=8B=E8=AF=95=E5=92=8C=E8=A6=86=E7=9B=96?= =?UTF-8?q?=E7=8E=87=E6=B5=8B=E8=AF=95=EF=BC=8C=E6=97=B6=E9=97=B4=E4=BB=8E?= =?UTF-8?q?325=E7=A7=92=E9=99=8D=E4=BD=8E=E5=88=B090+=E7=A7=92=EF=BC=8C?= =?UTF-8?q?=E8=A6=86=E7=9B=96=E7=8E=87=E7=BB=B4=E6=8C=81=E5=9C=A890%?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 35 ++++++++++++++++++++ scripts/cir/run_cir_replay_ours.sh | 8 ++--- scripts/cir/run_cir_replay_routinator.sh | 6 ++-- scripts/cir/run_cir_replay_rpki_client.sh | 6 ++-- scripts/coverage.sh | 24 +++++++++++++- src/bin/replay_bundle_record.rs | 7 ++++ tests/test_ca_path_m15.rs | 10 ++++++ tests/test_cert_path_key_usage.rs | 19 +++++++++++ tests/test_cir_delta_export_m1.rs | 7 ++++ tests/test_cir_matrix_m9.rs | 13 ++++++++ tests/test_cir_peer_replay_m8.rs | 22 ++++++++++++ tests/test_cir_sequence_m2.rs | 7 ++++ tests/test_cir_sequence_peer_replay_m4.rs | 19 +++++++++++ tests/test_cir_sequence_replay_m3.rs | 13 ++++++++ tests/test_cli_payload_delta_replay_smoke.rs | 7 ++++ tests/test_cli_payload_replay_smoke.rs | 7 ++++ tests/test_cli_run_offline_m18.rs | 7 ++++ tests/test_router_cert_m4.rs | 19 +++++++++++ 18 files changed, 225 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index c398ee1..6b8e2b3 100644 --- a/README.md +++ b/README.md @@ -26,3 +26,38 @@ cargo install cargo-llvm-cov --locked cargo llvm-cov --fail-under-lines 90 ``` +默认会复用现有插桩产物,不会先 clean。需要强制全量重编译时: + +``` +COVERAGE_FORCE_CLEAN=1 ./scripts/coverage.sh +``` + +说明: +- 默认行为适合本地重复确认覆盖率,避免每次都重编译整套插桩目标; +- 默认还会设置 `RPKI_SKIP_HEAVY_SCRIPT_REPLAY_TESTS=1`,跳过会拉起 shell replay pipeline 的重型集成测试,避免 coverage 期间额外触发 `target/release` 构建; +- 默认还会设置 `RPKI_SKIP_HEAVY_BLACKBOX_TESTS=1`,跳过更慢的 blackbox CLI / CIR record 脚本测试,进一步降低日常 coverage 成本; +- 默认还会设置 `RPKI_SKIP_HEAVY_CRYPTO_TESTS=1`,跳过需要大量 OpenSSL 生成证书/CRL 的重型密码学测试,进一步压缩日常 coverage 时长; +- 如需把这批脚本回放测试也纳入 coverage,可显式关闭该开关: + +``` +RPKI_SKIP_HEAVY_SCRIPT_REPLAY_TESTS=0 ./scripts/coverage.sh +``` + +如需连同第二批 blackbox 测试一起跑: + +``` +RPKI_SKIP_HEAVY_BLACKBOX_TESTS=0 ./scripts/coverage.sh +``` + +如需连同重型 OpenSSL 证书路径测试一起跑: + +``` +RPKI_SKIP_HEAVY_CRYPTO_TESTS=0 ./scripts/coverage.sh +``` + +- replay 脚本现在也支持通过环境变量注入现成二进制,避免找不到二进制时自动 `cargo build --release`: + - `RPKI_BIN` + - `CIR_MATERIALIZE_BIN` + - `CIR_EXTRACT_INPUTS_BIN` + - `CCR_TO_COMPARE_VIEWS_BIN` +- `COVERAGE_FORCE_CLEAN=1` 适合需要完全从零重建插桩目标时使用。 diff --git a/scripts/cir/run_cir_replay_ours.sh b/scripts/cir/run_cir_replay_ours.sh index 7720f9b..5591ef5 100755 --- a/scripts/cir/run_cir_replay_ours.sh +++ b/scripts/cir/run_cir_replay_ours.sh @@ -24,10 +24,10 @@ RAW_STORE_DB="" OUT_DIR="" REFERENCE_CCR="" KEEP_DB=0 -RPKI_BIN="$ROOT_DIR/target/release/rpki" -CIR_MATERIALIZE_BIN="$ROOT_DIR/target/release/cir_materialize" -CIR_EXTRACT_INPUTS_BIN="$ROOT_DIR/target/release/cir_extract_inputs" -CCR_TO_COMPARE_VIEWS_BIN="$ROOT_DIR/target/release/ccr_to_compare_views" +RPKI_BIN="${RPKI_BIN:-$ROOT_DIR/target/release/rpki}" +CIR_MATERIALIZE_BIN="${CIR_MATERIALIZE_BIN:-$ROOT_DIR/target/release/cir_materialize}" +CIR_EXTRACT_INPUTS_BIN="${CIR_EXTRACT_INPUTS_BIN:-$ROOT_DIR/target/release/cir_extract_inputs}" +CCR_TO_COMPARE_VIEWS_BIN="${CCR_TO_COMPARE_VIEWS_BIN:-$ROOT_DIR/target/release/ccr_to_compare_views}" REAL_RSYNC_BIN="${REAL_RSYNC_BIN:-/usr/bin/rsync}" WRAPPER="$ROOT_DIR/scripts/cir/cir-rsync-wrapper" diff --git a/scripts/cir/run_cir_replay_routinator.sh b/scripts/cir/run_cir_replay_routinator.sh index bfe5a4e..e37ad51 100755 --- a/scripts/cir/run_cir_replay_routinator.sh +++ b/scripts/cir/run_cir_replay_routinator.sh @@ -29,9 +29,9 @@ KEEP_DB=0 ROUTINATOR_ROOT="${ROUTINATOR_ROOT:-/home/yuyr/dev/rust_playground/routinator}" ROUTINATOR_BIN="${ROUTINATOR_BIN:-$ROUTINATOR_ROOT/target/debug/routinator}" REAL_RSYNC_BIN="${REAL_RSYNC_BIN:-/usr/bin/rsync}" -CIR_MATERIALIZE_BIN="$ROOT_DIR/target/release/cir_materialize" -CIR_EXTRACT_INPUTS_BIN="$ROOT_DIR/target/release/cir_extract_inputs" -CCR_TO_COMPARE_VIEWS_BIN="$ROOT_DIR/target/release/ccr_to_compare_views" +CIR_MATERIALIZE_BIN="${CIR_MATERIALIZE_BIN:-$ROOT_DIR/target/release/cir_materialize}" +CIR_EXTRACT_INPUTS_BIN="${CIR_EXTRACT_INPUTS_BIN:-$ROOT_DIR/target/release/cir_extract_inputs}" +CCR_TO_COMPARE_VIEWS_BIN="${CCR_TO_COMPARE_VIEWS_BIN:-$ROOT_DIR/target/release/ccr_to_compare_views}" WRAPPER="$ROOT_DIR/scripts/cir/cir-rsync-wrapper" JSON_TO_VAPS="$ROOT_DIR/scripts/cir/json_to_vaps_csv.py" FAKETIME_LIB="${FAKETIME_LIB:-$ROOT_DIR/target/tools/faketime_pkg/extracted/libfaketime/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1}" diff --git a/scripts/cir/run_cir_replay_rpki_client.sh b/scripts/cir/run_cir_replay_rpki_client.sh index d750642..ad19141 100755 --- a/scripts/cir/run_cir_replay_rpki_client.sh +++ b/scripts/cir/run_cir_replay_rpki_client.sh @@ -25,9 +25,9 @@ REFERENCE_CCR="" BUILD_DIR="" KEEP_DB=0 REAL_RSYNC_BIN="${REAL_RSYNC_BIN:-/usr/bin/rsync}" -CIR_MATERIALIZE_BIN="$ROOT_DIR/target/release/cir_materialize" -CIR_EXTRACT_INPUTS_BIN="$ROOT_DIR/target/release/cir_extract_inputs" -CCR_TO_COMPARE_VIEWS_BIN="$ROOT_DIR/target/release/ccr_to_compare_views" +CIR_MATERIALIZE_BIN="${CIR_MATERIALIZE_BIN:-$ROOT_DIR/target/release/cir_materialize}" +CIR_EXTRACT_INPUTS_BIN="${CIR_EXTRACT_INPUTS_BIN:-$ROOT_DIR/target/release/cir_extract_inputs}" +CCR_TO_COMPARE_VIEWS_BIN="${CCR_TO_COMPARE_VIEWS_BIN:-$ROOT_DIR/target/release/ccr_to_compare_views}" WRAPPER="$ROOT_DIR/scripts/cir/cir-rsync-wrapper" while [[ $# -gt 0 ]]; do diff --git a/scripts/coverage.sh b/scripts/coverage.sh index b24b66d..3d72229 100755 --- a/scripts/coverage.sh +++ b/scripts/coverage.sh @@ -5,6 +5,19 @@ set -euo pipefail # rustup component add llvm-tools-preview # cargo install cargo-llvm-cov --locked +# Optional: +# COVERAGE_FORCE_CLEAN=1 Force `cargo llvm-cov clean --workspace` before the run. +# Default behavior is to reuse existing llvm-cov build artifacts. +# RPKI_SKIP_HEAVY_SCRIPT_REPLAY_TESTS=1 Skip replay/matrix integration tests that +# spawn shell pipelines and can trigger separate release builds. +# coverage.sh enables this by default. +# RPKI_SKIP_HEAVY_BLACKBOX_TESTS=1 Skip slower blackbox CLI/script integration tests +# that provide low incremental coverage per wall-clock second. +# coverage.sh enables this by default. +# RPKI_SKIP_HEAVY_CRYPTO_TESTS=1 Skip slower OpenSSL-heavy certificate generation tests +# that provide low incremental coverage per wall-clock second. +# coverage.sh enables this by default. + run_out="$(mktemp)" text_out="$(mktemp)" html_out="$(mktemp)" @@ -20,7 +33,16 @@ IGNORE_REGEX='src/bin/replay_bundle_capture\.rs|src/bin/replay_bundle_capture_de # We run tests only once, then generate both CLI text + HTML reports without rerunning tests. set +e -cargo llvm-cov clean --workspace >/dev/null 2>&1 +if [ "${COVERAGE_FORCE_CLEAN:-0}" = "1" ]; then + cargo llvm-cov clean --workspace >/dev/null 2>&1 + echo "coverage mode: clean build (COVERAGE_FORCE_CLEAN=1)" +else + echo "coverage mode: reuse existing llvm-cov artifacts (default)" +fi + +export RPKI_SKIP_HEAVY_SCRIPT_REPLAY_TESTS="${RPKI_SKIP_HEAVY_SCRIPT_REPLAY_TESTS:-1}" +export RPKI_SKIP_HEAVY_BLACKBOX_TESTS="${RPKI_SKIP_HEAVY_BLACKBOX_TESTS:-1}" +export RPKI_SKIP_HEAVY_CRYPTO_TESTS="${RPKI_SKIP_HEAVY_CRYPTO_TESTS:-1}" # 1) Run tests once to collect coverage data (no report). script -q -e -c "CARGO_TERM_COLOR=always cargo llvm-cov --no-report" "$run_out" >/dev/null 2>&1 diff --git a/src/bin/replay_bundle_record.rs b/src/bin/replay_bundle_record.rs index 88d27d9..8ecd32e 100644 --- a/src/bin/replay_bundle_record.rs +++ b/src/bin/replay_bundle_record.rs @@ -670,6 +670,10 @@ mod tests { use super::*; use tempfile::tempdir; + fn skip_heavy_blackbox_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_BLACKBOX_TESTS").is_some() + } + #[test] fn parse_args_requires_required_flags() { let argv = vec![ @@ -730,6 +734,9 @@ mod tests { #[test] fn run_base_bundle_record_smoke_root_only_apnic() { + if skip_heavy_blackbox_test() { + return; + } let dir = tempdir().expect("tempdir"); let out_dir = dir.path().join("bundle"); let out = run(Args { diff --git a/tests/test_ca_path_m15.rs b/tests/test_ca_path_m15.rs index a4cd54e..20d67f9 100644 --- a/tests/test_ca_path_m15.rs +++ b/tests/test_ca_path_m15.rs @@ -11,6 +11,10 @@ fn openssl_available() -> bool { .unwrap_or(false) } +fn skip_heavy_crypto_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_CRYPTO_TESTS").is_some() +} + struct Generated { issuer_ca_der: Vec, child_ca_der: Vec, @@ -212,6 +216,9 @@ authorityKeyIdentifier = keyid:always #[test] fn validate_subordinate_ca_succeeds_for_valid_child_and_subset_resources() { + if skip_heavy_crypto_test() { + return; + } let generated = generate_chain_and_crl( "keyUsage = critical, keyCertSign, cRLSign\nsbgp-ipAddrBlock = critical, IPv4:10.0.0.0/16\nsbgp-autonomousSysNum = critical, AS:64496\n", false, @@ -238,6 +245,9 @@ fn validate_subordinate_ca_succeeds_for_valid_child_and_subset_resources() { #[test] fn validate_subordinate_ca_rejects_wrong_key_usage_bits() { + if skip_heavy_crypto_test() { + return; + } let generated = generate_chain_and_crl( "keyUsage = critical, digitalSignature\nsbgp-ipAddrBlock = critical, IPv4:10.0.0.0/16\n", false, diff --git a/tests/test_cert_path_key_usage.rs b/tests/test_cert_path_key_usage.rs index bf9e5b0..56154dd 100644 --- a/tests/test_cert_path_key_usage.rs +++ b/tests/test_cert_path_key_usage.rs @@ -12,6 +12,10 @@ fn openssl_available() -> bool { .unwrap_or(false) } +fn skip_heavy_crypto_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_CRYPTO_TESTS").is_some() +} + fn run(cmd: &mut Command) { let out = cmd.output().expect("run command"); if !out.status.success() { @@ -185,6 +189,9 @@ authorityKeyIdentifier = keyid:always #[test] fn ee_key_usage_digital_signature_only_is_accepted() { + if skip_heavy_crypto_test() { + return; + } let g = generate_issuer_ca_ee_and_crl("keyUsage = critical, digitalSignature\n"); let now = time::OffsetDateTime::now_utc(); validate_ee_cert_path( @@ -200,6 +207,9 @@ fn ee_key_usage_digital_signature_only_is_accepted() { #[test] fn ee_key_usage_missing_is_rejected() { + if skip_heavy_crypto_test() { + return; + } let g = generate_issuer_ca_ee_and_crl(""); let now = time::OffsetDateTime::now_utc(); let err = validate_ee_cert_path( @@ -216,6 +226,9 @@ fn ee_key_usage_missing_is_rejected() { #[test] fn ee_key_usage_not_critical_is_rejected() { + if skip_heavy_crypto_test() { + return; + } let g = generate_issuer_ca_ee_and_crl("keyUsage = digitalSignature\n"); let now = time::OffsetDateTime::now_utc(); let err = validate_ee_cert_path( @@ -232,6 +245,9 @@ fn ee_key_usage_not_critical_is_rejected() { #[test] fn ee_key_usage_wrong_bits_is_rejected() { + if skip_heavy_crypto_test() { + return; + } let g = generate_issuer_ca_ee_and_crl("keyUsage = critical, digitalSignature, keyEncipherment\n"); let now = time::OffsetDateTime::now_utc(); @@ -249,6 +265,9 @@ fn ee_key_usage_wrong_bits_is_rejected() { #[test] fn validate_ee_cert_path_with_prevalidated_issuer_covers_success_and_error_paths() { + if skip_heavy_crypto_test() { + return; + } use rpki::data_model::common::BigUnsigned; use rpki::data_model::crl::RpkixCrl; use rpki::data_model::rc::ResourceCertificate; diff --git a/tests/test_cir_delta_export_m1.rs b/tests/test_cir_delta_export_m1.rs index 12f43c1..635b9c8 100644 --- a/tests/test_cir_delta_export_m1.rs +++ b/tests/test_cir_delta_export_m1.rs @@ -10,8 +10,15 @@ use rpki::cir::{ CIR_VERSION_V1, CanonicalInputRepresentation, CirHashAlgorithm, CirObject, CirTal, encode_cir, }; +fn skip_heavy_blackbox_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_BLACKBOX_TESTS").is_some() +} + #[test] fn cir_full_and_delta_pair_reuses_shared_static_pool() { + if skip_heavy_blackbox_test() { + return; + } let script = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("scripts/cir/run_cir_record_full_delta.sh"); let out_dir = tempfile::tempdir().expect("tempdir"); diff --git a/tests/test_cir_matrix_m9.rs b/tests/test_cir_matrix_m9.rs index b36e243..7d3d876 100644 --- a/tests/test_cir_matrix_m9.rs +++ b/tests/test_cir_matrix_m9.rs @@ -6,6 +6,10 @@ use rpki::cir::{ materialize_cir, }; +fn skip_heavy_script_replay_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_SCRIPT_REPLAY_TESTS").is_some() +} + fn apnic_tal_path() -> PathBuf { PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/fixtures/tal/apnic-rfc7730-https.tal") } @@ -105,6 +109,9 @@ fn prepare_reference_ccr( #[test] fn cir_replay_matrix_script_matches_reference_for_all_participants() { + if skip_heavy_script_replay_test() { + return; + } if !Path::new("/usr/bin/rsync").exists() || !Path::new("/home/yuyr/dev/rust_playground/routinator/target/debug/routinator").exists() || !Path::new("/home/yuyr/dev/rpki-client-9.7/build-m5/src/rpki-client").exists() @@ -127,6 +134,12 @@ fn cir_replay_matrix_script_matches_reference_for_all_participants() { let script = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("scripts/cir/run_cir_replay_matrix.sh"); let out = Command::new(script) + .env("CIR_MATERIALIZE_BIN", env!("CARGO_BIN_EXE_cir_materialize")) + .env("CIR_EXTRACT_INPUTS_BIN", env!("CARGO_BIN_EXE_cir_extract_inputs")) + .env( + "CCR_TO_COMPARE_VIEWS_BIN", + env!("CARGO_BIN_EXE_ccr_to_compare_views"), + ) .args([ "--cir", cir_path.to_string_lossy().as_ref(), diff --git a/tests/test_cir_peer_replay_m8.rs b/tests/test_cir_peer_replay_m8.rs index ebc5a6f..7c5979b 100644 --- a/tests/test_cir_peer_replay_m8.rs +++ b/tests/test_cir_peer_replay_m8.rs @@ -6,6 +6,10 @@ use rpki::cir::{ materialize_cir, }; +fn skip_heavy_script_replay_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_SCRIPT_REPLAY_TESTS").is_some() +} + fn apnic_tal_path() -> PathBuf { PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/fixtures/tal/apnic-rfc7730-https.tal") } @@ -105,6 +109,9 @@ fn prepare_reference_ccr( #[test] fn cir_routinator_script_matches_reference_on_ta_only_cir() { + if skip_heavy_script_replay_test() { + return; + } if !Path::new("/usr/bin/rsync").exists() || !Path::new("/home/yuyr/dev/rust_playground/routinator/target/debug/routinator").exists() { @@ -125,6 +132,12 @@ fn cir_routinator_script_matches_reference_on_ta_only_cir() { let script = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("scripts/cir/run_cir_replay_routinator.sh"); let out = Command::new(script) + .env("CIR_MATERIALIZE_BIN", env!("CARGO_BIN_EXE_cir_materialize")) + .env("CIR_EXTRACT_INPUTS_BIN", env!("CARGO_BIN_EXE_cir_extract_inputs")) + .env( + "CCR_TO_COMPARE_VIEWS_BIN", + env!("CARGO_BIN_EXE_ccr_to_compare_views"), + ) .args([ "--cir", cir_path.to_string_lossy().as_ref(), @@ -152,6 +165,9 @@ fn cir_routinator_script_matches_reference_on_ta_only_cir() { #[test] fn cir_rpki_client_script_matches_reference_on_ta_only_cir() { + if skip_heavy_script_replay_test() { + return; + } if !Path::new("/usr/bin/rsync").exists() || !Path::new("/home/yuyr/dev/rpki-client-9.7/build-m5/src/rpki-client").exists() { @@ -172,6 +188,12 @@ fn cir_rpki_client_script_matches_reference_on_ta_only_cir() { let script = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("scripts/cir/run_cir_replay_rpki_client.sh"); let out = Command::new(script) + .env("CIR_MATERIALIZE_BIN", env!("CARGO_BIN_EXE_cir_materialize")) + .env("CIR_EXTRACT_INPUTS_BIN", env!("CARGO_BIN_EXE_cir_extract_inputs")) + .env( + "CCR_TO_COMPARE_VIEWS_BIN", + env!("CARGO_BIN_EXE_ccr_to_compare_views"), + ) .args([ "--cir", cir_path.to_string_lossy().as_ref(), diff --git a/tests/test_cir_sequence_m2.rs b/tests/test_cir_sequence_m2.rs index dc71689..4817cf4 100644 --- a/tests/test_cir_sequence_m2.rs +++ b/tests/test_cir_sequence_m2.rs @@ -9,8 +9,15 @@ use rpki::cir::{ CIR_VERSION_V1, CanonicalInputRepresentation, CirHashAlgorithm, CirObject, CirTal, encode_cir, }; +fn skip_heavy_blackbox_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_BLACKBOX_TESTS").is_some() +} + #[test] fn cir_offline_sequence_writes_parseable_sequence_json_and_steps() { + if skip_heavy_blackbox_test() { + return; + } let out_dir = tempfile::tempdir().expect("tempdir"); let out = out_dir.path().join("cir-sequence"); let script = PathBuf::from(env!("CARGO_MANIFEST_DIR")) diff --git a/tests/test_cir_sequence_peer_replay_m4.rs b/tests/test_cir_sequence_peer_replay_m4.rs index a39bdfa..840d72a 100644 --- a/tests/test_cir_sequence_peer_replay_m4.rs +++ b/tests/test_cir_sequence_peer_replay_m4.rs @@ -6,6 +6,10 @@ use rpki::cir::{ materialize_cir, }; +fn skip_heavy_script_replay_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_SCRIPT_REPLAY_TESTS").is_some() +} + fn apnic_tal_path() -> PathBuf { PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/fixtures/tal/apnic-rfc7730-https.tal") } @@ -161,6 +165,9 @@ fn prepare_sequence_root(td: &Path) -> PathBuf { #[test] fn peer_sequence_replay_scripts_replay_all_steps() { + if skip_heavy_script_replay_test() { + return; + } if !Path::new("/usr/bin/rsync").exists() || !Path::new("/home/yuyr/dev/rust_playground/routinator/target/debug/routinator").exists() || !Path::new("/home/yuyr/dev/rpki-client-9.7/build-m5/src/rpki-client").exists() @@ -174,6 +181,12 @@ fn peer_sequence_replay_scripts_replay_all_steps() { let routinator_script = PathBuf::from(env!("CARGO_MANIFEST_DIR")) .join("scripts/cir/run_cir_replay_sequence_routinator.sh"); let out = Command::new(routinator_script) + .env("CIR_MATERIALIZE_BIN", env!("CARGO_BIN_EXE_cir_materialize")) + .env("CIR_EXTRACT_INPUTS_BIN", env!("CARGO_BIN_EXE_cir_extract_inputs")) + .env( + "CCR_TO_COMPARE_VIEWS_BIN", + env!("CARGO_BIN_EXE_ccr_to_compare_views"), + ) .args(["--sequence-root", sequence_root.to_string_lossy().as_ref()]) .output() .expect("run routinator sequence replay"); @@ -192,6 +205,12 @@ fn peer_sequence_replay_scripts_replay_all_steps() { let rpki_client_script = PathBuf::from(env!("CARGO_MANIFEST_DIR")) .join("scripts/cir/run_cir_replay_sequence_rpki_client.sh"); let out = Command::new(rpki_client_script) + .env("CIR_MATERIALIZE_BIN", env!("CARGO_BIN_EXE_cir_materialize")) + .env("CIR_EXTRACT_INPUTS_BIN", env!("CARGO_BIN_EXE_cir_extract_inputs")) + .env( + "CCR_TO_COMPARE_VIEWS_BIN", + env!("CARGO_BIN_EXE_ccr_to_compare_views"), + ) .args([ "--sequence-root", sequence_root.to_string_lossy().as_ref(), diff --git a/tests/test_cir_sequence_replay_m3.rs b/tests/test_cir_sequence_replay_m3.rs index 5efbd84..2acc7b5 100644 --- a/tests/test_cir_sequence_replay_m3.rs +++ b/tests/test_cir_sequence_replay_m3.rs @@ -6,6 +6,10 @@ use rpki::cir::{ materialize_cir, }; +fn skip_heavy_script_replay_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_SCRIPT_REPLAY_TESTS").is_some() +} + fn apnic_tal_path() -> PathBuf { PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/fixtures/tal/apnic-rfc7730-https.tal") } @@ -106,6 +110,9 @@ fn prepare_reference_ccr( #[test] fn ours_sequence_replay_script_replays_all_steps() { + if skip_heavy_script_replay_test() { + return; + } if !Path::new("/usr/bin/rsync").exists() { return; } @@ -166,6 +173,12 @@ fn ours_sequence_replay_script_replays_all_steps() { let script = PathBuf::from(env!("CARGO_MANIFEST_DIR")) .join("scripts/cir/run_cir_replay_sequence_ours.sh"); let out = Command::new(script) + .env("CIR_MATERIALIZE_BIN", env!("CARGO_BIN_EXE_cir_materialize")) + .env("CIR_EXTRACT_INPUTS_BIN", env!("CARGO_BIN_EXE_cir_extract_inputs")) + .env( + "CCR_TO_COMPARE_VIEWS_BIN", + env!("CARGO_BIN_EXE_ccr_to_compare_views"), + ) .args([ "--sequence-root", sequence_root.to_string_lossy().as_ref(), diff --git a/tests/test_cli_payload_delta_replay_smoke.rs b/tests/test_cli_payload_delta_replay_smoke.rs index a4538af..2e947df 100644 --- a/tests/test_cli_payload_delta_replay_smoke.rs +++ b/tests/test_cli_payload_delta_replay_smoke.rs @@ -1,7 +1,14 @@ use std::process::Command; +fn skip_heavy_blackbox_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_BLACKBOX_TESTS").is_some() +} + #[test] fn cli_payload_delta_replay_rejects_wrong_base_locks() { + if skip_heavy_blackbox_test() { + return; + } let bin = env!("CARGO_BIN_EXE_rpki"); let db_dir = tempfile::tempdir().expect("db tempdir"); let out_dir = tempfile::tempdir().expect("out tempdir"); diff --git a/tests/test_cli_payload_replay_smoke.rs b/tests/test_cli_payload_replay_smoke.rs index ebbc66b..5f7bc7c 100644 --- a/tests/test_cli_payload_replay_smoke.rs +++ b/tests/test_cli_payload_replay_smoke.rs @@ -1,7 +1,14 @@ use std::process::Command; +fn skip_heavy_blackbox_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_BLACKBOX_TESTS").is_some() +} + #[test] fn cli_payload_replay_root_only_smoke_writes_report_json() { + if skip_heavy_blackbox_test() { + return; + } let bin = env!("CARGO_BIN_EXE_rpki"); let db_dir = tempfile::tempdir().expect("db tempdir"); let out_dir = tempfile::tempdir().expect("out tempdir"); diff --git a/tests/test_cli_run_offline_m18.rs b/tests/test_cli_run_offline_m18.rs index 3f10e6e..424bb9c 100644 --- a/tests/test_cli_run_offline_m18.rs +++ b/tests/test_cli_run_offline_m18.rs @@ -1,5 +1,9 @@ use std::process::Command; +fn skip_heavy_blackbox_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_BLACKBOX_TESTS").is_some() +} + #[test] fn cli_run_offline_mode_executes_and_writes_json_and_ccr() { let db_dir = tempfile::tempdir().expect("db tempdir"); @@ -134,6 +138,9 @@ fn cli_run_offline_mode_writes_cir_and_static_pool() { #[test] fn cli_run_blackbox_rsync_wrapper_mode_matches_reference_ccr_without_ta_path() { + if skip_heavy_blackbox_test() { + return; + } let real_rsync = std::path::Path::new("/usr/bin/rsync"); if !real_rsync.exists() { return; diff --git a/tests/test_router_cert_m4.rs b/tests/test_router_cert_m4.rs index 858e303..46fc3d6 100644 --- a/tests/test_router_cert_m4.rs +++ b/tests/test_router_cert_m4.rs @@ -14,6 +14,10 @@ fn openssl_available() -> bool { .unwrap_or(false) } +fn skip_heavy_crypto_test() -> bool { + std::env::var_os("RPKI_SKIP_HEAVY_CRYPTO_TESTS").is_some() +} + fn run(cmd: &mut Command) { let out = cmd.output().expect("run command"); if !out.status.success() { @@ -258,6 +262,9 @@ authorityKeyIdentifier = keyid:always #[test] fn decode_bgpsec_router_certificate_fixture_smoke() { + if skip_heavy_crypto_test() { + return; + } let g = generate_router_cert_with_variant("ec-p256", true, ""); let cert = BgpsecRouterCertificate::decode_der(&g.router_der).expect("decode router cert"); assert_eq!(cert.resource_cert.kind, ResourceCertKind::Ee); @@ -268,6 +275,9 @@ fn decode_bgpsec_router_certificate_fixture_smoke() { #[test] fn router_certificate_profile_rejects_missing_eku() { + if skip_heavy_crypto_test() { + return; + } let g = generate_router_cert_with_variant("ec-p256", false, ""); let err = BgpsecRouterCertificate::decode_der(&g.router_der).unwrap_err(); assert!( @@ -284,6 +294,9 @@ fn router_certificate_profile_rejects_missing_eku() { #[test] fn router_certificate_profile_rejects_sia_and_ip_resources_and_ranges() { + if skip_heavy_crypto_test() { + return; + } let g = generate_router_cert_with_variant( "ec-p256", true, @@ -335,6 +348,9 @@ fn router_certificate_profile_rejects_sia_and_ip_resources_and_ranges() { #[test] fn router_certificate_profile_rejects_wrong_spki_algorithm_or_curve() { + if skip_heavy_crypto_test() { + return; + } let g = generate_router_cert_with_variant("rsa", true, ""); let err = BgpsecRouterCertificate::decode_der(&g.router_der).unwrap_err(); assert!( @@ -363,6 +379,9 @@ fn router_certificate_profile_rejects_wrong_spki_algorithm_or_curve() { #[test] fn router_certificate_path_validation_accepts_valid_and_rejects_wrong_issuer() { + if skip_heavy_crypto_test() { + return; + } use rpki::data_model::common::BigUnsigned; use rpki::data_model::crl::RpkixCrl; use std::collections::HashSet;