This installs tmux and its two dependencies libevent-2.0-5 and libutempter0.
For the tnc/tnccs-20-ev-pt-tls test scenario older, apparently replaced
versions of these packages are entered to the collector.db database, so that
dummy SWID tags for these packages can be requested via SWIMA.
RC4, which was previously used for performance reasons, is not supported
anymore with newer versions of SSH (stretch still supports it, but it
requires explicit configuration on the guests when they act as clients
too - the version in Ubuntu 18.04 apparently doesn't support it anymore
at all).
AES-GCM should actually be faster (at least for larger amounts of data and
in particular with hardware acceleration).
We could make the same change for charon (actually setting it for charon
in strongswan.conf.testing would work for charon-systemd too), however,
there are dozens of test cases that currently set charondebug in
ipsec.conf.
When charon is started via service command LEAK_DETECTIVE_LOG is not set
because the command strips the environment. Since we only want the
variable to be set during the automated test runs we can't just set it
in /etc/default/charon. Instead, we do so in this wrapper when charon is
started and remove the variable again when it is stopped.
This reverts commit dee01d019ba9743b2784b417155601d10c173a66.
Thanks to 505c31870162 ("leak-detective: Try to properly free
allocations after deinitialization") this is not required anymore.
The main issue is that the ldap and curl plugins, or rather the libraries
they use, initialize GnuTLS (curl, strangely, even when it is, by its own
account, linked against OpenSSL). Some of these allocations are only freed
once the libraries are unloaded. This means that the leak detective causes
invalid frees when swanctl is terminated and libraries are unloaded after the
leak detective is already deinitialized.
We will use this to set some defaults (e.g. timeouts to make testing
negative tests quicker). We don't want these settings to show up in the
configs of the actual scenarios though.
This allows accessing the guests with `virsh console <name>`.
Using a serial console would also be possible but our kernel configs
have no serial drivers enabled, CONFIG_VIRTIO_CONSOLE is enabled though.
So to avoid having to recompile the kernels let's do it this way, only
requires rebuilding the guest images.
References #729.
Passthrough mode only works as expected when running as root. On
Debian/Ubuntu systems qemu runs as user 'libvirt-qemu' and group 'kvm'
so all shared files must be chowned to grant access from guests.
Symlinks created on the host are still problematic because the Plan 9
filesystem has no direct notion of symbolic links, see [1].
[1] - http://ericvh.github.com/9p-rfc/rfc9p2000.u.html
