flask-based tests: give up on CentOS7

For reasons that are not clear, OpenConnect fails to handshake a TLS connection
to Python 3.6 and Flask (from CentOS 7 EPEL), and I don't want to install
a 7-year-old distribution on a VM just to figure out why.

See https://gitlab.com/openconnect/openconnect/-/jobs/1135245618#L520 for
verification of the issue, and 9df05119a30dc3405ab56edbcab2576f46cac799
for a possibly-related issue with even older CentOS 6.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index dcae72f212831554a767790fd25412638d771fc2..785e56bff352fcd2a7bec76771f19c2e319fb5b8 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,7 +12,10 @@ CentOS7/GnuTLS:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
   script:
   - ./autogen.sh
-  - ./configure --with-java --enable-ppp-tests CFLAGS=-g
+# For reasons that are not clear, OpenConnect fails to handshake a TLS connection to Python 3.6+Flask
+# (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135245618#L520), so we disable the
+# Flask-based authentication tests.
+  - ./configure --with-java --enable-ppp-tests --disable-flask-tests CFLAGS=-g
   - make -j4
 # UTF-8 support is not available
   - make VERBOSE=1 XFAIL_TESTS="auth-nonascii" -j4 check
@@ -31,7 +34,10 @@ CentOS7/OpenSSL:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
   script:
   - ./autogen.sh
-  - ./configure --without-gnutls --with-openssl --with-java --without-openssl-version-check --enable-dtls-xfail --disable-dsa-tests --enable-ppp-tests CFLAGS=-g
+# For reasons that are not clear, OpenConnect fails to handshake a TLS connection to Python 3.6+Flask
+# (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135245618#L520), so we disable the
+# Flask-based authentication tests.
+  - ./configure --without-gnutls --with-openssl --with-java --without-openssl-version-check --enable-dtls-xfail --disable-dsa-tests --enable-ppp-tests --disable-flask-tests CFLAGS=-g
   - make -j4
 # we don't want pppd to invoke any actual connection scripts
   - mv /etc/ppp /etc/ppp.DISABLED

diff --git a/configure.ac b/configure.ac
index 9c83b2e411d461b95facf71bc72f3ead757e179b..264e3a2f0028acc9b3ee3e190a8ee0c7eac59ae5 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -648,6 +648,10 @@ AC_ARG_ENABLE([ppp-tests],
        AS_HELP_STRING([--enable-ppp-tests], [Enable PPP tests (which require socat and pppd, and must run as root)]),
        [enable_ppp_tests=yes])
 
+AC_ARG_ENABLE([flask-tests],
+       AS_HELP_STRING([--disable-flask-tests], [Disable Flask-based tests (which require Python 3.6+ and the Flask module)]),
+        [], [enable_flask_tests=yes])
+
 AM_CONDITIONAL(OPENCONNECT_GNUTLS,  [ test "$ssl_library" = "GnuTLS" ])
 AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "OpenSSL" ])
 AM_CONDITIONAL(OPENCONNECT_ESP, [ test "$esp" != "" ])
@@ -1068,7 +1072,7 @@ PKG_CHECK_MODULES([CWRAP], [uid_wrapper, socket_wrapper], have_cwrap=yes, have_c
 AM_CONDITIONAL(HAVE_CWRAP, test "x$have_cwrap" != xno)
 
 have_python36_flask=no
-if test -n "${ac_cv_path_PYTHON}"; then
+if test "$enable_flask_tests" = "yes" -a -n "${ac_cv_path_PYTHON}"; then
     AC_MSG_CHECKING([for Python 3.6+ with Flask module])
     python3 -c 'import sys; assert sys.version_info >= (3,6); import flask' 2>/dev/null
     if test $? -ne 0 ; then
@@ -1077,8 +1081,8 @@ if test -n "${ac_cv_path_PYTHON}"; then
         have_python36_flask=yes
         AC_MSG_RESULT(found)
     fi
-    AM_CONDITIONAL(HAVE_PYTHON36_FLASK, test "$have_python36_flask" = yes)
 fi
+AM_CONDITIONAL(HAVE_PYTHON36_FLASK, test "$have_python36_flask" = yes)
 
 if test "$enable_ppp_tests" = "yes"; then
     AC_PATH_PROGS(SOCAT, [socat], [], $PATH:/bin:/usr/bin)
@@ -1186,6 +1190,7 @@ SUMMARY([Unit tests], [$have_cwrap])
 SUMMARY([Net namespace tests], [$have_netns])
 SUMMARY([DSA tests], [$enable_dsa_tests])
 SUMMARY([PPP tests], [$enable_ppp_tests])
+SUMMARY([Flask tests], [$have_python36_flask])
 SUMMARY([Insecure debugging], [$insecure_debugging])
 SUMMARY([NSIS installer], [$build_nsis])