mirror of
https://github.com/rsyslog/rsyslog.git
synced 2026-06-19 22:12:56 +02:00
d128ef88a5
Why Native post-quantum TLS support should be usable and testable on newer distro baselines without adding provider-mode compatibility work for older platforms. Impact Rsyslog now has native-PQ smoke tests, clearer TLS diagnostics, updated CI baselines and helper images, and a new post-quantum tutorial for supported distros. Before/After Before: Fedora CI still targeted Fedora 41, PQ-capable TLS settings had no dedicated rsyslog tests or user-facing tutorial, and stricter clang builds could fail on warning-group handling. After: CI targets Fedora 43, native PQ usage is documented and smoke- tested, helper images include the required tools, and the branch builds and tests cleanly with the newer compiler/container combinations. Technical Overview The CI matrix now replaces the Fedora 41 lane with Fedora 43 and adds a matching Fedora 43 development image. The Debian 13 and Fedora 43 development containers now install the GnuTLS CLI utilities needed for native PQ capability checks. The OpenSSL TLS config path logs clearer messages when a command or value is unavailable on the native OpenSSL build. The GnuTLS TLS config path reports unsupported priority-string options more explicitly. Two new shell tests add native PQ smoke coverage for OpenSSL and GnuTLS using the existing gnutlsPriorityString control surface. Those tests self-skip unless the local native TLS libraries expose the required hybrid group support. The imtcp parameter docs and omfwd docs now explain the native-only PQ support policy and include example configurations. A new tutorial documents native PQ usage for OpenSSL and GnuTLS on supported newer distro versions. The shared runtime warning policy in rsyslog.h now tolerates clang handling of unknown warning groups so older and newer clang lanes remain warning-free under the existing finalize_it error-handling pattern. Testbench follow-ups harden omfwd-lb-susp with isolated retry attempts, skip rcvr_fail_restore on ARM where it is timing-flaky, and keep local SC2181 suppressions where if-exec rewrites would reduce shell-script usability. The Fedora 43 Dockerfile now cleans the dnf cache after install and locally suppresses the non-useful DL3041 package-version pinning warning. Older distro versions remain intentionally unsupported for PQ in this phase because we expect users to move to newer baselines first. If there is demand later, older-version support can be considered in a separate effort. With the help of AI-Agents: Codex
55 lines
1.2 KiB
Bash
Executable File
55 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
# added 2024-02-19 by rgerhards. Released under ASL 2.0
|
|
: "${srcdir:=.}"
|
|
|
|
max_attempts=2
|
|
attempt=1
|
|
result=1
|
|
|
|
run_attempt() {
|
|
. "$srcdir/diag.sh" init
|
|
generate_conf
|
|
export STATSFILE="$RSYSLOG_DYNNAME.stats"
|
|
add_conf '
|
|
$MainMsgQueueTimeoutShutdown 10000
|
|
|
|
template(name="outfmt" type="string" string="%msg:F,58:2%\n")
|
|
module(load="builtin:omfwd" template="outfmt")
|
|
|
|
if $msg contains "msgnum:" then {
|
|
action(type="omfwd" target=["xlocalhost", "127.0.0.1"] port="'$TCPFLOOD_PORT'" protocol="tcp")
|
|
action(type="omfile" file=`echo $RSYSLOG_OUT_LOG` template="outfmt"
|
|
action.ExecOnlyWhenPreviousIsSuspended="on")
|
|
}
|
|
'
|
|
echo Note: intentionally not started any local TCP receiver!
|
|
|
|
startup
|
|
injectmsg 0 5000
|
|
shutdown_when_empty
|
|
wait_shutdown
|
|
|
|
if [ "$1" -lt "$max_attempts" ]; then
|
|
seq_check --check-only 0 4999
|
|
else
|
|
seq_check 0 4999
|
|
fi
|
|
}
|
|
|
|
while [ "$attempt" -le "$max_attempts" ]; do
|
|
if [ "$attempt" -gt 1 ]; then
|
|
echo "Retrying omfwd-lb-susp timing-sensitive suspension check (attempt $attempt of $max_attempts)."
|
|
fi
|
|
|
|
(run_attempt "$attempt")
|
|
result=$?
|
|
if [ "$result" -eq 0 ]; then
|
|
exit 0
|
|
fi
|
|
|
|
attempt=$((attempt + 1))
|
|
done
|
|
|
|
echo "omfwd-lb-susp.sh failed after $max_attempts attempts."
|
|
exit "$result"
|