subbarao@computer.org wrote:

Full_Name: Kartik Subbarao Version: 2.4.44 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (108.52.86.252)

A recent 2.4.44 package build failed on a VM due to the following timing dependency between the lockout and expiration tests in test022-ppolicy.

Clocks on VMs are notoriously unstable, which is why we have always used such large margins in these tests. Shaving things down to "1 second more than needed" will probably break in multiple build environments.

The problem is that the password expiration time is 30 seconds, and on slower VMs, lines 67-91 take more than 30 seconds to execute. This causes the password to expire by the time the ldapsearch command on line 93 is executed. That ldapsearch command eats up one of the grace logins that's not supposed to be consumed until line 106. This causes the grep count on line 124 to be off, failing the entire script.

A simple improvement would be to change line 91 to "sleep 10" instead of the current "sleep 20". This would buy 10 more seconds of leeway on slower VMs, while guaranteeing sufficient delay between lines 67-90 (e.g. 16 seconds, 1 second more than the 15 second lockout time) on fast VMs. A more robust improvement would be to check how much time has actually elapsed between lines 67-90 and change line 91 to only sleep until 16 total seconds have elapsed since line 67.

Another suggestion would be to change the "sleep 20" on line 104 to "sleep 15". That will shave 5 seconds off the build time for everyone, while still guaranteeing that 31 seconds (e.g. 1 second more than the 30 second expiration time) will have elapsed between lines 67-106).

A further optimization could be implemented, if desired, by revisiting the test and reducing all lockout times, expiration times, and other delays to the bare minimum necessary, which would speed up package build times across the board.