Fix broken tests on rawhide (#1908110)

2021-01-26 11:26:20 +01:00 · 2021-01-26 11:26:20 +01:00 · 868ffea2e1
commit 868ffea2e1
parent 2a8763ec3a
2 changed files with 180 additions and 2 deletions
--- a/gnutls-3.6.15-test-fixes.patch
+++ b/gnutls-3.6.15-test-fixes.patch
@ -0,0 +1,173 @@
+From c2e39386e5df376620264b820fde2994b12d035d Mon Sep 17 00:00:00 2001
+From: Stefan Berger <stefanb@linux.ibm.com>
+Date: Mon, 21 Dec 2020 09:36:47 -0500
+Subject: [PATCH 1/2] tests: Fix tpmtool_test due to changes in trousers
+
+Recent changes to trousers now require an ownership of root:tss for
+the tcsd config file, older ones requires tss:tss. So, start tcsd
+using trial and error with either one of these ownership configurations
+until one works.
+
+Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
+---
+ tests/tpmtool_test.sh | 37 +++++++++++++++++++++++++++----------
+ 1 file changed, 27 insertions(+), 10 deletions(-)
+
+diff --git a/tests/tpmtool_test.sh b/tests/tpmtool_test.sh
+index c6e4bc42e..137552d62 100755
+--- a/tests/tpmtool_test.sh
+++ b/tests/tpmtool_test.sh
+@@ -138,6 +138,7 @@ start_tcsd()
+ 	local tcsd_conf=$workdir/tcsd.conf
+ 	local tcsd_system_ps_file=$workdir/system_ps_file
+ 	local tcsd_pidfile=$workdir/tcsd.pid
+	local owner
+ 
+ 	start_swtpm "$workdir"
+ 	[ $? -ne 0 ] && return 1
+@@ -146,20 +147,36 @@ start_tcsd()
+ port = $TCSD_LISTEN_PORT
+ system_ps_file = $tcsd_system_ps_file
+ _EOF_
+	# older versions of trousers require tss:tss ownership of the
+	# config file, later ones root:tss
+	for owner in tss root; do
+		if [ "$owner" = "tss" ]; then
+			chmod 0600 $tcsd_conf
+		else
+			chmod 0640 $tcsd_conf
+		fi
+		chown $owner:tss $tcsd_conf
+ 
+-	chown tss:tss $tcsd_conf
+-	chmod 0600 $tcsd_conf
+		bash -c "TCSD_USE_TCP_DEVICE=1 TCSD_TCP_DEVICE_PORT=$SWTPM_SERVER_PORT tcsd -c $tcsd_conf -e -f &>/dev/null & echo \$! > $tcsd_pidfile; wait" &
+		BASH_PID=$!
+ 
+-	bash -c "TCSD_USE_TCP_DEVICE=1 TCSD_TCP_DEVICE_PORT=$SWTPM_SERVER_PORT tcsd -c $tcsd_conf -e -f &>/dev/null & echo \$! > $tcsd_pidfile; wait" &
+-	BASH_PID=$!
+		if wait_for_file $tcsd_pidfile 3; then
+			echo "Could not get TCSD's PID file"
+			return 1
+		fi
+ 
+-	if wait_for_file $tcsd_pidfile 3; then
+-		echo "Could not get TCSD's PID file"
+-		return 1
+-	fi
+		sleep 0.5
+		TCSD_PID=$(cat $tcsd_pidfile)
+		kill -0 "${TCSD_PID}"
+		if [ $? -ne 0 ]; then
+			# Try again with other owner
+			continue
+		fi
+		return 0
+	done
+ 
+-	TCSD_PID=$(cat $tcsd_pidfile)
+-	return 0
+	echo "TCSD could not be started"
+	return 1
+ }
+ 
+ stop_tcsd()
+-- 
+2.29.2
+
+
+From 40203390a48b8fa01d72c6a9739d963cf24556b8 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Mon, 28 Dec 2020 16:16:53 +0100
+Subject: [PATCH 2/2] testpkcs11: use datefudge to trick certificate expiry
+
+The certificates stored in tests/testpkcs11-certs expired on
+2020-12-13.  To avoid verification failure due to that, use datefudge
+to set custom date when calling gnutls-cli, gnutls-serv, and certtool.
+
+Based on the patch by Andreas Metzler:
+https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+---
+ tests/scripts/common.sh |  5 +++++
+ tests/testpkcs11.sh     | 12 +++++++++++-
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh
+index 6ae19fa58..69b5fd612 100644
+--- a/tests/scripts/common.sh
+++ b/tests/scripts/common.sh
+@@ -187,6 +187,11 @@ launch_bare_server() {
+ 	${SERV} $* >${LOGFILE-/dev/null} &
+ }
+ 
+launch_bare_server2() {
+	wait_for_free_port "$PORT"
+	"$@" >${LOGFILE-/dev/null} &
+}
+
+ wait_server() {
+ 	local PID=$1
+ 	trap "test -n \"${PID}\" && kill ${PID};exit 1" 1 15 2
+diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh
+index 9458af238..3d74bfea6 100755
+--- a/tests/testpkcs11.sh
+++ b/tests/testpkcs11.sh
+@@ -67,6 +67,8 @@ have_ed25519=0
+ P11TOOL="${VALGRIND} ${P11TOOL} --batch"
+ SERV="${SERV} -q"
+ 
+TESTDATE=2020-12-01
+
+ . ${srcdir}/scripts/common.sh
+ 
+ rm -f "${LOGFILE}"
+@@ -79,6 +81,8 @@ exit_error () {
+ 	exit 1
+ }
+ 
+skip_if_no_datefudge
+
+ # $1: token
+ # $2: PIN
+ # $3: filename
+@@ -523,6 +527,7 @@ write_certificate_test () {
+ 	pubkey="$5"
+ 
+ 	echo -n "* Generating client certificate... "
+	datefudge -s "$TESTDATE" \
+ 	"${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM}  --generate-certificate --load-ca-privkey "${cakey}"  --load-ca-certificate "${cacert}"  \
+ 	--template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
+ 	--load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1
+@@ -900,7 +905,9 @@ use_certificate_test () {
+ 	echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
+ 	# start server
+ 	eval "${GETPORT}"
+-	launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \
+	launch_bare_server2 datefudge -s "$TESTDATE" \
+	        $VALGRIND $SERV $DEBUG -p "$PORT" \
+		${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \
+ 		--x509keyfile="$keyfile" --x509cafile="${cafile}" \
+ 		--verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1
+ 
+@@ -908,13 +915,16 @@ use_certificate_test () {
+ 	wait_server ${PID}
+ 
+ 	# connect to server using SC
+	datefudge -s "$TESTDATE" \
+ 	${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 && \
+ 		fail ${PID} "Connection should have failed!"
+ 
+	datefudge -s "$TESTDATE" \
+ 	${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
+ 	--x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
+ 		fail ${PID} "Connection (with files) should have succeeded!"
+ 
+	datefudge -s "$TESTDATE" \
+ 	${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
+ 		--x509keyfile="${token};object=gnutls-client;object-type=private" \
+ 		--x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
+-- 
+2.29.2
+
--- a/gnutls.spec
+++ b/gnutls.spec
@ -1,9 +1,10 @@
 # This spec file has been automatically updated
 Version:	3.6.15
-Release: 3%{?dist}
+Release: 4%{?dist}
 Patch1:	gnutls-3.6.7-no-now-guile.patch
 Patch2:	gnutls-3.2.7-rpath.patch
 Patch3:	gnutls-3.6.15-gnulib-perror-tests.patch
+Patch4:	gnutls-3.6.15-test-fixes.patch
 %bcond_without dane
 %if 0%{?rhel}
 %bcond_with guile
@ -281,10 +282,14 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null
 %endif

 %changelog
+* Tue Jan 26 2021 Daiki Ueno <dueno@redhat.com> - 3.6.15-4
+- Fix broken tests on rawhide (#1908110)
+- Add BuildRequires: make (by Tom Stellard)
+
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.15-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

-* Mon Sep 28 2020 Jeff Law <law@redhat.com> - 3.6.14-8
+* Mon Sep 28 2020 Jeff Law <law@redhat.com> - 3.6.15-2
 - Re-enable LTO now that upstream GCC bugs have been fixed

 * Fri Sep  4 2020 Daiki Ueno <dueno@redhat.com> - 3.6.15-1