diff --git a/gnutls-3.6.15-test-fixes.patch b/gnutls-3.6.15-test-fixes.patch new file mode 100644 index 0000000..7bf84c5 --- /dev/null +++ b/gnutls-3.6.15-test-fixes.patch @@ -0,0 +1,173 @@ +From c2e39386e5df376620264b820fde2994b12d035d Mon Sep 17 00:00:00 2001 +From: Stefan Berger +Date: Mon, 21 Dec 2020 09:36:47 -0500 +Subject: [PATCH 1/2] tests: Fix tpmtool_test due to changes in trousers + +Recent changes to trousers now require an ownership of root:tss for +the tcsd config file, older ones requires tss:tss. So, start tcsd +using trial and error with either one of these ownership configurations +until one works. + +Signed-off-by: Stefan Berger +--- + tests/tpmtool_test.sh | 37 +++++++++++++++++++++++++++---------- + 1 file changed, 27 insertions(+), 10 deletions(-) + +diff --git a/tests/tpmtool_test.sh b/tests/tpmtool_test.sh +index c6e4bc42e..137552d62 100755 +--- a/tests/tpmtool_test.sh ++++ b/tests/tpmtool_test.sh +@@ -138,6 +138,7 @@ start_tcsd() + local tcsd_conf=$workdir/tcsd.conf + local tcsd_system_ps_file=$workdir/system_ps_file + local tcsd_pidfile=$workdir/tcsd.pid ++ local owner + + start_swtpm "$workdir" + [ $? -ne 0 ] && return 1 +@@ -146,20 +147,36 @@ start_tcsd() + port = $TCSD_LISTEN_PORT + system_ps_file = $tcsd_system_ps_file + _EOF_ ++ # older versions of trousers require tss:tss ownership of the ++ # config file, later ones root:tss ++ for owner in tss root; do ++ if [ "$owner" = "tss" ]; then ++ chmod 0600 $tcsd_conf ++ else ++ chmod 0640 $tcsd_conf ++ fi ++ chown $owner:tss $tcsd_conf + +- chown tss:tss $tcsd_conf +- chmod 0600 $tcsd_conf ++ bash -c "TCSD_USE_TCP_DEVICE=1 TCSD_TCP_DEVICE_PORT=$SWTPM_SERVER_PORT tcsd -c $tcsd_conf -e -f &>/dev/null & echo \$! > $tcsd_pidfile; wait" & ++ BASH_PID=$! + +- bash -c "TCSD_USE_TCP_DEVICE=1 TCSD_TCP_DEVICE_PORT=$SWTPM_SERVER_PORT tcsd -c $tcsd_conf -e -f &>/dev/null & echo \$! > $tcsd_pidfile; wait" & +- BASH_PID=$! ++ if wait_for_file $tcsd_pidfile 3; then ++ echo "Could not get TCSD's PID file" ++ return 1 ++ fi + +- if wait_for_file $tcsd_pidfile 3; then +- echo "Could not get TCSD's PID file" +- return 1 +- fi ++ sleep 0.5 ++ TCSD_PID=$(cat $tcsd_pidfile) ++ kill -0 "${TCSD_PID}" ++ if [ $? -ne 0 ]; then ++ # Try again with other owner ++ continue ++ fi ++ return 0 ++ done + +- TCSD_PID=$(cat $tcsd_pidfile) +- return 0 ++ echo "TCSD could not be started" ++ return 1 + } + + stop_tcsd() +-- +2.29.2 + + +From 40203390a48b8fa01d72c6a9739d963cf24556b8 Mon Sep 17 00:00:00 2001 +From: Daiki Ueno +Date: Mon, 28 Dec 2020 16:16:53 +0100 +Subject: [PATCH 2/2] testpkcs11: use datefudge to trick certificate expiry + +The certificates stored in tests/testpkcs11-certs expired on +2020-12-13. To avoid verification failure due to that, use datefudge +to set custom date when calling gnutls-cli, gnutls-serv, and certtool. + +Based on the patch by Andreas Metzler: +https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121 + +Signed-off-by: Daiki Ueno +--- + tests/scripts/common.sh | 5 +++++ + tests/testpkcs11.sh | 12 +++++++++++- + 2 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/tests/scripts/common.sh b/tests/scripts/common.sh +index 6ae19fa58..69b5fd612 100644 +--- a/tests/scripts/common.sh ++++ b/tests/scripts/common.sh +@@ -187,6 +187,11 @@ launch_bare_server() { + ${SERV} $* >${LOGFILE-/dev/null} & + } + ++launch_bare_server2() { ++ wait_for_free_port "$PORT" ++ "$@" >${LOGFILE-/dev/null} & ++} ++ + wait_server() { + local PID=$1 + trap "test -n \"${PID}\" && kill ${PID};exit 1" 1 15 2 +diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh +index 9458af238..3d74bfea6 100755 +--- a/tests/testpkcs11.sh ++++ b/tests/testpkcs11.sh +@@ -67,6 +67,8 @@ have_ed25519=0 + P11TOOL="${VALGRIND} ${P11TOOL} --batch" + SERV="${SERV} -q" + ++TESTDATE=2020-12-01 ++ + . ${srcdir}/scripts/common.sh + + rm -f "${LOGFILE}" +@@ -79,6 +81,8 @@ exit_error () { + exit 1 + } + ++skip_if_no_datefudge ++ + # $1: token + # $2: PIN + # $3: filename +@@ -523,6 +527,7 @@ write_certificate_test () { + pubkey="$5" + + echo -n "* Generating client certificate... " ++ datefudge -s "$TESTDATE" \ + "${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \ + --template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \ + --load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1 +@@ -900,7 +905,9 @@ use_certificate_test () { + echo -n "* Using PKCS #11 with gnutls-cli (${txt})... " + # start server + eval "${GETPORT}" +- launch_pkcs11_server $$ "${ADDITIONAL_PARAM}" --echo --priority NORMAL --x509certfile="${certfile}" \ ++ launch_bare_server2 datefudge -s "$TESTDATE" \ ++ $VALGRIND $SERV $DEBUG -p "$PORT" \ ++ ${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \ + --x509keyfile="$keyfile" --x509cafile="${cafile}" \ + --verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1 + +@@ -908,13 +915,16 @@ use_certificate_test () { + wait_server ${PID} + + # connect to server using SC ++ datefudge -s "$TESTDATE" \ + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" >"${LOGFILE}" 2>&1 && \ + fail ${PID} "Connection should have failed!" + ++ datefudge -s "$TESTDATE" \ + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \ + --x509keyfile="$keyfile" --x509cafile="${cafile}" >"${LOGFILE}" 2>&1 || \ + fail ${PID} "Connection (with files) should have succeeded!" + ++ datefudge -s "$TESTDATE" \ + ${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \ + --x509keyfile="${token};object=gnutls-client;object-type=private" \ + --x509cafile="${cafile}" >"${LOGFILE}" 2>&1 || \ +-- +2.29.2 + diff --git a/gnutls.spec b/gnutls.spec index 87a2dec..e2bf429 100644 --- a/gnutls.spec +++ b/gnutls.spec @@ -1,9 +1,10 @@ # This spec file has been automatically updated Version: 3.6.15 -Release: 3%{?dist} +Release: 4%{?dist} Patch1: gnutls-3.6.7-no-now-guile.patch Patch2: gnutls-3.2.7-rpath.patch Patch3: gnutls-3.6.15-gnulib-perror-tests.patch +Patch4: gnutls-3.6.15-test-fixes.patch %bcond_without dane %if 0%{?rhel} %bcond_with guile @@ -281,10 +282,14 @@ make check %{?_smp_mflags} GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null %endif %changelog +* Tue Jan 26 2021 Daiki Ueno - 3.6.15-4 +- Fix broken tests on rawhide (#1908110) +- Add BuildRequires: make (by Tom Stellard) + * Tue Jan 26 2021 Fedora Release Engineering - 3.6.15-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -* Mon Sep 28 2020 Jeff Law - 3.6.14-8 +* Mon Sep 28 2020 Jeff Law - 3.6.15-2 - Re-enable LTO now that upstream GCC bugs have been fixed * Fri Sep 4 2020 Daiki Ueno - 3.6.15-1