4cec910829
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/gnutls.git#70bde1a03dde2a0335db58f9c2ce45b66f283967
196 lines
6.4 KiB
Diff
196 lines
6.4 KiB
Diff
From c815f725448af8d023818a968e1296946ceb0f1c Mon Sep 17 00:00:00 2001
|
|
From: Stefan Berger <stefanb@linux.ibm.com>
|
|
Date: Mon, 21 Dec 2020 09:36:47 -0500
|
|
Subject: [PATCH 1/2] tests: Fix tpmtool_test due to changes in trousers
|
|
|
|
Recent changes to trousers now require an ownership of root:tss for
|
|
the tcsd config file, older ones requires tss:tss. So, start tcsd
|
|
using trial and error with either one of these ownership configurations
|
|
until one works.
|
|
|
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
---
|
|
tests/tpmtool_test.sh | 37 +++++++++++++++++++++++++++----------
|
|
1 file changed, 27 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/tests/tpmtool_test.sh b/tests/tpmtool_test.sh
|
|
index eba502612..77fe17e59 100755
|
|
--- a/tests/tpmtool_test.sh
|
|
+++ b/tests/tpmtool_test.sh
|
|
@@ -138,6 +138,7 @@ start_tcsd()
|
|
local tcsd_conf=$workdir/tcsd.conf
|
|
local tcsd_system_ps_file=$workdir/system_ps_file
|
|
local tcsd_pidfile=$workdir/tcsd.pid
|
|
+ local owner
|
|
|
|
start_swtpm "$workdir"
|
|
[ $? -ne 0 ] && return 1
|
|
@@ -146,20 +147,36 @@ start_tcsd()
|
|
port = $TCSD_LISTEN_PORT
|
|
system_ps_file = $tcsd_system_ps_file
|
|
_EOF_
|
|
+ # older versions of trousers require tss:tss ownership of the
|
|
+ # config file, later ones root:tss
|
|
+ for owner in tss root; do
|
|
+ if [ "$owner" = "tss" ]; then
|
|
+ chmod 0600 $tcsd_conf
|
|
+ else
|
|
+ chmod 0640 $tcsd_conf
|
|
+ fi
|
|
+ chown $owner:tss $tcsd_conf
|
|
|
|
- chown tss:tss $tcsd_conf
|
|
- chmod 0600 $tcsd_conf
|
|
+ bash -c "TCSD_USE_TCP_DEVICE=1 TCSD_TCP_DEVICE_PORT=$SWTPM_SERVER_PORT tcsd -c $tcsd_conf -e -f &>/dev/null & echo \$! > $tcsd_pidfile; wait" &
|
|
+ BASH_PID=$!
|
|
|
|
- bash -c "TCSD_USE_TCP_DEVICE=1 TCSD_TCP_DEVICE_PORT=$SWTPM_SERVER_PORT tcsd -c $tcsd_conf -e -f &>/dev/null & echo \$! > $tcsd_pidfile; wait" &
|
|
- BASH_PID=$!
|
|
+ if wait_for_file $tcsd_pidfile 3; then
|
|
+ echo "Could not get TCSD's PID file"
|
|
+ return 1
|
|
+ fi
|
|
|
|
- if wait_for_file $tcsd_pidfile 3; then
|
|
- echo "Could not get TCSD's PID file"
|
|
- return 1
|
|
- fi
|
|
+ sleep 0.5
|
|
+ TCSD_PID=$(cat $tcsd_pidfile)
|
|
+ kill -0 "${TCSD_PID}"
|
|
+ if [ $? -ne 0 ]; then
|
|
+ # Try again with other owner
|
|
+ continue
|
|
+ fi
|
|
+ return 0
|
|
+ done
|
|
|
|
- TCSD_PID=$(cat $tcsd_pidfile)
|
|
- return 0
|
|
+ echo "TCSD could not be started"
|
|
+ return 1
|
|
}
|
|
|
|
stop_tcsd()
|
|
--
|
|
2.29.2
|
|
|
|
|
|
From 2b0f6f3a2ff13153aaa70c764ba7a8b90aef794d Mon Sep 17 00:00:00 2001
|
|
From: Daiki Ueno <ueno@gnu.org>
|
|
Date: Mon, 28 Dec 2020 16:16:53 +0100
|
|
Subject: [PATCH 2/2] testpkcs11: use datefudge to trick certificate expiry
|
|
|
|
The certificates stored in tests/testpkcs11-certs expired on
|
|
2020-12-13. To avoid verification failure due to that, use datefudge
|
|
to set custom date when calling gnutls-cli, gnutls-serv, and certtool.
|
|
|
|
Based on the patch by Andreas Metzler:
|
|
https://gitlab.com/gnutls/gnutls/-/issues/1135#note_469682121
|
|
|
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
---
|
|
tests/testpkcs11.sh | 12 +++++++++++-
|
|
1 file changed, 11 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/tests/testpkcs11.sh b/tests/testpkcs11.sh
|
|
index 38b9585bc..09a627477 100755
|
|
--- a/tests/testpkcs11.sh
|
|
+++ b/tests/testpkcs11.sh
|
|
@@ -67,6 +67,8 @@ have_ed25519=0
|
|
P11TOOL="${VALGRIND} ${P11TOOL} --batch"
|
|
SERV="${SERV} -q"
|
|
|
|
+TESTDATE=2020-12-01
|
|
+
|
|
. ${srcdir}/scripts/common.sh
|
|
|
|
rm -f "${LOGFILE}"
|
|
@@ -79,6 +81,8 @@ exit_error () {
|
|
exit 1
|
|
}
|
|
|
|
+skip_if_no_datefudge
|
|
+
|
|
# $1: token
|
|
# $2: PIN
|
|
# $3: filename
|
|
@@ -523,6 +527,7 @@ write_certificate_test () {
|
|
pubkey="$5"
|
|
|
|
echo -n "* Generating client certificate... "
|
|
+ datefudge -s "$TESTDATE" \
|
|
"${CERTTOOL}" ${CERTTOOL_PARAM} ${ADDITIONAL_PARAM} --generate-certificate --load-ca-privkey "${cakey}" --load-ca-certificate "${cacert}" \
|
|
--template ${srcdir}/testpkcs11-certs/client-tmpl --load-privkey "${token};object=gnutls-client;object-type=private" \
|
|
--load-pubkey "$pubkey" --outfile tmp-client.crt >>"${LOGFILE}" 2>&1
|
|
@@ -900,7 +905,9 @@ use_certificate_test () {
|
|
echo -n "* Using PKCS #11 with gnutls-cli (${txt})... "
|
|
# start server
|
|
eval "${GETPORT}"
|
|
- launch_server ${ADDITIONAL_PARAM} --echo --priority NORMAL --x509certfile="${certfile}" \
|
|
+ launch_bare_server datefudge -s "$TESTDATE" \
|
|
+ $VALGRIND $SERV $DEBUG -p "$PORT" \
|
|
+ ${ADDITIONAL_PARAM} --debug 10 --echo --priority NORMAL --x509certfile="${certfile}" \
|
|
--x509keyfile="$keyfile" --x509cafile="${cafile}" \
|
|
--verify-client-cert --require-client-cert >>"${LOGFILE}" 2>&1
|
|
|
|
@@ -908,13 +915,16 @@ use_certificate_test () {
|
|
wait_server ${PID}
|
|
|
|
# connect to server using SC
|
|
+ datefudge -s "$TESTDATE" \
|
|
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 && \
|
|
fail ${PID} "Connection should have failed!"
|
|
|
|
+ datefudge -s "$TESTDATE" \
|
|
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${certfile}" \
|
|
--x509keyfile="$keyfile" --x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
fail ${PID} "Connection (with files) should have succeeded!"
|
|
|
|
+ datefudge -s "$TESTDATE" \
|
|
${VALGRIND} "${CLI}" ${ADDITIONAL_PARAM} -p "${PORT}" localhost --priority NORMAL --x509certfile="${token};object=gnutls-client;object-type=cert" \
|
|
--x509keyfile="${token};object=gnutls-client;object-type=private" \
|
|
--x509cafile="${cafile}" </dev/null >>"${LOGFILE}" 2>&1 || \
|
|
--
|
|
2.29.2
|
|
|
|
From 5a64e896a56ef602bb86242bbac01e4319f12cbe Mon Sep 17 00:00:00 2001
|
|
From: Daiki Ueno <ueno@gnu.org>
|
|
Date: Tue, 9 Feb 2021 15:26:07 +0100
|
|
Subject: [PATCH] tests/gnutls-cli-debug.sh: don't unset system priority
|
|
settings
|
|
|
|
When the test is exercised, GNUTLS_SYSTEM_PRIORITY_FILE is set in many
|
|
places, such as TESTS_ENVIRONMENT tests/Makefile.am or a packaging
|
|
system that runs the test in a restricted environment. Unsetting it
|
|
after a temporary use forces the remaining part of the test to use the
|
|
default system priority, which might not be the intention of the user.
|
|
|
|
Signed-off-by: Daiki Ueno <ueno@gnu.org>
|
|
---
|
|
tests/gnutls-cli-debug.sh | 4 +---
|
|
1 file changed, 1 insertion(+), 3 deletions(-)
|
|
|
|
diff --git a/tests/gnutls-cli-debug.sh b/tests/gnutls-cli-debug.sh
|
|
index a73910dea..3c3e2214e 100755
|
|
--- a/tests/gnutls-cli-debug.sh
|
|
+++ b/tests/gnutls-cli-debug.sh
|
|
@@ -184,13 +184,11 @@ cat <<_EOF_ > ${TMPFILE}
|
|
tls-disabled-cipher = CAMELLIA-128-CBC
|
|
tls-disabled-cipher = CAMELLIA-256-CBC
|
|
_EOF_
|
|
-export GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}"
|
|
|
|
+GNUTLS_SYSTEM_PRIORITY_FILE="${TMPFILE}" \
|
|
timeout 1800 datefudge "2017-08-9" \
|
|
"${DCLI}" -p "${PORT}" localhost >$OUTFILE 2>&1 || fail ${PID} "gnutls-cli-debug run should have succeeded!"
|
|
|
|
-unset GNUTLS_SYSTEM_PRIORITY_FILE
|
|
-
|
|
kill ${PID}
|
|
wait
|
|
|
|
--
|
|
2.29.2
|
|
|