diff mbox

gnutls 'name-constraints' test failure

Message ID 20160717173334.GA2626@jasmine
State New
Headers show

Commit Message

Leo Famulari July 17, 2016, 5:33 p.m. UTC
On Sun, Jul 17, 2016 at 03:25:46PM +0200, Ludovic Courtès wrote:
> Interesting failure mode.

"Interesting" is one word for it ;) It's not the first time I've seen a
test go stale.

> In the meantime grafting is a good idea.  Would you like to try that?

A patch is attached for review!

Comments

Ludovic Courtès July 18, 2016, 12:14 p.m. UTC | #1
Leo Famulari <leo@famulari.name> skribis:

> From 55512c47d6331109a82acc083ad5ea905d386be7 Mon Sep 17 00:00:00 2001
> From: Leo Famulari <leo@famulari.name>
> Date: Sun, 17 Jul 2016 13:07:35 -0400
> Subject: [PATCH] gnu: gnutls: Fix test failure.
>
> * gnu/packages/patches/gnutls-fix-stale-test.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/tls.scm (gnutls)[replacement]: New field.
> (gnutls/fixed): New variable.

LGTM, thanks!

Ludo'.
Leo Famulari July 18, 2016, 4:48 p.m. UTC | #2
On Sun, Jul 17, 2016 at 01:33:34PM -0400, Leo Famulari wrote:
> Subject: [PATCH] gnu: gnutls: Fix test failure.
> 
> * gnu/packages/patches/gnutls-fix-stale-test.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/tls.scm (gnutls)[replacement]: New field.
> (gnutls/fixed): New variable.

Mark pointed out that using a graft won't work, since the ungrafted and
unpatched gnutls will still need to be built.

Any ideas?
Leo Famulari July 18, 2016, 5:15 p.m. UTC | #3
On Mon, Jul 18, 2016 at 12:48:55PM -0400, Leo Famulari wrote:
> On Sun, Jul 17, 2016 at 01:33:34PM -0400, Leo Famulari wrote:
> > Subject: [PATCH] gnu: gnutls: Fix test failure.
> > 
> > * gnu/packages/patches/gnutls-fix-stale-test.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/tls.scm (gnutls)[replacement]: New field.
> > (gnutls/fixed): New variable.
> 
> Mark pointed out that using a graft won't work, since the ungrafted and
> unpatched gnutls will still need to be built.
> 
> Any ideas?

Unfortunately, the version of gnutls in core-updates (3.5.0) does not
include the fix. It was introduced in 3.5.2.
Efraim Flashner July 18, 2016, 5:30 p.m. UTC | #4
On Mon, Jul 18, 2016 at 12:48:55PM -0400, Leo Famulari wrote:
> On Sun, Jul 17, 2016 at 01:33:34PM -0400, Leo Famulari wrote:
> > Subject: [PATCH] gnu: gnutls: Fix test failure.
> > 
> > * gnu/packages/patches/gnutls-fix-stale-test.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/tls.scm (gnutls)[replacement]: New field.
> > (gnutls/fixed): New variable.
> 
> Mark pointed out that using a graft won't work, since the ungrafted and
> unpatched gnutls will still need to be built.
> 
> Any ideas?
> 

Can we do an
(if (system-prefix? "i686-linux" (or %target... %current...))
    (disable test)
    (echo "hi mom!"))

the other option I saw from the bug report
https://github.com/libgd/libgd/issues/242#issuecomment-228676965
was apparently to add the flags -msse -mfpmath=sse to CFLAGS to make it
pass.
Ludovic Courtès July 19, 2016, 1:01 p.m. UTC | #5
Efraim Flashner <efraim@flashner.co.il> skribis:

> Can we do an
> (if (system-prefix? "i686-linux" (or %target... %current...))
>     (disable test)
>     (echo "hi mom!"))
>
> the other option I saw from the bug report
> https://github.com/libgd/libgd/issues/242#issuecomment-228676965
> was apparently to add the flags -msse -mfpmath=sse to CFLAGS to make it
> pass.

You’re talking about a different issue ;-) (gd vs. GnuTLS), but yes, we
could use something like this to avoid rebuilds on platforms other than
i686.

Ludo’.
Ludovic Courtès July 19, 2016, 1:02 p.m. UTC | #6
Leo Famulari <leo@famulari.name> skribis:

> On Mon, Jul 18, 2016 at 12:48:55PM -0400, Leo Famulari wrote:
>> On Sun, Jul 17, 2016 at 01:33:34PM -0400, Leo Famulari wrote:
>> > Subject: [PATCH] gnu: gnutls: Fix test failure.
>> > 
>> > * gnu/packages/patches/gnutls-fix-stale-test.patch: New file.
>> > * gnu/local.mk (dist_patch_DATA): Add it.
>> > * gnu/packages/tls.scm (gnutls)[replacement]: New field.
>> > (gnutls/fixed): New variable.
>> 
>> Mark pointed out that using a graft won't work, since the ungrafted and
>> unpatched gnutls will still need to be built.

Bah, indeed!

> Unfortunately, the version of gnutls in core-updates (3.5.0) does not
> include the fix. It was introduced in 3.5.2.

So GnuTLS already doesn’t build on core-updates, right?  In that case,
we should go ahead an update it.

WDYT?

Thanks,
Ludo’.
Leo Famulari July 19, 2016, 5:05 p.m. UTC | #7
On Tue, Jul 19, 2016 at 03:02:13PM +0200, Ludovic Courtès wrote:
> So GnuTLS already doesn’t build on core-updates, right?  In that case,
> we should go ahead an update it.

I built 3.5.2 on master, but now there is another test failure,
'testdsa'. I've attached the log.

It appears that the test requires a `netstat` available. Does GnuTLS
mock network access somehow?

Unfortunately, I have to go AFK for ~12 hours. Maybe somebody else can
look at it?
============================================
   GnuTLS 3.5.2: tests/dsa/test-suite.log
============================================

# TOTAL: 1
# PASS:  0
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

.. contents:: :depth: 2

FAIL: testdsa
=============

Checking various DSA key sizes (port )
Checking DSA-1024 with TLS 1.0
./testdsa: line 55: netstat: command not found
./../scripts/common.sh: line 73: netstat: command not found
./../scripts/common.sh: line 54: netstat: command not found
./../scripts/common.sh: line 57: netstat: command not found
try 1
./../scripts/common.sh: line 54: netstat: command not found
./../scripts/common.sh: line 57: netstat: command not found
try 2
./../scripts/common.sh: line 54: netstat: command not found
./../scripts/common.sh: line 57: netstat: command not found
try 3
./../scripts/common.sh: line 54: netstat: command not found
./../scripts/common.sh: line 57: netstat: command not found
try 4
./../scripts/common.sh: line 54: netstat: command not found
./../scripts/common.sh: line 57: netstat: command not found
try 5
./../scripts/common.sh: line 54: netstat: command not found
./../scripts/common.sh: line 57: netstat: command not found
try 6
Server 35835 did not come up
Leo Famulari July 20, 2016, 4:04 a.m. UTC | #8
On Tue, Jul 19, 2016 at 01:05:35PM -0400, Leo Famulari wrote:
> On Tue, Jul 19, 2016 at 03:02:13PM +0200, Ludovic Courtès wrote:
> > So GnuTLS already doesn’t build on core-updates, right?  In that case,
> > we should go ahead an update it.
> 
> I built 3.5.2 on master, but now there is another test failure,
> 'testdsa'. I've attached the log.

It builds with net-tools, with provides netstat.

The output does not retain a reference to net-tools (good!), so I pushed
the update to core-updates 5d4c90ae0.
Ludovic Courtès July 20, 2016, 10:07 a.m. UTC | #9
Leo Famulari <leo@famulari.name> skribis:

> On Tue, Jul 19, 2016 at 01:05:35PM -0400, Leo Famulari wrote:
>> On Tue, Jul 19, 2016 at 03:02:13PM +0200, Ludovic Courtès wrote:
>> > So GnuTLS already doesn’t build on core-updates, right?  In that case,
>> > we should go ahead an update it.
>> 
>> I built 3.5.2 on master, but now there is another test failure,
>> 'testdsa'. I've attached the log.
>
> It builds with net-tools, with provides netstat.
>
> The output does not retain a reference to net-tools (good!), so I pushed
> the update to core-updates 5d4c90ae0.

Great, thanks for taking care of it!

I have merged master in core-updates (there was a surprisingly large
number of pointless conflicts, I wonder why) and started an evaluation
on Hydra (it was done building master on i686 and x86_64).

Let’s see how it goes!

Ludo’.
diff mbox

Patch

From 55512c47d6331109a82acc083ad5ea905d386be7 Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Sun, 17 Jul 2016 13:07:35 -0400
Subject: [PATCH] gnu: gnutls: Fix test failure.

* gnu/packages/patches/gnutls-fix-stale-test.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/tls.scm (gnutls)[replacement]: New field.
(gnutls/fixed): New variable.
---
 gnu/local.mk                                     |  1 +
 gnu/packages/patches/gnutls-fix-stale-test.patch | 50 ++++++++++++++++++++++++
 gnu/packages/tls.scm                             |  8 ++++
 3 files changed, 59 insertions(+)
 create mode 100644 gnu/packages/patches/gnutls-fix-stale-test.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 536ecef..ef2eb0b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -533,6 +533,7 @@  dist_patch_DATA =						\
   %D%/packages/patches/gmp-faulty-test.patch			\
   %D%/packages/patches/gnome-tweak-tool-search-paths.patch	\
   %D%/packages/patches/gnucash-price-quotes-perl.patch		\
+  %D%/packages/patches/gnutls-fix-stale-test.patch		\
   %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
   %D%/packages/patches/gobject-introspection-cc.patch		\
   %D%/packages/patches/gobject-introspection-girepository.patch	\
diff --git a/gnu/packages/patches/gnutls-fix-stale-test.patch b/gnu/packages/patches/gnutls-fix-stale-test.patch
new file mode 100644
index 0000000..abb547a
--- /dev/null
+++ b/gnu/packages/patches/gnutls-fix-stale-test.patch
@@ -0,0 +1,50 @@ 
+A certificate used in the GnuTLS test suite has expired, causing the
+test suite to fail.
+
+The effect of this patch depends on whether or not the datefudge program
+is available. If it is, then it is used to change the date in the test
+environment. If it is not, then the test is skipped.
+
+At the time this patch was added to Guix, datefudge was not available,
+so the test is skipped.
+
+Taken from upstream commit:
+https://gitlab.com/gnutls/gnutls/commit/47f25d9e08d4e102572804a2aed186b01db23c65
+
+From 47f25d9e08d4e102572804a2aed186b01db23c65 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Wed, 29 Jun 2016 17:31:13 +0200
+Subject: [PATCH] tests: use datefudge in name-constraints test
+
+This avoids the expiration of the used certificate to affect the test.
+---
+ tests/cert-tests/name-constraints | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/tests/cert-tests/name-constraints b/tests/cert-tests/name-constraints
+index 05d6e9b..59af00f 100755
+--- a/tests/cert-tests/name-constraints
++++ b/tests/cert-tests/name-constraints
+@@ -28,7 +28,18 @@ if ! test -z "${VALGRIND}"; then
+ fi
+ TMPFILE=tmp.$$.pem
+ 
+-${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/name-constraints-ip.pem"
++export TZ="UTC"
++
++# Check for datefudge
++TSTAMP=`datefudge -s "2006-09-23" date -u +%s || true`
++if test "$TSTAMP" != "1158969600"; then
++	echo $TSTAMP
++	echo "You need datefudge to run this test"
++	exit 77
++fi
++
++datefudge -s "2016-04-22" \
++	${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/name-constraints-ip.pem"
+ rc=$?
+ 
+ if test "${rc}" != "0"; then
+-- 
+2.9.1
+
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index bdc1d7c..6ba1776 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -122,6 +122,7 @@  living in the same process.")
 (define-public gnutls
   (package
     (name "gnutls")
+    (replacement gnutls/fixed)
     (version "3.4.7")
     (source (origin
              (method url-fetch)
@@ -194,6 +195,13 @@  required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
+(define-public gnutls/fixed
+  (package
+    (inherit gnutls)
+    (source (origin
+              (inherit (package-source gnutls))
+              (patches (search-patches "gnutls-fix-stale-test.patch"))))))
+
 (define-public openssl
   (package
    (name "openssl")
-- 
2.9.1