GNU bug report logs -
#34426
xmlsec has test failures
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 34426 in the body.
You can then email your comments to 34426 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org
:
bug#34426
; Package
guix
.
(Mon, 11 Feb 2019 06:00:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>
:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org
.
(Mon, 11 Feb 2019 06:00:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
commit: 50a93adc05b611836e740c4b55571890f4c6770a
Package xmlsec has test failures:
--- detailed log is written to /tmp/testDSig.sh.20190211_054329-21153.log
--- TOTAL OK: 144; TOTAL FAILED: 38; TOTAL SKIPPED: 13
Test: /aleksey-xmldsig-01/enveloping-dsa-x509chain (success)
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 check-transforms --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config sha1 dsa-
Transforms "sha1" found
Transforms "dsa-sha1" found
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 check-key-data --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config dsa x509
Key data "dsa" found
Key data "x509" found
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 verify --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config --trusted-der /tmp
func=xmlSecGnuTLSX509StoreVerify:file=x509vfy.c:line=354:obj=unknown:subj=unknown:error=71:certificate verification failed:gnutls_x509_crt_list_verif
func=xmlSecKeysMngrGetKey:file=keys.c:line=1253:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=793:obj=unknown:subj=unknown:error=45:key is not found:details=NULL
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=508:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function faile
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=346:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed:
Error: signature failed
ERROR
SignedInfo References (ok/all): 0/0
Manifests References (ok/all): 0/0
Error: failed to verify file "/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/tests/aleksey-xmldsig-01/enveloping-dsa-x509chain.xml"
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 sign --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config --pkcs12 /tmp/guix-b
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 verify --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config --trusted-der /tmp
func=xmlSecGnuTLSX509StoreVerify:file=x509vfy.c:line=354:obj=unknown:subj=unknown:error=71:certificate verification failed:gnutls_x509_crt_list_verif
func=xmlSecKeysMngrGetKey:file=keys.c:line=1253:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=793:obj=unknown:subj=unknown:error=45:key is not found:details=NULL
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=508:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function faile
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=346:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed:
Error: signature failed
ERROR
[...]
ERROR
SignedInfo References (ok/all): 0/0
Manifests References (ok/all): 0/0
Error: failed to verify file "signature-dsa-enveloped.xml"
Test: phaos-xmldsig-three/signature-dsa-enveloping in folder /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/tests/phaos-xmldsig-three (success)
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 check-transforms --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config sha1 dsa-
Transforms "sha1" found
Transforms "dsa-sha1" found
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 check-key-data --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config dsa x509
Key data "dsa" found
Key data "x509" found
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 verify --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config --trusted-der cert
func=xmlSecGnuTLSX509StoreVerify:file=x509vfy.c:line=354:obj=unknown:subj=unknown:error=71:certificate verification failed:gnutls_x509_crt_list_verif
func=xmlSecKeysMngrGetKey:file=keys.c:line=1253:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=793:obj=unknown:subj=unknown:error=45:key is not found:details=NULL
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=508:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function faile
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=346:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed:
Error: signature failed
ERROR
SignedInfo References (ok/all): 0/0
Manifests References (ok/all): 0/0
Error: failed to verify file "signature-dsa-enveloping.xml"
make[1]: *** [Makefile:1182: check-crypto-gnutls] Error 38
make[1]: Leaving directory '/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27'
make: *** [Makefile:1177: check-all] Error 1
Test suite failed, dumping logs.
Backtrace:
4 (primitive-load "/gnu/store/v9r18cvjhkzpgvqr13v02rippas…")
In ice-9/eval.scm:
191:35 3 (_ _)
In srfi/srfi-1.scm:
863:16 2 (every1 #<procedure 705320 at /gnu/store/gfprsx2m62cvq…> …)
In /gnu/store/gfprsx2m62cvqbh7ysc9ay9slhijvmal-module-import/guix/build/gnu-build-system.scm:
799:28 1 (_ _)
369:6 0 (check #:target _ #:make-flags _ #:tests? _ # _ # _ # _)
/gnu/store/gfprsx2m62cvqbh7ysc9ay9slhijvmal-module-import/guix/build/gnu-build-system.scm:369:6: In procedure check:
Throw to key `srfi-34' with args `(#<condition &invoke-error [program: "make" arguments: ("check" "-j" "4") exit-status: 2 term-signal: #f stop-signa
builder for `/gnu/store/13f6ryg4cj0a64dj9v6c8fb6ill274gx-xmlsec-1.2.27.drv' failed with exit code 1
build of /gnu/store/13f6ryg4cj0a64dj9v6c8fb6ill274gx-xmlsec-1.2.27.drv failed
View build log at '/var/log/guix/drvs/13/f6ryg4cj0a64dj9v6c8fb6ill274gx-xmlsec-1.2.27.drv.bz2'.
guix build: error: build of `/gnu/store/13f6ryg4cj0a64dj9v6c8fb6ill274gx-xmlsec-1.2.27.drv' failed
Full log attached.
Björn
PS: Hydra hasn't yet built this
[xmlsec-1.2.27.log (text/x-log, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#34426
; Package
guix
.
(Fri, 22 Feb 2019 22:06:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 34426 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Mon, 11 Feb 2019 06:57:57 +0100
Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> wrote:
> commit: 50a93adc05b611836e740c4b55571890f4c6770a
>
> Package xmlsec has test failures:
I bisected this error and found out:
It is introduced by updating gnutls from 3.5.18 to 3.6.5 on commit
commit 06f5bc4e12a78883c6f4a543711311bd66e6832b
Author: Marius Bakke <mbakke <at> fastmail.com>
Date: Mon Dec 10 02:38:32 2018 +0100
gnu: GnuTLS: Update to 3.6.5.
Later on commit:
a46dcdfa3d9002eface76ef9f83e5d34c1ecbfb0
in core-updates GnuTLS it updated to 3.6.6. But here xmlsec still
has test failures.
Has anyone an idea why these tests fail and how to fix it?
Thanks,
Björn
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#34426
; Package
guix
.
(Sun, 10 Mar 2019 04:08:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 34426 <at> debbugs.gnu.org (full text, mbox):
Hello Björn,
Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> writes:
> On Mon, 11 Feb 2019 06:57:57 +0100
> Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> wrote:
>
>> commit: 50a93adc05b611836e740c4b55571890f4c6770a
>>
>> Package xmlsec has test failures:
>
> I bisected this error and found out:
>
> It is introduced by updating gnutls from 3.5.18 to 3.6.5 on commit
>
> commit 06f5bc4e12a78883c6f4a543711311bd66e6832b
> Author: Marius Bakke <mbakke <at> fastmail.com>
> Date: Mon Dec 10 02:38:32 2018 +0100
>
> gnu: GnuTLS: Update to 3.6.5.
>
> Later on commit:
>
> a46dcdfa3d9002eface76ef9f83e5d34c1ecbfb0
>
> in core-updates GnuTLS it updated to 3.6.6. But here xmlsec still
> has test failures.
Good debugging! This should help us identify what change in GnuTLS might
have broke xmlsec between those versions.
It seems the test suite failures are caused by a single problem:
--8<---------------cut here---------------start------------->8---
Key data "x509" found
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 verify --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config --trusted-der /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/tests/keys/cacert.der --untrusted-der /tmp/
guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/tests/keys/ca2cert.der --untrusted-der /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/tests/keys/rsacert.der --enabled-key-data x509 /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/test
s/aleksey-xmldsig-01/x509data-sn-test.xml
func=xmlSecGnuTLSX509StoreVerify:file=x509vfy.c:line=354:obj=unknown:subj=unknown:error=71:certificate verification failed:gnutls_x509_crt_list_verify: verification failed: status=258u
--8<---------------cut here---------------end--------------->8---
> Has anyone an idea why these tests fail and how to fix it?
I haven't investigated more at this time, but will have too, as it
breaks my Gnucash setup.
Maxim
Information forwarded
to
bug-guix <at> gnu.org
:
bug#34426
; Package
guix
.
(Fri, 22 Mar 2019 17:42:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 34426 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Maxim,
On Sat, 09 Mar 2019 23:07:27 -0500
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> wrote:
> Good debugging! This should help us identify what change in GnuTLS
> might have broke xmlsec between those versions.
[..]
> > Has anyone an idea why these tests fail and how to fix it?
>
> I haven't investigated more at this time, but will have too, as it
> breaks my Gnucash setup.
Same here. I hope that someone can pick up that information and solve
it :-)
Björn
[Message part 2 (application/pgp-signature, inline)]
Reply sent
to
Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>
:
You have taken responsibility.
(Mon, 13 May 2019 20:29:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>
:
bug acknowledged by developer.
(Mon, 13 May 2019 20:29:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 34426-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Closing this, builds again with newest version.
Björn
[Message part 2 (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Tue, 11 Jun 2019 11:24:06 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 292 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.