GNU bug report logs - #34426
xmlsec has test failures

Previous Next

Package: guix;

Reported by: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>

Date: Mon, 11 Feb 2019 06:00:02 UTC

Severity: normal

Done: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 34426 in the body.
You can then email your comments to 34426 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-guix <at> gnu.org:
bug#34426; Package guix. (Mon, 11 Feb 2019 06:00:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Mon, 11 Feb 2019 06:00:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>
To: <bug-guix <at> gnu.org>
Subject: xmlsec has test failures
Date: Mon, 11 Feb 2019 06:57:57 +0100
[Message part 1 (text/plain, inline)]
commit: 50a93adc05b611836e740c4b55571890f4c6770a

Package xmlsec has test failures:

--- detailed log is written to  /tmp/testDSig.sh.20190211_054329-21153.log
--- TOTAL OK: 144; TOTAL FAILED: 38; TOTAL SKIPPED: 13
Test: /aleksey-xmldsig-01/enveloping-dsa-x509chain (success)
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 check-transforms  --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config sha1 dsa-
Transforms "sha1" found
Transforms "dsa-sha1" found
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 check-key-data  --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config dsa x509
Key data "dsa" found
Key data "x509" found
 /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 verify  --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config --trusted-der /tmp
func=xmlSecGnuTLSX509StoreVerify:file=x509vfy.c:line=354:obj=unknown:subj=unknown:error=71:certificate verification failed:gnutls_x509_crt_list_verif
func=xmlSecKeysMngrGetKey:file=keys.c:line=1253:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=793:obj=unknown:subj=unknown:error=45:key is not found:details=NULL
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=508:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function faile
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=346:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
ERROR
SignedInfo References (ok/all): 0/0
Manifests References (ok/all): 0/0
Error: failed to verify file "/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/tests/aleksey-xmldsig-01/enveloping-dsa-x509chain.xml"
 /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 sign  --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config --pkcs12 /tmp/guix-b
 /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 verify  --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config --trusted-der /tmp
func=xmlSecGnuTLSX509StoreVerify:file=x509vfy.c:line=354:obj=unknown:subj=unknown:error=71:certificate verification failed:gnutls_x509_crt_list_verif
func=xmlSecKeysMngrGetKey:file=keys.c:line=1253:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=793:obj=unknown:subj=unknown:error=45:key is not found:details=NULL
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=508:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function faile
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=346:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
ERROR

[...]

ERROR
SignedInfo References (ok/all): 0/0
Manifests References (ok/all): 0/0
Error: failed to verify file "signature-dsa-enveloped.xml"
Test: phaos-xmldsig-three/signature-dsa-enveloping in folder  /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/tests/phaos-xmldsig-three  (success)
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 check-transforms  --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config sha1 dsa-
Transforms "sha1" found
Transforms "dsa-sha1" found
/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 check-key-data  --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config dsa x509
Key data "dsa" found
Key data "x509" found
 /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 verify  --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config --trusted-der cert
func=xmlSecGnuTLSX509StoreVerify:file=x509vfy.c:line=354:obj=unknown:subj=unknown:error=71:certificate verification failed:gnutls_x509_crt_list_verif
func=xmlSecKeysMngrGetKey:file=keys.c:line=1253:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=793:obj=unknown:subj=unknown:error=45:key is not found:details=NULL
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=508:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function faile
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=346:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed: 
Error: signature failed 
ERROR
SignedInfo References (ok/all): 0/0
Manifests References (ok/all): 0/0
Error: failed to verify file "signature-dsa-enveloping.xml"
make[1]: *** [Makefile:1182: check-crypto-gnutls] Error 38
make[1]: Leaving directory '/tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27'
make: *** [Makefile:1177: check-all] Error 1

Test suite failed, dumping logs.
Backtrace:
           4 (primitive-load "/gnu/store/v9r18cvjhkzpgvqr13v02rippas…")
In ice-9/eval.scm:
   191:35  3 (_ _)
In srfi/srfi-1.scm:
   863:16  2 (every1 #<procedure 705320 at /gnu/store/gfprsx2m62cvq…> …)
In /gnu/store/gfprsx2m62cvqbh7ysc9ay9slhijvmal-module-import/guix/build/gnu-build-system.scm:
   799:28  1 (_ _)
    369:6  0 (check #:target _ #:make-flags _ #:tests? _ # _ # _ # _)

/gnu/store/gfprsx2m62cvqbh7ysc9ay9slhijvmal-module-import/guix/build/gnu-build-system.scm:369:6: In procedure check:
Throw to key `srfi-34' with args `(#<condition &invoke-error [program: "make" arguments: ("check" "-j" "4") exit-status: 2 term-signal: #f stop-signa
builder for `/gnu/store/13f6ryg4cj0a64dj9v6c8fb6ill274gx-xmlsec-1.2.27.drv' failed with exit code 1
build of /gnu/store/13f6ryg4cj0a64dj9v6c8fb6ill274gx-xmlsec-1.2.27.drv failed
View build log at '/var/log/guix/drvs/13/f6ryg4cj0a64dj9v6c8fb6ill274gx-xmlsec-1.2.27.drv.bz2'.
guix build: error: build of `/gnu/store/13f6ryg4cj0a64dj9v6c8fb6ill274gx-xmlsec-1.2.27.drv' failed

Full log attached.

Björn

PS: Hydra hasn't yet built this
[xmlsec-1.2.27.log (text/x-log, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Information forwarded to bug-guix <at> gnu.org:
bug#34426; Package guix. (Fri, 22 Feb 2019 22:06:02 GMT) Full text and rfc822 format available.

Message #8 received at 34426 <at> debbugs.gnu.org (full text, mbox):

From: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>
To: 34426 <at> debbugs.gnu.org
Subject: Re: bug#34426: xmlsec has test failures
Date: Fri, 22 Feb 2019 23:05:45 +0100
[Message part 1 (text/plain, inline)]
On Mon, 11 Feb 2019 06:57:57 +0100
Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> wrote:

> commit: 50a93adc05b611836e740c4b55571890f4c6770a
> 
> Package xmlsec has test failures:

I bisected this error and found out:

It is introduced by updating gnutls from 3.5.18 to 3.6.5 on commit

commit 06f5bc4e12a78883c6f4a543711311bd66e6832b
Author: Marius Bakke <mbakke <at> fastmail.com>
Date:   Mon Dec 10 02:38:32 2018 +0100

    gnu: GnuTLS: Update to 3.6.5.

Later on commit:

a46dcdfa3d9002eface76ef9f83e5d34c1ecbfb0

in core-updates GnuTLS it updated to 3.6.6. But here xmlsec still
has test failures.

Has anyone an idea why these tests fail and how to fix it?

Thanks,

Björn
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to bug-guix <at> gnu.org:
bug#34426; Package guix. (Sun, 10 Mar 2019 04:08:01 GMT) Full text and rfc822 format available.

Message #11 received at 34426 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>
Cc: 34426 <at> debbugs.gnu.org
Subject: Re: bug#34426: xmlsec has test failures
Date: Sat, 09 Mar 2019 23:07:27 -0500
Hello Björn,

Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> writes:

> On Mon, 11 Feb 2019 06:57:57 +0100
> Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de> wrote:
>
>> commit: 50a93adc05b611836e740c4b55571890f4c6770a
>> 
>> Package xmlsec has test failures:
>
> I bisected this error and found out:
>
> It is introduced by updating gnutls from 3.5.18 to 3.6.5 on commit
>
> commit 06f5bc4e12a78883c6f4a543711311bd66e6832b
> Author: Marius Bakke <mbakke <at> fastmail.com>
> Date:   Mon Dec 10 02:38:32 2018 +0100
>
>     gnu: GnuTLS: Update to 3.6.5.
>
> Later on commit:
>
> a46dcdfa3d9002eface76ef9f83e5d34c1ecbfb0
>
> in core-updates GnuTLS it updated to 3.6.6. But here xmlsec still
> has test failures.

Good debugging! This should help us identify what change in GnuTLS might
have broke xmlsec between those versions.

It seems the test suite failures are caused by a single problem:

--8<---------------cut here---------------start------------->8---
Key data "x509" found
 /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/apps/xmlsec1 verify  --crypto gnutls --crypto-config /tmp/xmlsec-crypto-config --trusted-der /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/tests/keys/cacert.der --untrusted-der /tmp/
guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/tests/keys/ca2cert.der  --untrusted-der /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/tests/keys/rsacert.der --enabled-key-data x509 /tmp/guix-build-xmlsec-1.2.27.drv-0/xmlsec1-1.2.27/test
s/aleksey-xmldsig-01/x509data-sn-test.xml
func=xmlSecGnuTLSX509StoreVerify:file=x509vfy.c:line=354:obj=unknown:subj=unknown:error=71:certificate verification failed:gnutls_x509_crt_list_verify: verification failed: status=258u
--8<---------------cut here---------------end--------------->8---

> Has anyone an idea why these tests fail and how to fix it?

I haven't investigated more at this time, but will have too, as it
breaks my Gnucash setup.

Maxim




Information forwarded to bug-guix <at> gnu.org:
bug#34426; Package guix. (Fri, 22 Mar 2019 17:42:02 GMT) Full text and rfc822 format available.

Message #14 received at 34426 <at> debbugs.gnu.org (full text, mbox):

From: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 34426 <at> debbugs.gnu.org
Subject: Re: bug#34426: xmlsec has test failures
Date: Fri, 22 Mar 2019 18:41:44 +0100
[Message part 1 (text/plain, inline)]
Hi Maxim,

On Sat, 09 Mar 2019 23:07:27 -0500
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> wrote:

> Good debugging! This should help us identify what change in GnuTLS
> might have broke xmlsec between those versions.

[..]

> > Has anyone an idea why these tests fail and how to fix it?  
> 
> I haven't investigated more at this time, but will have too, as it
> breaks my Gnucash setup.

Same here. I hope that someone can pick up that information and solve
it :-)

Björn
[Message part 2 (application/pgp-signature, inline)]

Reply sent to Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>:
You have taken responsibility. (Mon, 13 May 2019 20:29:02 GMT) Full text and rfc822 format available.

Notification sent to Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>:
bug acknowledged by developer. (Mon, 13 May 2019 20:29:02 GMT) Full text and rfc822 format available.

Message #19 received at 34426-done <at> debbugs.gnu.org (full text, mbox):

From: Björn Höfling <bjoern.hoefling <at> bjoernhoefling.de>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: 34426-done <at> debbugs.gnu.org
Subject: Re: bug#34426: xmlsec has test failures
Date: Mon, 13 May 2019 22:28:29 +0200
[Message part 1 (text/plain, inline)]
Closing this, builds again with newest version.

Björn

[Message part 2 (application/pgp-signature, inline)]

bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 11 Jun 2019 11:24:06 GMT) Full text and rfc822 format available.

This bug report was last modified 4 years and 292 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.