GNU bug report logs -
#68474
[Guix-Past]: openssl@1.0.2u does not pass tests
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 68474 in the body.
You can then email your comments to 68474 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#68474; Package
guix.
(Mon, 15 Jan 2024 15:07:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Jean-Pierre De Jesus Diaz <jean <at> foundationdevices.com>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Mon, 15 Jan 2024 15:07:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
The package at the guix-past channel does not pass the tests at
`tests/cms-test.pl'
file. It fails with the following error:
From the build log:
...
CMS consistency test
/gnu/store/lj75fc25zx2y9pqvfp95la84rdhlj4f8-perl-5.36.0/bin/perl cms-test.pl
CMS => PKCS#7 compatibility tests
signed content DER format, RSA key: verify error
```
And the from the error file that the test writes:
$ cat /tmp/guix-build-openssl-1.0.2u.drv-0/openssl-1.0.2u/test/cms.err
Verification failure
140737353281920:error:21075075:PKCS7 routines:PKCS7_verify:certificate
verify error:pk7_smime.c:335:Verify error:certificate has expired
My guix description is:
Generation 74 Jan 15 2024 12:28:39 (current)
guix 162d6a2
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 162d6a2fdd6af13272967c77347a54934ecb45e6
guix-past 0e8c1ea
repository URL: https://gitlab.inria.fr/guix-hpc/guix-past
branch: master
commit: 0e8c1eae3efd34ab291fc6a4b69b767683488bb9
--
Jean-Pierre De Jesus DIAZ
Foundation Devices, Inc.
[spxpvzpamzndlggz8xd4d79vis312d-openssl-1.0.2u.drv.gz (application/gzip, attachment)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#68474; Package
guix.
(Tue, 30 Jan 2024 17:30:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 68474 <at> debbugs.gnu.org (full text, mbox):
Hi,
Jean-Pierre De Jesus Diaz <jean <at> foundationdevices.com> skribis:
> And the from the error file that the test writes:
>
> $ cat /tmp/guix-build-openssl-1.0.2u.drv-0/openssl-1.0.2u/test/cms.err
> Verification failure
> 140737353281920:error:21075075:PKCS7 routines:PKCS7_verify:certificate
> verify error:pk7_smime.c:335:Verify error:certificate has expired
This is a typically “time trap”. Options are: use libfaketime to run
“make check”, change the certificates so they don’t expire, or skip
those tests.
Would you like to give it a try?
Thanks,
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#68474; Package
guix.
(Wed, 31 Jan 2024 13:08:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 68474 <at> debbugs.gnu.org (full text, mbox):
Hi,
On Tue, Jan 30, 2024 at 5:29 PM Ludovic Courtès
<ludovic.courtes <at> inria.fr> wrote:
>
> Hi,
>
> Jean-Pierre De Jesus Diaz <jean <at> foundationdevices.com> skribis:
>
> > And the from the error file that the test writes:
> >
> > $ cat /tmp/guix-build-openssl-1.0.2u.drv-0/openssl-1.0.2u/test/cms.err
> > Verification failure
> > 140737353281920:error:21075075:PKCS7 routines:PKCS7_verify:certificate
> > verify error:pk7_smime.c:335:Verify error:certificate has expired
>
> This is a typically “time trap”. Options are: use libfaketime to run
> “make check”, change the certificates so they don’t expire, or skip
> those tests.
>
> Would you like to give it a try?
>
> Thanks,
> Ludo’.
I'll give it a try to use libfaketime to keep tests enabled.
Thanks,
--
Jean-Pierre De Jesus DIAZ
Foundation Devices, Inc.
Information forwarded
to
bug-guix <at> gnu.org:
bug#68474; Package
guix.
(Wed, 31 Jan 2024 14:21:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 68474 <at> debbugs.gnu.org (full text, mbox):
From: Jean-Pierre De Jesus DIAZ <me <at> jeandudey.tech>
* modules/past/packages/tls.scm (openssl-1.0): Fix a time bomb in
cms-test.pl due to expired certificates.
---
modules/past/packages/tls.scm | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/modules/past/packages/tls.scm b/modules/past/packages/tls.scm
index cbc9834..a494e1c 100644
--- a/modules/past/packages/tls.scm
+++ b/modules/past/packages/tls.scm
@@ -140,6 +140,20 @@
,@(if (%current-target-system)
'((getenv "CONFIGURE_TARGET_ARCH"))
'())))))
+ (add-before 'check 'patch-util/shlib_wrap.sh
+ (lambda* (#:key tests? native-inputs inputs #:allow-other-keys)
+ (when tests?
+ (let ((lib (search-input-file (or native-inputs inputs)
+ "lib/faketime/libfaketime.so.1"))
+ (release-date "2019-12-20 13:25:43"))
+ ;; Invoking "faketime make ..." does not work as this script
+ ;; sets its own LD_PRELOAD variable, so re-export it with
+ ;; libfaketime and set the fake time.
+ (substitute* "util/shlib_wrap.sh"
+ (("cmd=\"\\$1\\$\\{EXE_EXT\\}\"" all)
+ (string-append "export LD_PRELOAD=" lib ":$LD_PRELOAD\n"
+ "export FAKETIME=\"" release-date "\"\n"
+ all)))))))
(add-after 'install 'move-static-libraries
(lambda* (#:key outputs #:allow-other-keys)
;; Move static libraries to the "static" output.
@@ -175,7 +189,7 @@
(delete-file-recursively (string-append out "/share/openssl-"
,version "/misc"))
#t))))))
- (native-inputs (list (S "perl")))
+ (native-inputs (list (S "libfaketime") (S "perl")))
(native-search-paths
(list (search-path-specification
(variable "SSL_CERT_DIR")
base-commit: d60a388678098e6de60ca1a65806903b5739da29
--
2.41.0
Reply sent
to
Ludovic Courtès <ludovic.courtes <at> inria.fr>:
You have taken responsibility.
(Fri, 02 Feb 2024 00:09:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Jean-Pierre De Jesus Diaz <jean <at> foundationdevices.com>:
bug acknowledged by developer.
(Fri, 02 Feb 2024 00:09:01 GMT)
Full text and
rfc822 format available.
Message #19 received at 68474-done <at> debbugs.gnu.org (full text, mbox):
Hello,
Jean-Pierre De Jesus DIAZ <jean <at> foundationdevices.com> skribis:
> From: Jean-Pierre De Jesus DIAZ <me <at> jeandudey.tech>
>
> * modules/past/packages/tls.scm (openssl-1.0): Fix a time bomb in
> cms-test.pl due to expired certificates.
Perfect. Pushed, thanks!
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 01 Mar 2024 12:24:09 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 110 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.