BullShark
commented
4 years ago Closed BullShark closed 4 years ago
BullShark
commented
4 years ago BullShark
commented
4 years ago I changed check() in selinux/openssh-selinux/PKGBUILD to
check() {
cd "${srcdir}/${pkgname/-selinux}-${pkgver}"
# Tests require openssh to be already installed system-wide,
# also connectivity tests will fail under makechrootpkg since
# it runs as nobody which has /bin/false as login shell.
if [[ -e /usr/bin/scp && ! -e /.arch-chroot ]]; then
# Running tests in parallel is broken in 8.1p1-4, so force -j1:
#
# openssh-selinux/src/openssh-8.1p1/regress/ssh-rsa already exists.
# Overwrite (y/n)? ssh-keygen for ssh-rsa failed
# putty interop tests not enabled
# run test putty-ciphers.sh ...
# ssh connect with failed
# failed simple connect
# make[1]: *** [Makefile:211: t-exec] Error 1
# make[1]: Leaving directory 'openssh-selinux/src/openssh-8.1p1/regress'
# make: *** [Makefile:610: t-exec] Error 2
echo "Don't do testing. Testing is broken."
#make tests -j1
fi
}And openssh-selinux built just fine. The echo statement is needed because an if with no code in it will fail and give another error.
There's several errors in that make tests -j1. I fixed a few of them before I realized there was so many errors, it would be much quicker just to skip the tests and build the package.
For anybody trying to fix the tests, here's the files I modified that fix a few things. Run this to get more verbose output. make V=1 tests -j1
There's a Makefile in selinux/openssh-selinux/src/openssh-8.2p1/regress/ and selinux/openssh-selinux/src/openssh-8.2p1/ .
# $OpenBSD: Makefile,v 1.106 2020/01/31 23:25:08 djm Exp $
tests: prep file-tests t-exec unit
REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12
# File based tests
file-tests: $(REGRESS_TARGETS)
# Interop tests are not run by default
interop interop-tests: t-exec-interop
prep:
test "x${USE_VALGRIND}" = "x" || mkdir -p ./valgrind-out
clean:
for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done
rm -rf $(OBJ).putty
distclean: clean
LTESTS= connect \
proxy-connect \
connect-privsep \
connect-uri \
proto-version \
proto-mismatch \
exit-status \
envpass \
transfer \
banner \
rekey \
dhgex \
stderr-data \
stderr-after-eof \
broken-pipe \
try-ciphers \
yes-head \
login-timeout \
agent \
agent-getpeereid \
agent-timeout \
agent-ptrace \
keyscan \
keygen-change \
keygen-convert \
keygen-moduli \
key-options \
scp \
scp-uri \
sftp \
sftp-chroot \
sftp-cmds \
sftp-badcmds \
sftp-batch \
sftp-glob \
sftp-perm \
sftp-uri \
reconfigure \
dynamic-forward \
forwarding \
multiplex \
reexec \
brokenkeys \
sshcfgparse \
cfgparse \
cfgmatch \
cfgmatchlisten \
addrmatch \
localcommand \
forcecommand \
portnum \
keytype \
kextype \
cert-hostkey \
cert-userkey \
host-expand \
keys-command \
forward-control \
integrity \
krl \
multipubkey \
limit-keytype \
hostkey-agent \
keygen-knownhosts \
hostkey-rotate \
principals-command \
cert-file \
cfginclude \
servcfginclude \
allow-deny-users \
authinfo \
sshsig
INTEROP_TESTS= putty-transfer putty-ciphers putty-kex conch-ciphers
#INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
EXTRA_TESTS= agent-pkcs11
#EXTRA_TESTS+= cipher-speed
USERNAME= ${LOGNAME}
CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \
authorized_keys_${USERNAME}.* \
authorized_principals_${USERNAME} \
banner.in banner.out cert_host_key* cert_user_key* \
copy.1 copy.2 data ed25519-agent ed25519-agent* \
ed25519-agent.pub ed25519 ed25519.pub empty.in \
expect failed-regress.log failed-ssh.log failed-sshd.log \
hkr.* host.ecdsa-sha2-nistp256 host.ecdsa-sha2-nistp384 \
host.ecdsa-sha2-nistp521 host.ssh-dss host.ssh-ed25519 \
host.ssh-rsa host_ca_key* host_krl_* host_revoked_* key.* \
key.dsa-* key.ecdsa-* key.ed25519-512 \
key.ed25519-512.pub key.rsa-* keys-command-args kh.* \
known_hosts known_hosts-cert known_hosts.* krl-* ls.copy \
modpipe netcat no_identity_config \
pidfile putty.rsa2 ready regress.log remote_pid \
revoked-* rsa rsa-agent rsa-agent.pub rsa.pub rsa_ssh2_cr.prv \
rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
ssh-rsa_oldfmt \
ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \
t8.out t8.out.pub t9.out t9.out.pub testdata \
user_*key* user_ca* user_key*
# Enable all malloc(3) randomisations and checks
TEST_ENV= "MALLOC_OPTIONS=CFGJRSUX"
TEST_SSH_SSHKEYGEN?=ssh-keygen
CPPFLAGS=-I..
t1:
${TEST_SSH_SSHKEYGEN} -if ./rsa_ssh2.prv | diff - ./rsa_openssh.prv
tr '\n' '\r' <./rsa_ssh2.prv > ./rsa_ssh2_cr.prv
${TEST_SSH_SSHKEYGEN} -if ./rsa_ssh2_cr.prv | diff - ./rsa_openssh.prv
awk '{print $$0 "\r"}' ./rsa_ssh2.prv > ./rsa_ssh2_crnl.prv
${TEST_SSH_SSHKEYGEN} -if ./rsa_ssh2_crnl.prv | diff - ./rsa_openssh.prv
t2:
cat ./rsa_openssh.prv > ./t2.out
chmod 600 ./t2.out
${TEST_SSH_SSHKEYGEN} -yf ./t2.out | diff - ./rsa_openssh.pub
t3:
${TEST_SSH_SSHKEYGEN} -ef ./rsa_openssh.pub >./t3.out
${TEST_SSH_SSHKEYGEN} -if ./t3.out | diff - ./rsa_openssh.pub
t4:
${TEST_SSH_SSHKEYGEN} -E md5 -lf ./rsa_openssh.pub |\
awk '{print $$2}' | diff - ./t4.ok
t5:
${TEST_SSH_SSHKEYGEN} -Bf ./rsa_openssh.pub |\
awk '{print $$2}' | diff - ./t5.ok
t6:
${TEST_SSH_SSHKEYGEN} -if ./dsa_ssh2.prv > ./t6.out1
${TEST_SSH_SSHKEYGEN} -if ./dsa_ssh2.pub > ./t6.out2
chmod 600 ./t6.out1
${TEST_SSH_SSHKEYGEN} -yf ./t6.out1 | diff - ./t6.out2
./t7.out:
${TEST_SSH_SSHKEYGEN} -q -t rsa -N '' -f $@
t7: ./t7.out
${TEST_SSH_SSHKEYGEN} -lf ./t7.out > /dev/null
${TEST_SSH_SSHKEYGEN} -Bf ./t7.out > /dev/null
./t8.out:
${TEST_SSH_SSHKEYGEN} -q -t dsa -N '' -f $@
t8: ./t8.out
${TEST_SSH_SSHKEYGEN} -lf ./t8.out > /dev/null
${TEST_SSH_SSHKEYGEN} -Bf ./t8.out > /dev/null
./t9.out:
test "${TEST_SSH_ECC}" != yes || \
${TEST_SSH_SSHKEYGEN} -q -t ecdsa -N '' -f $@
t9: ./t9.out
test "${TEST_SSH_ECC}" != yes || \
${TEST_SSH_SSHKEYGEN} -lf ./t9.out > /dev/null
test "${TEST_SSH_ECC}" != yes || \
${TEST_SSH_SSHKEYGEN} -Bf ./t9.out > /dev/null
./t10.out:
${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -f $@
t10: ./t10.out
${TEST_SSH_SSHKEYGEN} -lf ./t10.out > /dev/null
${TEST_SSH_SSHKEYGEN} -Bf ./t10.out > /dev/null
t11:
${TEST_SSH_SSHKEYGEN} -E sha256 -lf ./rsa_openssh.pub |\
awk '{print $$2}' | diff - ./t11.ok
./t12.out:
${TEST_SSH_SSHKEYGEN} -q -t ed25519 -N '' -C 'test-comment-1234' -f $@
t12: ./t12.out
${TEST_SSH_SSHKEYGEN} -lf ./t12.out.pub | grep test-comment-1234 >/dev/null
t-exec: ${LTESTS:=.sh}
@if [ "x$?" = "x" ]; then exit 0; fi; \
for TEST in ""$?; do \
skip=no; \
for t in ""$${SKIP_LTESTS}; do \
if [ "x$${t}.sh" = "x$${TEST}" ]; then skip=yes; fi; \
done; \
if [ "x$${skip}" = "xno" ]; then \
echo "run test $${TEST}" ... 1>&2; \
(env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ./test-exec.sh . ./$${TEST}) || exit $$?; \
else \
echo skip test $${TEST} 1>&2; \
fi; \
done
t-exec-interop: ${INTEROP_TESTS:=.sh}
@if [ "x$?" = "x" ]; then exit 0; fi; \
for TEST in ""$?; do \
echo "run test $${TEST}" ... 1>&2; \
(env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ./test-exec.sh . ./$${TEST}) || exit $$?; \
done
t-extra: ${EXTRA_TESTS:=.sh}
@if [ "x$?" = "x" ]; then exit 0; fi; \
for TEST in ""$?; do \
echo "run test $${TEST}" ... 1>&2; \
(env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ./test-exec.sh . ./$${TEST}) || exit $$?; \
done
# Not run by default
interop: ${INTEROP_TARGETS}
# Unit tests, built by top-level Makefile
unit:
set -e ; if test -z "${SKIP_UNIT}" ; then \
V="" ; \
test "x${USE_VALGRIND}" = "x" || \
V=./valgrind-unit.sh ; \
$$V ./unittests/sshbuf/test_sshbuf ; \
$$V ./unittests/sshkey/test_sshkey \
-d ./unittests/sshkey/testdata ; \
$$V ./unittests/bitmap/test_bitmap ; \
$$V ./unittests/conversion/test_conversion ; \
$$V ./unittests/kex/test_kex ; \
$$V ./unittests/hostkeys/test_hostkeys \
-d ./unittests/hostkeys/testdata ; \
$$V ./unittests/match/test_match ; \
if test "x${TEST_SSH_UTF8}" = "xyes" ; then \
$$V ./unittests/utf8/test_utf8 ; \
fi \
fiThis line in test-exec.sh is incorrect because the for the syntax of if -n, nothing (including variable $TEST_SHELL) is supposed to come before the -n .
if $TEST_SHELL -n $SCRIPT; then
true
elsehttp://tldp.org/LDP/Bash-Beginners-Guide/html/sect_07_01.html [ -n STRING ] or [ STRING ] | True if the length of "STRING" is non-zero.
Something is wrong with these lines in the Makefile. .CURDIR and .OBJDIR do not get set correctly.
$(MAKE) \
.OBJDIR="$${BUILDDIR}/regress" \
.CURDIR="`pwd`" \
fishilico
commented
4 years ago Hello,
Thanks for the report. However I am trying to keep package openssh-selinux as close as possible to openssh, and I am unwilling to introduce patches/changes that would make it more different than the base package. Also I really do not want to disable tests, as I really want to detect when an update breaks the tests every time I update the package.
You seem to have spent quite some time to find issues. Did you report them upstream, to OpenSSH developers? If not, before doing so, did you try building the package from the main repository (openssh)? Did it work? Did you try building the package from https://github.com/openssh/openssh-portable (master branch)? Did it work?
By the way, about if $TEST_SHELL -n $SCRIPT, this line is still present upstream (https://github.com/openssh/openssh-portable/blob/300c4322b92e98d3346efa0aec1c094c94d0f964/regress/test-exec.sh#L64) and it does not have the meaning you wrote: here, $TEST_SHELL is not test but a shell such as sh, according to https://github.com/openssh/openssh-portable/blob/e9dc9863723e111ae05e353d69df857f0169544a/configure.ac#L46 :
AC_SUBST([TEST_SHELL], [sh])Running sh -n $SCRIPT has the same effect as running set -n inside a script and is documented in bash manpage (http://man7.org/linux/man-pages/man1/bash.1.html):
-n Read commands but do not execute them. This may be
used to check a shell script for syntax errors. This
is ignored by interactive shells.Anyway, if you want to disable running check() when building a package, add option --nocheck to makepkg where appropriate.
BullShark
commented
4 years ago Arch is garbage. I'm switching to Gentoo with a hardened profile or Fedora for SELinux.