Closed evverx closed 1 month ago
I've just triggered Packit and it seems that the test started failing on all the architectures on Fedora Rawhide: https://copr.fedorainfracloud.org/coprs/packit/evverx-scapy-2/build/7766512/.
I reproduced it locally.
>>> correct_sha1_sig
b'\x9b\r%O!\x15\x1f\xc6\x1f\xca\xd6\xd5K\xd0\x16\xad2u\xc1hC\x19\xff\xbd\x8cq\xc4\x8d\x7f\xce"\xaeb\x8bB\xac\xdf\xc5\xb2\xc9\xb8C\xed\xc3\x105\xf9\x19\n\x02#\xae\xebk,s\x7f\x9b\xfc\'\xf5\xa0\xf1\xcb\xdb\xee\xb9\xb5\xaf\xad\xc6\xea\x86\xea\xfc\xd9\x86[Vyo\x12*\x84\x13&?P\xba\x82im\x97\xed@\xb6+\xfd\x8d\x03-x\xa0^\x9b\nR\xd7\xf0\xb0j\xdco\xe5s\xa1\x949:\r\xea.\x0e\xb8\xa7\x81\xf7\x1co%\xa0q\xb1R\x1d\x9dE\xbd"\xa7\xac\x1d\xabjW\x8c\x88\x84}\x7f~XjX\xce;.1\xcfk\xfb\x88\x19\xba2\x86_)\xe5\xbbwiV\xd7\x17\t\xbf5\xea\xac9S\xc3q\x0b\x01ua\xa5t#z\x96\x82\xc4\xed\xbe\x1e$8c\x1d\xbb.G`\xb7j\x89\x96s!\x96\xd6dq4\x95\x08\xd0d9\x10pyV\xfc\xb8\x99\xccJ\x1bP\xccc\x11\xbf\xacg\xff\x10y>\xc4\xf2W\xa4\x84\xc8\xba\x06\xe2\xb2\x96\xe6\xb8'
>>> raw(c_resigned.signatureValue)
b'\xd1PD\xf0z\xb9<\xec\x80\x9d\xff\xde\xb9\x13\xdc\xea\x1d\xf1\xec\x82\x9c\xa9\x00{\xaa\xaaI<%h\x82n\xc6\x84\n\x98\xa6b\x99\xd9t\xcc\x86\x92\xf43\xbd\xde\x15I\x1a\xcb\xcc\x14\x8e\xa7\xe7Y\x85\x17*_\xc9\x83\x9a\x9c\x1c\x8b\xfd\x02j[BW3`Q\xc2\x1e\xa4\xc8nu4\x1f\x90\xda\x04\xe7\xd5\x9e\x9f\x03\x12\x92\xc7\xddN \xf4+r\xf9\x00\x05\xac}\x833\xae\xb5\xadh\x9a{\x1dlz\x8eF1kzk%\xe4\xa0s\x0b\x81X\xd8\x04\x05\xb8!\xca\x01\xe4\x92\xf9\xa7\xdb/\xdd\x10\x9c\x94\x0c\xe4\xb2\xa4\x927#\xd4\x8b\xfbT\xbbGPg\xf5SA\\.W=^F<t8\x1aDVH\xf2J(\x9f\xd0\xab\xaa\xef\xcb\x166\x9fNl\x93\xb7\x1bE\xd2@\xd5\x08\xea\xc3\xbaa]qx\xcd\x87-\x13\x0b\xc2\xc4\x80\xf0`\xd1\x92\xa52Ua\xeeg\xd0\xab\xf3\xb1r\x96\xf7\xea\x96`+\xba\x02\x1b\xbc\xb0\xd9\xcaC\xaahP\xa3\xf1Q\x04i=\xf2\x91'
>>> c_resigned.show2() 23:59:04 [19/1980]
###[ X509_Cert ]###
\tbsCertificate\
|###[ X509_TBSCertificate ]###
| version = 'v3' 0x2 <ASN1_INTEGER[2]>
| serialNumber= 0xb9100596bbac2445 <ASN1_INTEGER[13335164641595892805]>
| \signature \
| |###[ X509_AlgorithmIdentifier ]###
| | algorithm = <ASN1_OID['sha1-with-rsa-signature']>
| | parameters= <ASN1_NULL[0]>
| \issuer \
| |###[ X509_RDN ]###
| | \rdn \
| | |###[ X509_AttributeTypeAndValue ]###
| | | type = <ASN1_OID['commonName']>
| | | value = <ASN1_UTF8_STRING[b'secdev.org']>
| \validity \
| |###[ X509_Validity ]###
| | not_before= 2018-02-27 16:56:22 UTC <ASN1_UTC_TIME['180227165622Z']>
| | not_after = 2028-02-25 16:56:22 UTC <ASN1_UTC_TIME['280225165622Z']>
| \subject \
| |###[ X509_RDN ]###
| | \rdn \
| | |###[ X509_AttributeTypeAndValue ]###
| | | type = <ASN1_OID['commonName']>
| | | value = <ASN1_UTF8_STRING[b'secdev.org']>
| \subjectPublicKeyInfo\
| |###[ X509_SubjectPublicKeyInfo ]###
| | \signatureAlgorithm\
| | |###[ X509_AlgorithmIdentifier ]###
| | | algorithm = <ASN1_OID['rsaEncryption']>
| | | parameters= <ASN1_NULL[0]>
| | \subjectPublicKey\
| | |###[ RSAPublicKey ]###
| | | modulus = 0xd4bf0a69c7...f748545eb1 <ASN1_INTEGER[2685672632...3604718257]>
| | | publicExponent= 0x10001 <ASN1_INTEGER[65537]>
| issuerUniqueID= None
| subjectUniqueID= None
| \extensions\
| |###[ X509_Extension ]###
| | extnID = <ASN1_OID['subjectKeyIdentifier']>
| | critical = None
| | \extnValue \
| | |###[ X509_ExtSubjectKeyIdentifier ]###
| | | keyIdentifier= <ASN1_STRING[b'\x7f\xdf$\x18\xeaL\tPEt|Eo\xc0\xda/\xabO{\xef']>
| |###[ X509_Extension ]###
| | extnID = <ASN1_OID['authorityKeyIdentifier']>
| | critical = None
| | \extnValue \
| | |###[ X509_ExtAuthorityKeyIdentifier ]###
| | | keyIdentifier= <ASN1_STRING[b'\x7f\xdf$\x18\xeaL\tPEt|Eo\xc0\xda/\xabO{\xef']>
| | | authorityCertIssuer= None
| | | authorityCertSerialNumber= None
| |###[ X509_Extension ]###
| | extnID = <ASN1_OID['basicConstraints']>
| | critical = None
| | \extnValue \
| | |###[ X509_ExtBasicConstraints ]###
| | | cA = True <ASN1_BOOLEAN[-1]>
| | | pathLenConstraint= None
\signatureAlgorithm\
|###[ X509_AlgorithmIdentifier ]###
| algorithm = <ASN1_OID['sha1-with-rsa-signature']>
| parameters= <ASN1_NULL[0]>
signatureValue= <_Raw_ASN1_BIT_STRING[1101000101...1010010001]=b'\xd1PD\xf0z\xb9<\xec\x80\x9d...hP\xa3\xf1Q\x04i=\xf2\x91' (0 unused bit)>
Thanks for the report. Do you think that this could be related to #4463 ? Do we have a simple way of testing that?
I don't think it's related. I rolled back scapy to https://github.com/secdev/scapy/releases/tag/v2.6.0rc1 to exclude the recent PRs and the test failed. I should have mentioned that sorry! My guess would be that it has something to do with either the python prerelease or cryptography (or both).
I tracked it down. openssl
was updated on Fedora Rawhide along with changes like https://src.fedoraproject.org/rpms/openssl/c/e9284f5bee9b3a6ebf87a4a40de5ec48747836b4?branch=rawhide. The packit script didn't set up OPENSSL_CONF using .config/ci/openssl.py
properly and it fell apart. The test passes with the following patch applied
diff --git a/.packit.yml b/.packit.yml
index 7636390f..9d4839cc 100644
--- a/.packit.yml
+++ b/.packit.yml
@@ -17,7 +17,7 @@ actions:
- "git clone https://src.fedoraproject.org/rpms/scapy .packit_rpm --depth=1"
# Drop the "sources" file so rebase-helper doesn't think we're a dist-git
- "rm -fv .packit_rpm/sources"
- - "sed -i '/^# check$/a%check\\n./test/run_tests -c test/configs/linux.utsc -K scanner' .packit_rpm/scapy.spec"
+ - "sed -i '/^# check$/a%check\\nOPENSSL_CONF=$(python3 ./.config/ci/openssl.py) ./test/run_tests -c test/configs/linux.utsc -K scanner' .packit_rpm/scapy.spec"
- "sed -i '/^BuildArch/aBuildRequires: can-utils' .packit_rpm/scapy.spec"
- "sed -i '/^BuildArch/aBuildRequires: libpcap' .packit_rpm/scapy.spec"
- "sed -i '/^BuildArch/aBuildRequires: openssl' .packit_rpm/scapy.spec"
I'll send it tomorrow.
Brief description
The test fails with
https://download.copr.fedorainfracloud.org/results/packit/evverx-scapy-2/fedora-rawhide-i386/07751439-scapy/builder-live.log.gz
(As far as I can see it started failing a couple of days ago so given that Fedora Rawhide is kind of unstable it can be a glitch that can fix itself in a week or so)
Scapy version
f199f916c89a0fbe0fbb836e3f580d1e6a70c955
Python version
Python 3.13.0~b3-2.fc41
Operating system
Fedora Rawhide
Additional environment information
No response
How to reproduce
It should be enough to trigger Packit with the master branch.
Actual result
No response
Expected result
No response
Related resources
No response