Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#993451: osslsigncode: timestamp-based tests fail on amd64 (sometimes)
84 views
Skip to first unread message
Stephen Kitt
Sep 1, 2021, 11:50:03 AM9/1/21
to
Package: osslsigncode
Version: 2.2-1
Severity: normal
Tags: upstream
Dear Maintainer,
The tests enabled in 2.2-1 failed on amd64 on the buildd:
071. Sign a CAT file with Authenticode timestamping failed
072. Sign a MSI file with Authenticode timestamping failed
073. Sign a CAB file with Authenticode timestamping failed
074. Sign a PE file with Authenticode timestamping failed
081. Sign a CAT file with RFC 3161 timestamping failed
082. Sign a MSI file with RFC 3161 timestamping failed
083. Sign a CAB file with RFC 3161 timestamping failed
084. Sign a PE file with RFC 3161 timestamping failed
371. Add an authenticode timestamp to the CAT signed file failed
372. Add an authenticode timestamp to the MSI signed file failed
373. Add an authenticode timestamp to the CAB signed file failed
374. Add an authenticode timestamp to the PE signed file failed
381. Add a RFC 3161 timestamp to the CAT signed file failed
382. Add a RFC 3161 timestamp to the MSI signed file failed
383. Add a RFC 3161 timestamp to the CAB signed file failed
384. Add a RFC 3161 timestamp to the PE signed file failed
464. Verify changed PE file after signing with Authenticode timestamping failed
474. Verify changed PE file after signing with RFC 3161 timestamping failed
521. Verify a CAT file signed with Authenticode after the cert has been expired failed
522. Verify a MSI file signed with Authenticode after the cert has been expired failed
523. Verify a CAB file signed with Authenticode after the cert has been expired failed
524. Verify a PE file signed with Authenticode after the cert has been expired failed
531. Verify a CAT file signed with RFC3161 after the cert has been expired failed
532. Verify a MSI file signed with RFC3161 after the cert has been expired failed
533. Verify a CAB file signed with RFC3161 after the cert has been expired failed
534. Verify a PE file signed with RFC3161 after the cert has been expired failed
541. Verify a CAT file signed with the expired cert failed
542. Verify a MSI file signed with the expired cert failed
543. Verify a CAB file signed with the expired cert failed
544. Verify a PE file signed with the expired cert failed
551. Verify a CAT file signed with the revoked cert failed
552. Verify a MSI file signed with the revoked cert failed
553. Verify a CAB file signed with the revoked cert failed
554. Verify a PE file signed with the revoked cert failed
562. Verify a MSI file signed with the multiple signature failed
563. Verify a CAB file signed with the multiple signature failed
564. Verify a PE file signed with the multiple signature failed
See
https://buildd.debian.org/status/fetch.php?pkg=osslsigncode&arch=amd64&ver=2.2-1&stamp=1630508600&raw=0
for the complete logs.
Regards,
Stephen
-- System Information:
Debian Release: 10.10
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable-debug'), (500, 'oldstable'), (100, 'unstable-debug'), (100, 'testing-debug'), (100, 'unstable'), (100, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64
Kernel: Linux 4.19.0-17-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages osslsigncode depends on:
ii libc6 2.28-10
ii libcurl3-gnutls 7.64.0-4+deb10u2
ii libglib2.0-0 2.58.3-2+deb10u3
ii libgsf-1-114 1.14.45-1
ii libssl1.1 1.1.1d-0+deb10u7
ii libxml2 2.9.4+dfsg1-7+deb10u2
osslsigncode recommends no packages.
osslsigncode suggests no packages.
-- no debconf information
Version: 2.2-1
Severity: normal
Tags: upstream
Dear Maintainer,
The tests enabled in 2.2-1 failed on amd64 on the buildd:
071. Sign a CAT file with Authenticode timestamping failed
072. Sign a MSI file with Authenticode timestamping failed
073. Sign a CAB file with Authenticode timestamping failed
074. Sign a PE file with Authenticode timestamping failed
081. Sign a CAT file with RFC 3161 timestamping failed
082. Sign a MSI file with RFC 3161 timestamping failed
083. Sign a CAB file with RFC 3161 timestamping failed
084. Sign a PE file with RFC 3161 timestamping failed
371. Add an authenticode timestamp to the CAT signed file failed
372. Add an authenticode timestamp to the MSI signed file failed
373. Add an authenticode timestamp to the CAB signed file failed
374. Add an authenticode timestamp to the PE signed file failed
381. Add a RFC 3161 timestamp to the CAT signed file failed
382. Add a RFC 3161 timestamp to the MSI signed file failed
383. Add a RFC 3161 timestamp to the CAB signed file failed
384. Add a RFC 3161 timestamp to the PE signed file failed
464. Verify changed PE file after signing with Authenticode timestamping failed
474. Verify changed PE file after signing with RFC 3161 timestamping failed
521. Verify a CAT file signed with Authenticode after the cert has been expired failed
522. Verify a MSI file signed with Authenticode after the cert has been expired failed
523. Verify a CAB file signed with Authenticode after the cert has been expired failed
524. Verify a PE file signed with Authenticode after the cert has been expired failed
531. Verify a CAT file signed with RFC3161 after the cert has been expired failed
532. Verify a MSI file signed with RFC3161 after the cert has been expired failed
533. Verify a CAB file signed with RFC3161 after the cert has been expired failed
534. Verify a PE file signed with RFC3161 after the cert has been expired failed
541. Verify a CAT file signed with the expired cert failed
542. Verify a MSI file signed with the expired cert failed
543. Verify a CAB file signed with the expired cert failed
544. Verify a PE file signed with the expired cert failed
551. Verify a CAT file signed with the revoked cert failed
552. Verify a MSI file signed with the revoked cert failed
553. Verify a CAB file signed with the revoked cert failed
554. Verify a PE file signed with the revoked cert failed
562. Verify a MSI file signed with the multiple signature failed
563. Verify a CAB file signed with the multiple signature failed
564. Verify a PE file signed with the multiple signature failed
See
https://buildd.debian.org/status/fetch.php?pkg=osslsigncode&arch=amd64&ver=2.2-1&stamp=1630508600&raw=0
for the complete logs.
Regards,
Stephen
-- System Information:
Debian Release: 10.10
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable-debug'), (500, 'oldstable'), (100, 'unstable-debug'), (100, 'testing-debug'), (100, 'unstable'), (100, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64
Kernel: Linux 4.19.0-17-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages osslsigncode depends on:
ii libc6 2.28-10
ii libcurl3-gnutls 7.64.0-4+deb10u2
ii libglib2.0-0 2.58.3-2+deb10u3
ii libgsf-1-114 1.14.45-1
ii libssl1.1 1.1.1d-0+deb10u7
ii libxml2 2.9.4+dfsg1-7+deb10u2
osslsigncode recommends no packages.
osslsigncode suggests no packages.
-- no debconf information
Michał Trojnara
Mar 9, 2022, 8:00:03 AM3/9/22
to
Hi Stephen,
Didn't you notice that these tests are *not* part of the osslsigncode release tarball? Just because some random code can be found is in the same GitHub repository doesn't meany it's suitable for production use.
There is a very good reason why "make check" doesn't work in
osslsigncode. It will work when the tests are ready for
production use. Hopefully soon. We're working on this.
Best regards,
Mike (the upstream maintainer)
Stephen Kitt
Mar 9, 2022, 10:50:03 AM3/9/22
to
Hi Mike,
Le 09/03/2022 13:41, Michał Trojnara a écrit :
> Didn't you notice that these tests are *not* part of the osslsigncode
> release tarball? Just because some random code can be found is in the
> same GitHub repository doesn't meany it's suitable for production use.
Apologies, I did not notice this. Unfortunately the previous
version-tracking setup downloaded the tag-based tarballs provided by
GitHub rather than the separate release tarballs you prepared. I’ve
fixed that, so going forward the release tarballs will be used (and
their signature verified).
> There is a very good reason why "make check" doesn't work in
> osslsigncode. It will work when the tests are ready for production
> use. Hopefully soon. We're working on this.
Noted, thanks!
Regards,
Stephen
Le 09/03/2022 13:41, Michał Trojnara a écrit :
> Didn't you notice that these tests are *not* part of the osslsigncode
> release tarball? Just because some random code can be found is in the
> same GitHub repository doesn't meany it's suitable for production use.
version-tracking setup downloaded the tag-based tarballs provided by
GitHub rather than the separate release tarballs you prepared. I’ve
fixed that, so going forward the release tarballs will be used (and
their signature verified).
> There is a very good reason why "make check" doesn't work in
> osslsigncode. It will work when the tests are ready for production
> use. Hopefully soon. We're working on this.
Regards,
Stephen
0 new messages