Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package tpm2.0-tools for openSUSE:Factory
checked in at 2022-07-14 16:33:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tpm2.0-tools (Old)
and /work/SRC/openSUSE:Factory/.tpm2.0-tools.new.1523 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm2.0-tools"
Thu Jul 14 16:33:27 2022 rev:35 rq:989125 version:5.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/tpm2.0-tools/tpm2.0-tools.changes
2022-07-09 16:59:14.828455013 +0200
+++ /work/SRC/openSUSE:Factory/.tpm2.0-tools.new.1523/tpm2.0-tools.changes
2022-07-14 16:33:33.488587695 +0200
@@ -1,0 +2,14 @@
+Thu Jul 14 09:49:39 UTC 2022 - Alberto Planas Dominguez <apla...@suse.com>
+
+- Disable tests in some architectures (ppc, ppc64, s390x)
+
+-------------------------------------------------------------------
+Wed Jul 13 11:50:11 UTC 2022 - Alberto Planas Dominguez <apla...@suse.com>
+
+- Add patch to fix leakage of TPM simulator process
+ add_missing_shut_down_call_on_cleanup.patch
+- Add patch to fix fapi-quote-verify[_ecc].sh test
+ fix_check_of_qualifying_data.patch
+- Enable test execution by default
+
+-------------------------------------------------------------------
New:
----
add_missing_shut_down_call_on_cleanup.patch
fix_check_of_qualifying_data.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tpm2.0-tools.spec ++++++
--- /var/tmp/diff_new_pack.cFv4rP/_old 2022-07-14 16:33:34.020588194 +0200
+++ /var/tmp/diff_new_pack.cFv4rP/_new 2022-07-14 16:33:34.024588197 +0200
@@ -17,7 +17,12 @@
%define _lto_cflags %{nil}
+%ifarch %{ix86} x86_64 aarch64 %{arm} ppc64le
+%bcond_without test
+%else
+# ppc ppc64 s390x
%bcond_with test
+%endif
Name: tpm2.0-tools
Version: 5.2
Release: 0
@@ -32,6 +37,10 @@
Patch0: fix_bogus_warning.patch
# PATCH-FIX-UPSTREAM
0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch -- based on
PR#3041
Patch1: 0001-tests-getekcertificate.sh-Skip-the-test-if-curl-is-n.patch
+# PATCH-FIX-UPSTREAM add_missing_shut_down_call_on_cleanup.patch -- based on
PR#3047
+Patch2: add_missing_shut_down_call_on_cleanup.patch
+# PATCH-FIX-UPSTREAM fix_check_of_qualifying_data.patch -- already merged
+Patch3: fix_check_of_qualifying_data.patch
BuildRequires: gcc-c++
BuildRequires: libcurl-devel
BuildRequires: libopenssl-devel
@@ -102,7 +111,7 @@
%check
# Do the tests sequentially to kill all tpm_server instances
# https://github.com/tpm2-software/tpm2-tools/issues/3042
-%make_build -j1 check
+%make_build check
%endif
%changelog
++++++ add_missing_shut_down_call_on_cleanup.patch ++++++
>From db6aa7ac5094a04168e60256e154786c0c7e7c1c Mon Sep 17 00:00:00 2001
From: Alberto Planas <apla...@suse.com>
Date: Wed, 13 Jul 2022 13:35:19 +0200
Subject: [PATCH] test: add missing shut_down call on cleanup
The tests "gettime", "readclock" and "symlink" are not calling
"shut_down" during the "cleanup" stage, making the TPM simulator to keep
their process during the "make check". Somehow this produces problems
when the tests are executed in parallel under certain conditions, with
the effect of "make" not ending and waiting to those process to die.
This commit and the mising call in the "cleanup" stage.
Fix #3042
Signed-off-by: Alberto Planas <apla...@suse.com>
---
test/integration/tests/gettime.sh | 5 ++++-
test/integration/tests/readclock.sh | 5 ++++-
test/integration/tests/symlink.sh | 5 ++++-
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/test/integration/tests/gettime.sh
b/test/integration/tests/gettime.sh
index 5a91210a7..054bef864 100644
--- a/test/integration/tests/gettime.sh
+++ b/test/integration/tests/gettime.sh
@@ -3,7 +3,10 @@
source helpers.sh
cleanup() {
- rm -f attest.sig attest.data
+ rm -f attest.sig attest.data
+ if [ "$1" != "no-shut-down" ]; then
+ shut_down
+ fi
}
trap cleanup EXIT
diff --git a/test/integration/tests/readclock.sh
b/test/integration/tests/readclock.sh
index 56a4c8622..2c59dad09 100644
--- a/test/integration/tests/readclock.sh
+++ b/test/integration/tests/readclock.sh
@@ -3,7 +3,10 @@
source helpers.sh
cleanup() {
- rm -f clock.yaml
+ rm -f clock.yaml
+ if [ "$1" != "no-shut-down" ]; then
+ shut_down
+ fi
}
trap cleanup EXIT
diff --git a/test/integration/tests/symlink.sh
b/test/integration/tests/symlink.sh
index d1c800ad0..b61349eef 100644
--- a/test/integration/tests/symlink.sh
+++ b/test/integration/tests/symlink.sh
@@ -4,7 +4,10 @@ source helpers.sh
TMP="$(mktemp -d)"
cleanup() {
- rm -rf "$TMP"
+ rm -rf "$TMP"
+ if [ "$1" != "no-shut-down" ]; then
+ shut_down
+ fi
}
trap cleanup EXIT
++++++ fix_check_of_qualifying_data.patch ++++++
>From 3b1f00301350848e9454c7adf0487c1a14738236 Mon Sep 17 00:00:00 2001
From: Juergen Repp <juergen.r...@sit.fraunhofer.de>
Date: Sat, 8 Jan 2022 13:43:00 +0100
Subject: [PATCH] test/fapi/fapi-quote-verify.sh Fix check of qualifying data.
Because of a bug in Fapi_VerifyQuote the qualifying data was not checked
correctly.
Errors that were not recognized before occur now.
The order of the tests was cleaned up and for every quote and verify quote now
the correct combination of the qualifying data and quote info containing the
nonce
is used.
Signed-off-by: Juergen Repp <juergen.r...@sit.fraunhofer.de>
---
test/integration/fapi/fapi-quote-verify.sh | 38 ++++++++++++----------
1 file changed, 20 insertions(+), 18 deletions(-)
diff --git a/test/integration/fapi/fapi-quote-verify.sh
b/test/integration/fapi/fapi-quote-verify.sh
index ad4ade3a1..497d4337f 100644
--- a/test/integration/fapi/fapi-quote-verify.sh
+++ b/test/integration/fapi/fapi-quote-verify.sh
@@ -18,6 +18,7 @@ KEY_PATH=HS/SRK/quotekey
NONCE_FILE=$TEMP_DIR/nonce.file
PUBLIC_QUOTE_KEY=$TEMP_DIR/public_quote.key
QUOTE_INFO=$TEMP_DIR/quote.info
+QUOTE_EMPTY_INFO=$TEMP_DIR/quote_empty.info
SIGNATURE_FILE=$TEMP_DIR/signature.file
CERTIFICATE_FILE=$TEMP_DIR/certificate.file
PCR_LOG=$TEMP_DIR/pcr.log
@@ -35,14 +36,32 @@ tss2 provision
tss2 createkey --path=$KEY_PATH --type="noDa, restricted, sign" --authValue=""
+tss2 exportkey --pathOfKeyToDuplicate=$KEY_PATH
--exportedData=$PUBLIC_QUOTE_KEY --force
+tss2 import --path="ext/myNewParent" --importData=$PUBLIC_QUOTE_KEY
+
+
tss2 quote --keyPath=$KEY_PATH --pcrList="11, 12, 13, 14, 15, 16"
--qualifyingData=$NONCE_FILE \
--signature=$SIGNATURE_FILE --pcrLog=$PCR_LOG \
--certificate=$CERTIFICATE_FILE --quoteInfo=$QUOTE_INFO --force
+tss2 verifyquote --publicKeyPath="ext/myNewParent" \
+ --qualifyingData=$NONCE_FILE --quoteInfo=$QUOTE_INFO \
+ --signature=$SIGNATURE_FILE --pcrLog=$PCR_LOG
+
echo "tss2 quote with EMPTY_FILE" # Expected to succeed
tss2 quote --keyPath=$KEY_PATH --pcrList="11, 12, 13, 14, 15, 16" \
--qualifyingData=$EMPTY_FILE --signature=$SIGNATURE_FILE --pcrLog=$PCR_LOG
\
- --certificate=$CERTIFICATE_FILE --quoteInfo=$QUOTE_INFO --force
+ --certificate=$CERTIFICATE_FILE --quoteInfo=$QUOTE_EMPTY_INFO --force
+
+echo "tss2 verifyquote with EMPTY_FILE qualifyingData" # Expected to succeed
+tss2 verifyquote --publicKeyPath="ext/myNewParent" \
+ --qualifyingData=$EMPTY_FILE --quoteInfo=$QUOTE_EMPTY_INFO \
+ --signature=$SIGNATURE_FILE --pcrLog=$PCR_LOG
+
+# Try with missing qualifyingData
+tss2 verifyquote --publicKeyPath="ext/myNewParent" \
+ --quoteInfo=$QUOTE_EMPTY_INFO \
+ --signature=$SIGNATURE_FILE
echo "tss2 quote with BIG_FILE" # Expected to fail
expect <<EOF
@@ -65,18 +84,6 @@ if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then
exit 1
fi
-tss2 exportkey --pathOfKeyToDuplicate=$KEY_PATH
--exportedData=$PUBLIC_QUOTE_KEY --force
-tss2 import --path="ext/myNewParent" --importData=$PUBLIC_QUOTE_KEY
-
-tss2 verifyquote --publicKeyPath="ext/myNewParent" \
- --qualifyingData=$NONCE_FILE --quoteInfo=$QUOTE_INFO \
- --signature=$SIGNATURE_FILE --pcrLog=$PCR_LOG
-
-echo "tss2 verifyquote with EMPTY_FILE qualifyingData" # Expected to succeed
-tss2 verifyquote --publicKeyPath="ext/myNewParent" \
- --qualifyingData=$EMPTY_FILE --quoteInfo=$QUOTE_INFO \
- --signature=$SIGNATURE_FILE --pcrLog=$PCR_LOG
-
echo "tss2 verifyquote with BIG_FILE qualifyingData" # Expected to fail
expect <<EOF
spawn sh -c "tss2 verifyquote --publicKeyPath=\"ext/myNewParent\" \
@@ -537,9 +544,4 @@ if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
}
EOF
-# Try with missing qualifyingData
-tss2 verifyquote --publicKeyPath="ext/myNewParent" \
- --quoteInfo=$QUOTE_INFO \
- --signature=$SIGNATURE_FILE
-
exit 0
diff --git a/test/integration/fapi/fapi-quote-verify.sh
b/test/integration/fapi/fapi-quote-verify_ecc.sh
index ad4ade3a1..497d4337f 100644
--- a/test/integration/fapi/fapi-quote-verify_ecc.sh
+++ b/test/integration/fapi/fapi-quote-verify_ecc.sh
@@ -18,6 +18,7 @@ KEY_PATH=HS/SRK/quotekey
NONCE_FILE=$TEMP_DIR/nonce.file
PUBLIC_QUOTE_KEY=$TEMP_DIR/public_quote.key
QUOTE_INFO=$TEMP_DIR/quote.info
+QUOTE_EMPTY_INFO=$TEMP_DIR/quote_empty.info
SIGNATURE_FILE=$TEMP_DIR/signature.file
CERTIFICATE_FILE=$TEMP_DIR/certificate.file
PCR_LOG=$TEMP_DIR/pcr.log
@@ -35,14 +36,32 @@ tss2 provision
tss2 createkey --path=$KEY_PATH --type="noDa, restricted, sign" --authValue=""
+tss2 exportkey --pathOfKeyToDuplicate=$KEY_PATH
--exportedData=$PUBLIC_QUOTE_KEY --force
+tss2 import --path="ext/myNewParent" --importData=$PUBLIC_QUOTE_KEY
+
+
tss2 quote --keyPath=$KEY_PATH --pcrList="11, 12, 13, 14, 15, 16"
--qualifyingData=$NONCE_FILE \
--signature=$SIGNATURE_FILE --pcrLog=$PCR_LOG \
--certificate=$CERTIFICATE_FILE --quoteInfo=$QUOTE_INFO --force
+tss2 verifyquote --publicKeyPath="ext/myNewParent" \
+ --qualifyingData=$NONCE_FILE --quoteInfo=$QUOTE_INFO \
+ --signature=$SIGNATURE_FILE --pcrLog=$PCR_LOG
+
echo "tss2 quote with EMPTY_FILE" # Expected to succeed
tss2 quote --keyPath=$KEY_PATH --pcrList="11, 12, 13, 14, 15, 16" \
--qualifyingData=$EMPTY_FILE --signature=$SIGNATURE_FILE --pcrLog=$PCR_LOG
\
- --certificate=$CERTIFICATE_FILE --quoteInfo=$QUOTE_INFO --force
+ --certificate=$CERTIFICATE_FILE --quoteInfo=$QUOTE_EMPTY_INFO --force
+
+echo "tss2 verifyquote with EMPTY_FILE qualifyingData" # Expected to succeed
+tss2 verifyquote --publicKeyPath="ext/myNewParent" \
+ --qualifyingData=$EMPTY_FILE --quoteInfo=$QUOTE_EMPTY_INFO \
+ --signature=$SIGNATURE_FILE --pcrLog=$PCR_LOG
+
+# Try with missing qualifyingData
+tss2 verifyquote --publicKeyPath="ext/myNewParent" \
+ --quoteInfo=$QUOTE_EMPTY_INFO \
+ --signature=$SIGNATURE_FILE
echo "tss2 quote with BIG_FILE" # Expected to fail
expect <<EOF
@@ -65,18 +84,6 @@ if [[ "`cat $LOG_FILE`" == $SANITIZER_FILTER ]]; then
exit 1
fi
-tss2 exportkey --pathOfKeyToDuplicate=$KEY_PATH
--exportedData=$PUBLIC_QUOTE_KEY --force
-tss2 import --path="ext/myNewParent" --importData=$PUBLIC_QUOTE_KEY
-
-tss2 verifyquote --publicKeyPath="ext/myNewParent" \
- --qualifyingData=$NONCE_FILE --quoteInfo=$QUOTE_INFO \
- --signature=$SIGNATURE_FILE --pcrLog=$PCR_LOG
-
-echo "tss2 verifyquote with EMPTY_FILE qualifyingData" # Expected to succeed
-tss2 verifyquote --publicKeyPath="ext/myNewParent" \
- --qualifyingData=$EMPTY_FILE --quoteInfo=$QUOTE_INFO \
- --signature=$SIGNATURE_FILE --pcrLog=$PCR_LOG
-
echo "tss2 verifyquote with BIG_FILE qualifyingData" # Expected to fail
expect <<EOF
spawn sh -c "tss2 verifyquote --publicKeyPath=\"ext/myNewParent\" \
@@ -537,9 +544,4 @@ if {[lindex \$ret 2] || [lindex \$ret 3] != 1} {
}
EOF
-# Try with missing qualifyingData
-tss2 verifyquote --publicKeyPath="ext/myNewParent" \
- --quoteInfo=$QUOTE_INFO \
- --signature=$SIGNATURE_FILE
-
exit 0
