Package: fscrypt
Version: 0.3.4-2
Severity: minor
Tags: patch ftbfs
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu oracular ubuntu-patch

Hi Paride,

The latest version of fscrypt has been stuck for some time in Ubuntu's
devel-proposed pocket because its build-time tests depend on being able to
lock memory for keys, and on the ppc64el builders in Launchpad, less memory

[...]
=== RUN   TestMakeKeys
    crypto_test.go:122: could not lock key in memory
--- FAIL: TestMakeKeys (0.00s)
is available for locking than expected:
[...]

  (https://launchpad.net/ubuntu/+source/fscrypt/0.3.4-2/+build/28152160)

The upstream testsuite does already have support for detecting when
insufficient locked memory is available and avoiding treating that as a
failure, but currently it only applies this when creating "big" keys.

The attached patch causes a number of other tests to be skipped when locked
memory is unavailable.  Unfortunately this is insufficient to get the
package to build because there is one remaining test that fails with a
segfault, that I have not gotten to the bottom of:

[...]
=== RUN   TestKeysAndOutputsDistinct
--- FAIL: TestKeysAndOutputsDistinct (0.00s)
panic: runtime error: invalid memory address or nil pointer dereference 
[recovered]
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x101eeda8]

goroutine 16 [running]:
testing.tRunner.func1.2({0x1021eec0, 0x10410a80})
        /usr/lib/go-1.23/src/testing/testing.go:1632 +0x1e8
testing.tRunner.func1()
[...]

But I believe the patch is still an improvement in overall portability of
the package.

Thanks for considering,

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                   https://www.debian.org/
slanga...@ubuntu.com                                     vor...@debian.org
diff -Nru fscrypt-0.3.4/debian/patches/dont-fail-tests-on-mlock.patch 
fscrypt-0.3.4/debian/patches/dont-fail-tests-on-mlock.patch
--- fscrypt-0.3.4/debian/patches/dont-fail-tests-on-mlock.patch 1969-12-31 
16:00:00.000000000 -0800
+++ fscrypt-0.3.4/debian/patches/dont-fail-tests-on-mlock.patch 2024-09-09 
07:54:54.000000000 -0700
@@ -0,0 +1,91 @@
+Description: don't fail tests when locked memory is unavailable
+ The test suite already has support for skipping tests when locked memory
+ is unavailable, but currently only does this for the "big key" test.  On
+ the Launchpad ppc64el builders, less memory is available for locking than
+ expected.
+ .
+ Patch our test suite to skip tests when locked memory is unavailable
+ instead of failing.  With this, all tests pass under `ulimit -S -l 2`
+ on x86 except for TestKeysAndOutputsDistinct, whose usage of the locked
+ memory is deeper and results in a segfault currently.
+Author: Steve Langasek <steve.langa...@canonical.com>
+Forwarded: no
+Last-Update: 2024-09-09
+
+Index: fscrypt-0.3.4/crypto/crypto_test.go
+===================================================================
+--- fscrypt-0.3.4.orig/crypto/crypto_test.go
++++ fscrypt-0.3.4/crypto/crypto_test.go
+@@ -118,10 +118,15 @@
+       data := []byte("1234\n6789")
+ 
+       key1, err := NewKeyFromReader(bytes.NewReader(data))
+-      if err != nil {
++      switch err {
++      case nil:
++              defer key1.Wipe()
++      case ErrMlockUlimit:
++              // Don't fail just because "ulimit -l" is too low.
++              t.Skip(err)
++      default:
+               t.Fatal(err)
+       }
+-      defer key1.Wipe()
+       if !bytes.Equal(data, key1.data) {
+               t.Error("Key from reader contained incorrect data")
+       }
+@@ -139,6 +144,10 @@
+ // Tests that wipe succeeds
+ func TestWipe(t *testing.T) {
+       key, err := makeKey(1, 1000)
++      if err == ErrMlockUlimit {
++              // Don't fail just because "ulimit -l" is too low.
++              t.Skip(err)
++      }
+       if err != nil {
+               t.Fatal(err)
+       }
+@@ -169,6 +178,10 @@
+ 
+       key2, err := NewKeyFromReader(bytes.NewReader(nil))
+       if err != nil {
++                if err == ErrMlockUlimit {
++                      // Don't fail just because "ulimit -l" is too low.
++                      t.Skip(err)
++              }
+               t.Fatal(err)
+       }
+       defer key2.Wipe()
+@@ -188,6 +201,10 @@
+       }()
+ 
+       if err != nil {
++                if err == ErrMlockUlimit {
++                      // Don't fail just because "ulimit -l" is too low.
++                      t.Skip(err)
++              }
+               t.Fatal(err)
+       }
+       if err := key.Wipe(); err != nil {
+@@ -217,6 +234,10 @@
+       r := io.LimitReader(ConstReader(1), int64(os.Getpagesize())+1)
+       key, err := NewKeyFromReader(r)
+       if err != nil {
++                if err == ErrMlockUlimit {
++                      // Don't fail just because "ulimit -l" is too low.
++                      t.Skip(err)
++              }
+               t.Fatal(err)
+       }
+       defer key.Wipe()
+@@ -257,6 +278,10 @@
+ func TestRandomKeyGen(t *testing.T) {
+       key, err := NewRandomKey(os.Getpagesize())
+       if err != nil {
++                if err == ErrMlockUlimit {
++                      // Don't fail just because "ulimit -l" is too low.
++                      t.Skip(err)
++              }
+               t.Fatal(err)
+       }
+       defer key.Wipe()
diff -Nru fscrypt-0.3.4/debian/patches/series 
fscrypt-0.3.4/debian/patches/series
--- fscrypt-0.3.4/debian/patches/series 1969-12-31 16:00:00.000000000 -0800
+++ fscrypt-0.3.4/debian/patches/series 2024-09-06 16:40:02.000000000 -0700
@@ -0,0 +1 @@
+dont-fail-tests-on-mlock.patch

Reply via email to