Bug#818997: [pkg-gnupg-maint] Bug#818997: gpgv.exe linked dynamically against zlib1, doesn't allow proper signature verification
On Tue 2016-04-05 02:23:59 -0400, Didier 'OdyX' Raboud wrote: > gpgv-win32 from unstable seems to work for me now (using the > debian/tests/gpgv-win32 test at least). good! > The CI test still fails though, you might want to try integrating > Antonio's proposal below. it should already be integrated in the version in experimental. Please let me know if that doesn't work for you. (maybe the CI isn't pulling from experimental at all so we just don't see it?) > That '53' error is gpgv.exe failing to load zlib1, so it was just > exposing this very bug. :) There's no need to wrap it in xvfb-run, > AFAIK. right, agreed. --dkg
Bug#818997: [pkg-gnupg-maint] Bug#818997: gpgv.exe linked dynamically against zlib1, doesn't allow proper signature verification
Hi Daniel, gpgv-win32 from unstable seems to work for me now (using the debian/tests/gpgv-win32 test at least). The CI test still fails though, you might want to try integrating Antonio's proposal below. Le jeudi, 24 mars 2016, 14.41:54 Antonio Terceiro a écrit : > the caveat in this case is that since wine32 is not directly > installable in a plain amd64 system, you can't declare it as test > dependency, but you can say that the test requires root permissions, > and do whatever special setup you need from within the test itself. > > You want something like this: (…) > (…) > The above patch solves the installability issue, but the test still > fails for me. The portion of the log after the installation phase > looks like this: > > (…) > gpgv-win32 FAIL non-zero exit status 53 > > > maybe you need to wrap the wine call with xvfb-run or something like > that? or maybe it's related to running wine as root (which is probably > as scary as it sounds), so you could also create a fresh user to run > the gpg commands as. That '53' error is gpgv.exe failing to load zlib1, so it was just exposing this very bug. :) There's no need to wrap it in xvfb-run, AFAIK. -- Cheers, OdyX signature.asc Description: This is a digitally signed message part.
Bug#818997: [pkg-gnupg-maint] Bug#818997: gpgv.exe linked dynamically against zlib1, doesn't allow proper signature verification
On Thu, Mar 24, 2016 at 03:07:01PM +0100, Didier 'OdyX' Raboud wrote: > Le mercredi, 23 mars 2016, 23.14:59 Daniel Kahn Gillmor a écrit : > > On Tue 2016-03-22 12:49:10 -0400, Didier 'OdyX' Raboud wrote: > > > (By the way, the CI seems to have never run successfully in the last > > > months: https://ci.debian.net/packages/g/gnupg/unstable/amd64/ …) > > > > this appears to be because of uninstallable dependencies; the tests > > can really only run on i386 systems or multiarch systems, right? is > > wine32 available in amd64? > > As far as I understand it, wine32 is only available on i386, and the > current way to install it on amd64 hosts is through multiarch. > > > I don't see any other architectures available at > > https://ci.debian.net/packages/g/gnupg/unstable/, and i'm assuming > > that the amd64 ci tester isn't multiarch. or am i misinterpreting > > something? > > CC'ing Antonio: there's no way to setup multiarch within an autopkgtest, > right ? there is a way to do almost anything :) the caveat in this case is that since wine32 is not directly installable in a plain amd64 system, you can't declare it as test dependency, but you can say that the test requires root permissions, and do whatever special setup you need from within the test itself. You want something like this: 8<8<8<- diff -Nru gnupg-1.4.20.orig/debian/tests/control gnupg-1.4.20/debian/tests/control --- gnupg-1.4.20.orig/debian/tests/control 2016-03-24 14:12:58.824795760 -0300 +++ gnupg-1.4.20/debian/tests/control 2016-03-24 14:32:39.620589105 -0300 @@ -1,2 +1,4 @@ Tests: gpgv-win32 -Depends: gpgv-win32, wine, wine32, gpg +Depends: gpgv-win32, gnupg +Restrictions: needs-root, allow-stderr + diff -Nru gnupg-1.4.20.orig/debian/tests/gpgv-win32 gnupg-1.4.20/debian/tests/gpgv-win32 --- gnupg-1.4.20.orig/debian/tests/gpgv-win32 2016-03-24 14:12:58.824795760 -0300 +++ gnupg-1.4.20/debian/tests/gpgv-win322016-03-24 14:22:55.133470431 -0300 @@ -4,6 +4,25 @@ export GNUPGHOME=$(mktemp -d) +arch=$(dpkg --print-architecture) + +case "$arch" in + amd64) + echo "I: setting up multiarch" + dpkg --add-architecture i386 + apt-get update # FIXME you might want to try this up to some N times to avoid failures on temporary network issues + ;; + i386) + : nothing, tests should just work + ;; + *) + echo "I: skipping tests, only works on amd64 or i386" + exit + ;; +esac + +DEBIAN_FRONTEND=noninteractive apt-get install -qy wine wine32 # FIXME ditto + # Generate a minimal signing key: gpg --batch --quick-random --gen-key <" wine: created the configuration directory '/root/.wine' Executing wine (wineserver32) 1.8.1 on Debian stretch/sid (amd64). If something goes wrong, please rerun with "WINEDEBUG=err+all wine" for more detailed debugging output. Could not load wine-gecko. HTML rendering will be disabled. wine: configuration in '/root/.wine' has been updated. adt-run [14:33:38]: test gpgv-win32: ---] adt-run [14:33:39]: test gpgv-win32: - - - - - - - - - - results - - - - - - - - - - gpgv-win32 FAIL non-zero exit status 53 adt-run [14:33:39]: summary gpgv-win32 FAIL non-zero exit status 53 8<8<8<- maybe you need to wrap the wine call with xvfb-run or something like that? or maybe it's related to running wine as root (which is probably as scary as it sounds), so you could also create a fresh user to run the gpg commands as. you may also want to do `set -x` in the test script, probably right after the setup phase, to make every step obvious in the log output. -- Antonio Terceiro signature.asc Description: PGP signature
Bug#818997: [pkg-gnupg-maint] Bug#818997: gpgv.exe linked dynamically against zlib1, doesn't allow proper signature verification
Le mercredi, 23 mars 2016, 23.14:59 Daniel Kahn Gillmor a écrit : > On Tue 2016-03-22 12:49:10 -0400, Didier 'OdyX' Raboud wrote: > > I've noticed that gpgv.exe fails its CI test > > (debian/tests/gpgv-win32) in version 1.4.20-4 (-3 and previous work > > fine): > > interesting, there was no change between -3 and -4 other than > re-adding the gpgv-udeb for constrained armel devices at tbm's > request (see #814027). > > I suspect this means that the toolchain changed in some significant > way between these releases. I agree with this analyis; I've rebuilt gnupg in a clean chroot and the resulting gpgv.exe works, so we could just get the package rebuilt. > hm, right. I'm actually working on moving gpgv.exe over to the gnupg2 > packaging, so that we can get support for elliptic curve signatures > as well. I'll definitely test to ensure that it's properly > statically linked when i produce it from that source. Cool; saw the branch there, looking forward! > > (By the way, the CI seems to have never run successfully in the last > > months: https://ci.debian.net/packages/g/gnupg/unstable/amd64/ …) > > this appears to be because of uninstallable dependencies; the tests > can really only run on i386 systems or multiarch systems, right? is > wine32 available in amd64? As far as I understand it, wine32 is only available on i386, and the current way to install it on amd64 hosts is through multiarch. > I don't see any other architectures available at > https://ci.debian.net/packages/g/gnupg/unstable/, and i'm assuming > that the amd64 ci tester isn't multiarch. or am i misinterpreting > something? CC'ing Antonio: there's no way to setup multiarch within an autopkgtest, right ? -- Cheers, OdyX signature.asc Description: This is a digitally signed message part.
Bug#818997: [pkg-gnupg-maint] Bug#818997: gpgv.exe linked dynamically against zlib1, doesn't allow proper signature verification
On Tue 2016-03-22 12:49:10 -0400, Didier 'OdyX' Raboud wrote: > I've noticed that gpgv.exe fails its CI test (debian/tests/gpgv-win32) in > version 1.4.20-4 (-3 and previous work fine): interesting, there was no change between -3 and -4 other than re-adding the gpgv-udeb for constrained armel devices at tbm's request (see #814027). I suspect this means that the toolchain changed in some significant way between these releases. > (This is after adding WINEDEBUG=err+all as prefix to the latest line): > > err:menubuilder:init_xdg error looking up the desktop directory > err:module:import_dll Library zlib1.dll (which is needed by > L"Z:\\usr\\share\\win32\\gpgv.exe") not found > err:module:LdrInitializeThunk Main exe initialization for > L"Z:\\usr\\share\\win32\\gpgv.exe" failed, status c135 > > It seems gpgv-win32 is dynamically linked against zlib1.dll, where it should > probably be statically linked. This appears to be a problem in the dependency > chain. hm, right. I'm actually working on moving gpgv.exe over to the gnupg2 packaging, so that we can get support for elliptic curve signatures as well. I'll definitely test to ensure that it's properly statically linked when i produce it from that source. > (By the way, the CI seems to have never run successfully in the last months: > https://ci.debian.net/packages/g/gnupg/unstable/amd64/ …) this appears to be because of uninstallable dependencies; the tests can really only run on i386 systems or multiarch systems, right? is wine32 available in amd64? I don't see any other architectures available at https://ci.debian.net/packages/g/gnupg/unstable/, and i'm assuming that the amd64 ci tester isn't multiarch. or am i misinterpreting something? --dkg signature.asc Description: PGP signature
