Bug#923930: testsuite comes with built-in time-bomb
On Mon, May 20, 2019 at 09:53:27PM +0200, Giovanni Mascellani wrote: > Upstream confirms that an update that handles 32 bit archs is not on the > radar soon. I don't know what it is the best way forward now, but if it > is decided that it is ok the ignore the error for 32 bit archs, then I > can try to cook up the required patch. I would appreciate any fix that will fix this for both 32bit and 64bit - preferably as simple as possible, so I can get the recent security fixes into buster. (also please do CC me in BTS emails) Thanks! -- Brian May
Bug#923930: testsuite comes with built-in time-bomb
Hi again, On Mon, 20 May 2019 19:23:40 +0200 Giovanni Mascellani wrote: > If we ignore this and just consider the bug as FTBFS, then it is easy to > patch the package to that failing tests are ignored under 32 bit archs. > Otherwise, the patch might be more complicated; I prodded upstream on > the GitHub issue to understand their intentions. Upstream confirms that an update that handles 32 bit archs is not on the radar soon. I don't know what it is the best way forward now, but if it is decided that it is ok the ignore the error for 32 bit archs, then I can try to cook up the required patch. Giovanni. -- Giovanni Mascellani Postdoc researcher - Université Libre de Bruxelles signature.asc Description: OpenPGP digital signature
Bug#923930: testsuite comes with built-in time-bomb
Hi, On Sun, 7 Apr 2019 16:46:01 +0200 Andreas Henriksson wrote: > The lazy solution here is to argue that we don't want time-bombs and > just disable the test-suite. The better solution involves generating > the certificates so that they align with what 32bit machines can handle, > uuencoding the result and setting up debian/rules handling to "manually > patch" the build. It has to be decided whether the issue, Debian-wise, is the FTBFS or the fact that heimdal does not properly handle dates beyond 2038 in 32 bit archs. I do not have hard data, but I believe that sometimes CAs set their expiration dates even decades in the future, so not verifying certificates expiring after 2038 might be an issue right now, and even more probably the buster's EOL. If we ignore this and just consider the bug as FTBFS, then it is easy to patch the package to that failing tests are ignored under 32 bit archs. Otherwise, the patch might be more complicated; I prodded upstream on the GitHub issue to understand their intentions. Giovanni. -- Giovanni Mascellani Postdoc researcher - Université Libre de Bruxelles signature.asc Description: OpenPGP digital signature
Bug#923930: testsuite comes with built-in time-bomb
Control: forwarded -1 https://github.com/heimdal/heimdal/issues/533 Greetings from the Gothenburg BSP. To summarize the above issue: - certs used in test-suite expired - upstream regenerated certs with 500 years expiration time set - this solves the issue on machines with 64bit time_t but 32bit machines still fails the test-suite. - A suggestion was made to generate certs that expire "Tue, 19 Jan 2038 03:14:06 GMT" instead. On the debian side of things: including the upstream diff is annoying because debian/patches/ (quilt 3.0) doesn't support git binary diffs. The lazy solution here is to argue that we don't want time-bombs and just disable the test-suite. The better solution involves generating the certificates so that they align with what 32bit machines can handle, uuencoding the result and setting up debian/rules handling to "manually patch" the build. Regards, Andreas Henriksson
