Bug#1008349: python-securesystemslib: FTBFS: dh_auto_test: error: pybuild --test -i python{version} -p "3.10 3.9" returned exit code 13

2022-03-28 Thread Lukas Puehringer 
I created an issue in the upstream ticket tracker, including a likely 
explanation and possible solutions:
https://github.com/secure-systems-lab/securesystemslib/issues/397 


TLDR: The cause of the error seems to be a race condition in the test clean up 
function.

> On 26.03.2022, at 21:36, Lucas Nussbaum  wrote:
> 
> Source: python-securesystemslib
> Version: 0.22.0-1
> Severity: serious
> Justification: FTBFS
> Tags: bookworm sid ftbfs
> User: lu...@debian.org
> Usertags: ftbfs-20220326 ftbfs-bookworm
> 
> Hi,
> 
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
> 
> 
> Relevant part (hopefully):
>> debian/rules binary
>> dh binary --with python3 --buildsystem=pybuild
>>   dh_update_autotools_config -O--buildsystem=pybuild
>>   dh_autoreconf -O--buildsystem=pybuild
>>   dh_auto_configure -O--buildsystem=pybuild
>> I: pybuild base:237: python3.10 setup.py config 
>> running config
>> I: pybuild base:237: python3.9 setup.py config 
>> running config
>>   dh_auto_build -O--buildsystem=pybuild
>> I: pybuild base:237: /usr/bin/python3.10 setup.py build 
>> running build
>> running build_py
>> creating 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/__init__.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/signer.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/settings.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/util.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/interface.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/exceptions.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/schema.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/rsa_keys.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/ecdsa_keys.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/formats.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/unittest_toolbox.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/storage.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/keys.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/process.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/ed25519_keys.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> copying securesystemslib/hash.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib
>> creating 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/gpg
>> copying securesystemslib/gpg/__init__.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/gpg
>> copying securesystemslib/gpg/util.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/gpg
>> copying securesystemslib/gpg/exceptions.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/gpg
>> copying securesystemslib/gpg/dsa.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/gpg
>> copying securesystemslib/gpg/rsa.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/gpg
>> copying securesystemslib/gpg/eddsa.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/gpg
>> copying securesystemslib/gpg/common.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/gpg
>> copying securesystemslib/gpg/handlers.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/gpg
>> copying securesystemslib/gpg/functions.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/gpg
>> copying securesystemslib/gpg/constants.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/gpg
>> creating 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/_vendor
>> copying securesystemslib/_vendor/__init__.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/_vendor
>> copying securesystemslib/_vendor/ssl_match_hostname.py -> 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/_vendor
>> creating 
>> /<>/.pybuild/cpython3_3.10_securesystemslib/build/securesystemslib/_vendor/ed25519
>> copying securesystemslib/_vendor/ed25519/__init__.py -> 
>>

Bug#966972: [in-toto-dev] Bug#966972: in-toto: FTBFS: ValueError: SSH supports only 1024 bit DSA keys

2020-08-27 Thread Lukas Puehringer 
in-toto 0.5.0-1 [1] and python-securesystemslib 0.16.0-1 [2] fix this issue. Any
chance we can get these accepted before in-toto is autoremoved from testing on
2020-09-01?

Cheers,
Lukas

[1] https://mentors.debian.net/package/in-toto/
[2] https://mentors.debian.net/package/python-securesystemslib/


On 11.08.2020 4:54 PM, Lukas Puehringer wrote:
> FYI: We just bumped upstream to include the fix:
> https://github.com/secure-systems-lab/securesystemslib/releases/tag/v0.16.0
> 
> Will prepare a downstream release later this week.
> 
> 
> On 06.08.2020 2:21 PM, Holger Levsen wrote:
>> hey Lukas,
>>
>> On Thu, Aug 06, 2020 at 02:03:00PM +0200, Lukas Puehringer wrote:
>>> FYI: https://github.com/secure-systems-lab/securesystemslib/pull/264 fixes 
>>> the
>>> issue upstream.
>>
>> nice. once it's released we should get this new version into unstable!
>>
>>
> 

-- 
lukas.puehrin...@nyu.edu
PGP fingerprint: 8BA6 9B87 D43B E294 F23E  8120 89A2 AD3C 07D9 62E8



signature.asc
Description: OpenPGP digital signature

Bug#966972: [in-toto-dev] Bug#966972: in-toto: FTBFS: ValueError: SSH supports only 1024 bit DSA keys

2020-08-11 Thread Lukas Puehringer 
FYI: We just bumped upstream to include the fix:
https://github.com/secure-systems-lab/securesystemslib/releases/tag/v0.16.0

Will prepare a downstream release later this week.


On 06.08.2020 2:21 PM, Holger Levsen wrote:
> hey Lukas,
> 
> On Thu, Aug 06, 2020 at 02:03:00PM +0200, Lukas Puehringer wrote:
>> FYI: https://github.com/secure-systems-lab/securesystemslib/pull/264 fixes 
>> the
>> issue upstream.
> 
> nice. once it's released we should get this new version into unstable!
> 
> 

-- 
lukas.puehrin...@nyu.edu
PGP fingerprint: 8BA6 9B87 D43B E294 F23E  8120 89A2 AD3C 07D9 62E8



signature.asc
Description: OpenPGP digital signature

Bug#966972: [in-toto-dev] Bug#966972: in-toto: FTBFS: ValueError: SSH supports only 1024 bit DSA keys

2020-08-06 Thread Lukas Puehringer 
FYI: https://github.com/secure-systems-lab/securesystemslib/pull/264 fixes the
issue upstream.

On 04.08.2020 3:11 PM, Lukas Puehringer wrote:
> Thanks for the report!
> 
> It looks like a recent update to pyca/cryptography v3.0 causes our test code
> (only) to break. I just filed an issue upstream, because I am not fully sure 
> if
> the change was made intentionally:
> https://github.com/pyca/cryptography/issues/5373
> 
> If it was, I will update our test code.
> 
> Cheers,
> Lukas
> 
> On 03.08.2020 10:32 AM, Lucas Nussbaum wrote:
>> Source: in-toto
>> Version: 0.4.0-2
>> Severity: serious
>> Justification: FTBFS on amd64
>> Tags: bullseye sid ftbfs
>> Usertags: ftbfs-20200802 ftbfs-bullseye
>>
>> Hi,
>>
>> During a rebuild of all packages in sid, your package failed to build
>> on amd64.
>>
>> Relevant part (hopefully):
>>> make[1]: Entering directory '/<>'
>>> python3 tests/runtests.py
>>> gpg (GnuPG) 2.2.20
>>> libgcrypt 1.8.6
>>> Copyright (C) 2020 Free Software Foundation, Inc.
>>> License GPLv3+: GNU GPL version 3 or later 
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__gnu.org_licenses_gpl.html=DwIBaQ=slrrB7dE8n7gBJbeO0g-IQ=2YMLsMLCML1EOEAeVc1Mhx6J99vqRVHSnZUnatehIDg=DoOD8xFlVZmGKyAn9JKxzjiYHsiCPqe7GspXlCQo8OU=fSBJ8hIVCyfPpuKZwDWediuo_2vUHe7w3rKvCfdZQL0=
>>>  >
>>> This is free software: you are free to change and redistribute it.
>>> There is NO WARRANTY, to the extent permitted by law.
>>>
>>> Home: /sbuild-nonexistent/.gnupg
>>> Supported algorithms:
>>> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
>>> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
>>> CAMELLIA128, CAMELLIA192, CAMELLIA256
>>> Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
>>> Compression: Uncompressed, ZIP, ZLIB, BZIP2
>>> /<>/in_toto/gpg/functions.py:101: SyntaxWarning: "is not" with 
>>> a literal. Did you mean "!="?
>>>   if process.returncode is not 0:
>>> test_load_repr_string_as_json (tests.models.test_common.TestSignable)
>>> Test load string returned by `Signable.repr` as JSON ... ok
>>> test_set_run_from_string 
>>> (tests.models.test_inspection.TestInspectionValidator)
>>> Test shelx parse command string to list. ... ok
>>> test_wrong_run (tests.models.test_inspection.TestInspectionValidator)
>>> Test that the run validators catch malformed values. ... ok
>>> test_wrong_type (tests.models.test_inspection.TestInspectionValidator)
>>> Test the type field within Validate(). ... ok
>>> test_functionary_keys (tests.models.test_layout.TestLayoutMethods)
>>> Test adding and listing functionary keys (securesystemslib and gpg). ... ok
>>> test_get_inspection_by_name (tests.models.test_layout.TestLayoutMethods)
>>> Test getting inspection by name. ... ok
>>> test_get_inspection_name_list (tests.models.test_layout.TestLayoutMethods)
>>> Test getting list of inspection names. ... ok
>>> test_get_step_by_name (tests.models.test_layout.TestLayoutMethods)
>>> Test getting step by name. ... ok
>>> test_get_step_name_list (tests.models.test_layout.TestLayoutMethods)
>>> Test getting list of step names. ... ok
>>> test_remove_inspection_by_name (tests.models.test_layout.TestLayoutMethods)
>>> Test removing inspection by name. ... ok
>>> test_remove_step_by_name (tests.models.test_layout.TestLayoutMethods)
>>> Test removing step by name. ... ok
>>> test_set_relative_expiration (tests.models.test_layout.TestLayoutMethods)
>>> Test adding expiration date relative from today. ... ok
>>> test_import_step_metadata_wrong_type 
>>> (tests.models.test_layout.TestLayoutValidator) ... ok
>>> test_repeated_step_names (tests.models.test_layout.TestLayoutValidator)
>>> Check that only unique names exist in the steps and inspect lists ... ok
>>> test_validate_readme_field (tests.models.test_layout.TestLayoutValidator)
>>> Tests the readme field data type validator. ... ok
>>> test_wrong_expires (tests.models.test_layout.TestLayoutValidator)
>>> Test the expires field is properly populated. ... ok
>>> test_wrong_inspect_list (tests.models.test_layout.TestLayoutValidator)
>>> Check that the validate method checks the inspections' correctness. ... ok
>>> test_wrong_key_dictionary (tests.models.test_layout.TestLayoutValidator)
>>> Test that the keys dictionary is properly populated. ... ok
>>> test_wrong_pubkeys (tests.models.test_

Bug#966972: [in-toto-dev] Bug#966972: in-toto: FTBFS: ValueError: SSH supports only 1024 bit DSA keys

2020-08-04 Thread Lukas Puehringer 
Thanks for the report!

It looks like a recent update to pyca/cryptography v3.0 causes our test code
(only) to break. I just filed an issue upstream, because I am not fully sure if
the change was made intentionally:
https://github.com/pyca/cryptography/issues/5373

If it was, I will update our test code.

Cheers,
Lukas

On 03.08.2020 10:32 AM, Lucas Nussbaum wrote:
> Source: in-toto
> Version: 0.4.0-2
> Severity: serious
> Justification: FTBFS on amd64
> Tags: bullseye sid ftbfs
> Usertags: ftbfs-20200802 ftbfs-bullseye
> 
> Hi,
> 
> During a rebuild of all packages in sid, your package failed to build
> on amd64.
> 
> Relevant part (hopefully):
>> make[1]: Entering directory '/<>'
>> python3 tests/runtests.py
>> gpg (GnuPG) 2.2.20
>> libgcrypt 1.8.6
>> Copyright (C) 2020 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later 
>> >  >
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.
>>
>> Home: /sbuild-nonexistent/.gnupg
>> Supported algorithms:
>> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
>> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
>> CAMELLIA128, CAMELLIA192, CAMELLIA256
>> Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
>> Compression: Uncompressed, ZIP, ZLIB, BZIP2
>> /<>/in_toto/gpg/functions.py:101: SyntaxWarning: "is not" with 
>> a literal. Did you mean "!="?
>>   if process.returncode is not 0:
>> test_load_repr_string_as_json (tests.models.test_common.TestSignable)
>> Test load string returned by `Signable.repr` as JSON ... ok
>> test_set_run_from_string 
>> (tests.models.test_inspection.TestInspectionValidator)
>> Test shelx parse command string to list. ... ok
>> test_wrong_run (tests.models.test_inspection.TestInspectionValidator)
>> Test that the run validators catch malformed values. ... ok
>> test_wrong_type (tests.models.test_inspection.TestInspectionValidator)
>> Test the type field within Validate(). ... ok
>> test_functionary_keys (tests.models.test_layout.TestLayoutMethods)
>> Test adding and listing functionary keys (securesystemslib and gpg). ... ok
>> test_get_inspection_by_name (tests.models.test_layout.TestLayoutMethods)
>> Test getting inspection by name. ... ok
>> test_get_inspection_name_list (tests.models.test_layout.TestLayoutMethods)
>> Test getting list of inspection names. ... ok
>> test_get_step_by_name (tests.models.test_layout.TestLayoutMethods)
>> Test getting step by name. ... ok
>> test_get_step_name_list (tests.models.test_layout.TestLayoutMethods)
>> Test getting list of step names. ... ok
>> test_remove_inspection_by_name (tests.models.test_layout.TestLayoutMethods)
>> Test removing inspection by name. ... ok
>> test_remove_step_by_name (tests.models.test_layout.TestLayoutMethods)
>> Test removing step by name. ... ok
>> test_set_relative_expiration (tests.models.test_layout.TestLayoutMethods)
>> Test adding expiration date relative from today. ... ok
>> test_import_step_metadata_wrong_type 
>> (tests.models.test_layout.TestLayoutValidator) ... ok
>> test_repeated_step_names (tests.models.test_layout.TestLayoutValidator)
>> Check that only unique names exist in the steps and inspect lists ... ok
>> test_validate_readme_field (tests.models.test_layout.TestLayoutValidator)
>> Tests the readme field data type validator. ... ok
>> test_wrong_expires (tests.models.test_layout.TestLayoutValidator)
>> Test the expires field is properly populated. ... ok
>> test_wrong_inspect_list (tests.models.test_layout.TestLayoutValidator)
>> Check that the validate method checks the inspections' correctness. ... ok
>> test_wrong_key_dictionary (tests.models.test_layout.TestLayoutValidator)
>> Test that the keys dictionary is properly populated. ... ok
>> test_wrong_pubkeys (tests.models.test_layout.TestLayoutValidator)
>> Check validate pubkeys fails with wrong keys. ... ok
>> test_wrong_steps_list (tests.models.test_layout.TestLayoutValidator)
>> Check that the validate method checks the steps' correctness. ... ok
>> test_wrong_type (tests.models.test_layout.TestLayoutValidator)
>> Test that the type field is validated properly. ... ok
>> test_validate_byproducts (tests.models.test_link.TestLinkValidator)
>> Test `byproducts` field. Must be a `dict` ... ok
>> test_validate_command (tests.models.test_link.TestLinkValidator)
>> Test `command` field. Must be either a `list` ... ok
>> test_validate_environment (tests.models.test_link.TestLinkValidator)
>> Test `environment` field. Must be a `dict` ... ok
>> test_validate_materials (tests.models.test_link.TestLinkValidator)
>> Test `materials` field. Must be a `dict` of HASH_DICTs ... ok
>> test_validate_products (tests.models.test_link.TestLinkValidator)
>>