Package: src:qtremoteobjects-everywhere-src
Version: 5.15.2-2
Severity: serious
Tags: ftbfs patch bullseye bookworm upstream
Dear maintainer:
During an archive rebuild of all packages in bookworm,
this package failed to build:
make[4]: Entering directory
'/<>/tests/auto/external_IODevice/tst_client'
/<>/tests/auto/external_IODevice/tst_client/target_wrapper.sh
./tst_external_IODevice
* Start testing of tst_clientSSL *
Config: Using QtTest library 5.15.8, Qt 5.15.8 (x86_64-little_endian-lp64
shared (dynamic) release build; by GCC 12.2.0), debian 12
PASS : tst_clientSSL::initTestCase()
FAIL! : tst_clientSSL::testRun() 'socketClient->waitForEncrypted(-1)' returned
FALSE. ()
Loc: [tst_client.cpp(77)]
QWARN : tst_clientSSL::testRun() QProcess: Destroyed while process
("/<>/tests/auto/external_IODevice/sslTestServer/sslTestServer")
is still running.
PASS : tst_clientSSL::cleanupTestCase()
Totals: 2 passed, 1 failed, 0 skipped, 0 blacklisted, 267ms
* Finished testing of tst_clientSSL *
make[4]: *** [Makefile:356: check] Error 1
make[4]: Leaving directory
'/<>/tests/auto/external_IODevice/tst_client'
make[3]: *** [Makefile:431: sub-tst_client-check_ordered] Error 2
make[3]: Leaving directory '/<>/tests/auto/external_IODevice'
make[2]: *** [Makefile:1329: sub-external_IODevice-check] Error 2
make[2]: Leaving directory '/<>/tests/auto'
dh_auto_test: error: make -j1 check -Ctests/auto LD_LIBRARY_PATH=/<>/lib
QML2_IMPORT_PATH=/<>/test_root/usr/lib/x86_64-linux-gnu/qt5/qml returned exit
code 2
make[1]: *** [debian/rules:31: override_dh_auto_test-arch] Error 25
make[1]: Leaving directory '/<>'
make: *** [debian/rules:11: build-arch] Error 2
dpkg-buildpackage: error: debian/rules build-arch subprocess returned exit
status 2
You can get a full build log from reproducible builds:
https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/qtremoteobjects-everywhere-src.html
This happens because the SSL certificates in the tests have expired.
This can be checked by doing this:
cd tests/auto/external_IODevice/cert
for a in *; do openssl x509 -noout -enddate -in $a; done
The output from bookworm contains this:
notAfter=May 30 11:33:55 2023 GMT
notAfter=Jun 10 11:33:55 2023 GMT
notAfter=May 30 11:33:55 2023 GMT
and the output for bullseye (where it also fails) contains this:
notAfter=Jul 2 09:32:51 2023 GMT
notAfter=Jul 2 09:32:50 2023 GMT
notAfter=Jul 2 09:32:51 2023 GMT
I'm attaching two patches to fix this.
The first one modifies the script tests/auto/external_IODevice/cert/generate.sh
so that certificates expire in ten years.
The second patch is merely the result of running the script.
Note: The patches are relative to the version in trixie/sid,
where this problem should be fixed first.
Thanks.commit 6699c65d1b7a891d16cab082e4e0c7d083568f34
Author: Santiago Vila
Date: Sun Dec 3 22:36:00 2023 +0100
generate.sh: Create SSL certificates with a more realistic expiration date.
Ten years will cover the lifetime of this release as stable, oldstable,
LTS, and some additional extra time (there is really no need for the tests
to fail just the day after LTS ends).
diff --git a/tests/auto/external_IODevice/cert/generate.sh b/tests/auto/external_IODevice/cert/generate.sh
index b79c862..2de1651 100644
--- a/tests/auto/external_IODevice/cert/generate.sh
+++ b/tests/auto/external_IODevice/cert/generate.sh
@@ -30,7 +30,7 @@
# Generate the CA key
openssl genrsa -out rootCA.key 2048
# Generate the CA cert
-openssl req -x509 -key rootCA.key -out rootCA.pem -sha256 -nodes -subj "/CN=QtRO CA" -days 836
+openssl req -x509 -key rootCA.key -out rootCA.pem -sha256 -nodes -subj "/CN=QtRO CA" -days 3651
# genFiles stem [extra args to signing]
genFiles () {
@@ -42,7 +42,7 @@ genFiles () {
openssl req -new -key $stem.key -out $stem.csr -subj "/CN=127.0.0.1"
# Generate and sign the certificate
openssl x509 -req -in $stem.csr -out $stem.crt \
- -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -days 825 -sha256 "$@"
+ -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -days 3650 -sha256 "$@"
# Delete the signing request, no longer needed
rm $stem.csr
}
commit d9da85818f9bf50a72a371eb1453979432902065
Author: Santiago Vila
Date: Sun Dec 3 22:44:00 2023 +0100
Regenerate SSL certificates using the updated generate.sh script.
diff --git a/examples/remoteobjects/ssl/sslserver/cert/client.crt b/examples/remoteobjects/ssl/sslserver/cert/client.crt
index ec85263..4622c5d 100644
--- a/examples/remoteobjects/ssl/sslserver/cert/client.crt
+++ b/examples/remoteobjects/ssl/sslserver/cert/client.crt
@@ -1,17 +1,17 @@
-BEGIN CERTIFICATE-
-MIICrTCCAZUCFHOQggvUf1o8c5i3yNyiGLNcLC4tMA0GCSqGSIb3DQEBCwUAMBIx
-EDAOBgNVBAMMB1F0Uk8gQ0EwHhcNMjMxMjAzMjAwMTQ5WhcNMjYwMzA3MjAwMTQ5
+MIICrTCCAZUCFHOQggvUf1o8c5i3yNyiGLNcLC4vMA0GCSqGSIb3DQEBCwUAMBIx