From dkg at fifthhorseman.net Mon Feb 6 10:10:11 2017 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 06 Feb 2017 04:10:11 -0500 Subject: [mod_gnutls-devel] test suite failures on ppc64 and sparc64 Message-ID: <87zihzwuq4.fsf@alice.fifthhorseman.net> I uploaded 0.8.2-2 to try to fix the test suite failures, including the cherry-pick from d39ea185bc141f880f49a68d77c1413c88fc7120. the good news is that hppa is now happy with it. :) however, there are still build failures on ppc64 and sparc64: https://buildd.debian.org/status/fetch.php?pkg=mod-gnutls&arch=ppc64&ver=0.8.2-2&stamp=1486341152&raw=0 https://buildd.debian.org/status/fetch.php?pkg=mod-gnutls&arch=sparc64&ver=0.8.2-2&stamp=1486339933&raw=0 ppc64 is only one failure: FAIL: test-13_cgi_variables_no_client_cert.bash =============================================== TESTING: 13_cgi_variables_no_client_cert Apache HTTPD unexpectedly failed to start. FAILURE: 13_cgi_variables_no_client_cert AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message FAIL test-13_cgi_variables_no_client_cert.bash (exit status: 1) but sparc64 is large chunks of the test suite failing. Any thoughts on steps i could take to try to sort these issues out? I can make force the entire build to not be parallel if you think it would be useful to test. While i see "parallel=32" in the sparc64 transcript, i don't see a "parallel=" note at all in ppc64. Suggestions welcome, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: not available URL: From thomas2.klute at uni-dortmund.de Mon Feb 6 18:53:42 2017 From: thomas2.klute at uni-dortmund.de (Thomas Klute) Date: Mon, 6 Feb 2017 18:53:42 +0100 Subject: [mod_gnutls-devel] test suite failures on ppc64 and sparc64 In-Reply-To: <87zihzwuq4.fsf@alice.fifthhorseman.net> References: <87zihzwuq4.fsf@alice.fifthhorseman.net> Message-ID: Am 06.02.2017 um 10:10 schrieb Daniel Kahn Gillmor: > ppc64 is only one failure: > > FAIL: test-13_cgi_variables_no_client_cert.bash > =============================================== > > TESTING: 13_cgi_variables_no_client_cert > Apache HTTPD unexpectedly failed to start. > FAILURE: 13_cgi_variables_no_client_cert > AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message > FAIL test-13_cgi_variables_no_client_cert.bash (exit status: 1) > > > but sparc64 is large chunks of the test suite failing. Any thoughts on > steps i could take to try to sort these issues out? Looking at both build logs my best guess is that the tests are hitting timeouts, both when getting the server instance locks (used to prevent port conflicts) and running HTTPS requests against them. The log for test-15_basic_msva.bash on sparc64 even looks like the timeout hit in the middle of request handling. I've pushed three related commits to master (the attached patch combines all three), in order: 8184ad0eda43102d24d7cf158710e0109c7e293b Test suite: Run flock with "--verbose" to log timeouts bbfcbb57c2cb89790316b66bdd475c3a64ca4080 Test suite: Log if a process to be stopped by PID file is not running 6c030c14da928da3e05f232e3fb8dd5aa98c659a Test suite: Make timeouts for server locks and HTTPS requests configurable Commits 8184ad0eda43102d24d7cf158710e0109c7e293b and bbfcbb57c2cb89790316b66bdd475c3a64ca4080 just make the logging more detailed to show if the tests are really hitting timeouts. To change the timeouts, you can either cherry-pick 6c030c14da928da3e05f232e3fb8dd5aa98c659a and pass TEST_LOCK_WAIT and TEST_QUERY_TIMEOUT with large values (e.g. 300 or even 600, default is 30 [seconds]) to ./configure, or patch the values of lock_wait and TEST_QUERY_DELAY in test/Makefile.am (I've replaced/renamed the variables in the patch). > I can make force the entire build to not be parallel if you think it > would be useful to test. While i see "parallel=32" in the sparc64 > transcript, i don't see a "parallel=" note at all in ppc64. Running in parallel definitely makes hitting the timeouts more likely, but shouldn't cause any additional problems. You can force just the test part of the build to run serially by passing --disable-flock to ./configure, which will add the special target .NOTPARALLEL to test/Makefile. I'd prefer if you try the patches first, though. Regards, Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: test_timeout_handling.patch Type: text/x-patch Size: 5001 bytes Desc: not available URL: From thomas2.klute at uni-dortmund.de Wed Feb 8 13:43:30 2017 From: thomas2.klute at uni-dortmund.de (Thomas Klute) Date: Wed, 8 Feb 2017 13:43:30 +0100 Subject: [mod_gnutls-devel] test suite failures on ppc64 and sparc64 In-Reply-To: References: <87zihzwuq4.fsf@alice.fifthhorseman.net> Message-ID: Am 06.02.2017 um 18:53 schrieb Thomas Klute: > 8184ad0eda43102d24d7cf158710e0109c7e293b Test suite: Run flock with > "--verbose" to log timeouts I noticed that the flock version in Debian Jessie does not support --verbose. Doesn't matter for unstable of course, but if you want to build on stable or upload to jessie-backports you'll have to either drop this patch, or additionally cherry-pick commit 4ae5b82861e003d290e5afcf59d6522a291a31ef, which adds a check to ./configure. Regars, Thomas From thomas2.klute at uni-dortmund.de Sun Feb 12 16:33:58 2017 From: thomas2.klute at uni-dortmund.de (Thomas Klute) Date: Sun, 12 Feb 2017 16:33:58 +0100 Subject: [mod_gnutls-devel] test suite failures on ppc64 and sparc64 In-Reply-To: References: <87zihzwuq4.fsf@alice.fifthhorseman.net> Message-ID: <8b3e647a-8cf8-00d9-0177-eac0dcb6dbe0@uni-dortmund.de> Hi Daniel, commit 37beb922a7cc3bd16ea9a49c79b0d21edc4523db (patch attached) is one more reliability patch for the test suite that should fix the hurd-i386 build. The issue seems to be that the default lock file path is not writable. This doesn't matter on Linux because the default mutex type there doesn't use lock files. Together with the other patches in this mail thread and increased timeouts (TEST_LOCK_WAIT, and TEST_QUERY_TIMEOUT or TEST_QUERY_DELAY) I think this should make the test suite work reliably on all Debian platforms. Regards, Thomas -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Test-suite-Do-not-explicitly-set-the-mutex-type-to-d.patch Type: text/x-patch Size: 2034 bytes Desc: not available URL: From generikz at gmail.com Fri Feb 17 11:37:28 2017 From: generikz at gmail.com (Julien Wilk) Date: Fri, 17 Feb 2017 11:37:28 +0100 Subject: [mod_gnutls-devel] GNUTLS 3.5.9 break mod_gnutls 0.8.2 Message-ID: Hello everyone, I had a hard time trying to log in to enter a ticket (Google login broken, Yahoo login broken, etc.). Just wanted to point out that the most recent GNUTLS release (3.5.9) obsoleted openpgp functions as follows: *** libgnutls: Removed any references to OpenPGP functionality in documentation, and marked all functions in openpgp.h as deprecated. That functionality is considered deprecated and should not be used for other reason than backwards compatibility.* I was trying to upgrade and compile the most recent GNUTLS/mod_gnutls versions. Current is 3.5.8 / 0.8.2 => OK Intended is 3.5.9 / 0.8.2 => KO his break mod_gnutls here: his break mod_gnutls here: libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../include -Wall -I/usr/local/include -I/usr/local/include/p11-kit-1 -DENABLE_SRP=1 -I/usr/include/apr-1.0 -I/usr/include -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -g -O2 -MT mod_gnutls_la-gnutls_config.lo -MD -MP -MF .deps/mod_gnutls_la-gnutls_config.Tpo -c gnutls_config.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_config.o gnutls_config.c: In function 'mgs_pool_free_credentials': gnutls_config.c:156:9: error: 'gnutls_openpgp_crt_deinit' is deprecated (declared at /usr/local/include/gnutls/openpgp.h:65) [-Werror=deprecated- declarations] gnutls_openpgp_crt_deinit(sc->cert_crt_pgp[0]); ^ gnutls_config.c:172:9: error: 'gnutls_openpgp_keyring_deinit' is deprecated (declared at /usr/local/include/gnutls/openpgp.h:270) [-Werror=deprecated- declarations] gnutls_openpgp_keyring_deinit(sc->pgp_list); ^ gnutls_config.c: In function 'mgs_load_files': gnutls_config.c:490:9: error: 'gnutls_openpgp_crt_init' is deprecated (declared at /usr/local/include/gnutls/openpgp.h:63) [-Werror=deprecated- declarations] ret = gnutls_openpgp_crt_init(&sc->cert_crt_pgp[0]); ^ gnutls_config.c:500:9: error: 'gnutls_openpgp_crt_import' is deprecated (declared at /usr/local/include/gnutls/openpgp.h:67) [-Werror=deprecated- declarations] ret = gnutls_openpgp_crt_import(sc->cert_crt_pgp[0], &data, ^ gnutls_config.c:611:9: error: 'gnutls_openpgp_keyring_init' is deprecated (declared at /usr/local/include/gnutls/openpgp.h:269) [-Werror=deprecated- declarations] ret = gnutls_openpgp_keyring_init(&sc->pgp_list); ^ gnutls_config.c:620:9: error: 'gnutls_openpgp_keyring_import' is deprecated (declared at /usr/local/include/gnutls/openpgp.h:272) [-Werror=deprecated- declarations] ret = gnutls_openpgp_keyring_import(sc->pgp_list, &data, ^ cc1: all warnings being treated as errors Makefile:539: recipe for target 'mod_gnutls_la-gnutls_config.lo' failed Is there a way to compile mod_gnutls without the PGP functions? Julien -------------- next part -------------- An HTML attachment was scrubbed... URL: From generikz at gmail.com Sat Feb 18 05:34:04 2017 From: generikz at gmail.com (Julien Wilk) Date: Sat, 18 Feb 2017 12:34:04 +0800 Subject: [mod_gnutls-devel] GNUTLS 3.5.9 break mod_gnutls 0.8.2 In-Reply-To: References: Message-ID: Got it: ./configure --disable-strict make make install All good now. Julien On Fri, Feb 17, 2017 at 6:37 PM, Julien Wilk wrote: > Hello everyone, > > I had a hard time trying to log in to enter a ticket (Google login broken, > Yahoo login broken, etc.). > > Just wanted to point out that the most recent GNUTLS release (3.5.9) > obsoleted openpgp functions as follows: > > > > > *** libgnutls: Removed any references to OpenPGP functionality in > documentation, and marked all functions in openpgp.h as deprecated. That > functionality is considered deprecated and should not be used for other > reason than backwards compatibility.* > > > I was trying to upgrade and compile the most recent GNUTLS/mod_gnutls > versions. > > Current is 3.5.8 / 0.8.2 => OK > Intended is 3.5.9 / 0.8.2 => KO > > his break mod_gnutls here: > > his break mod_gnutls here: > > libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../include -Wall > -I/usr/local/include -I/usr/local/include/p11-kit-1 -DENABLE_SRP=1 > -I/usr/include/apr-1.0 -I/usr/include -pipe -g -O2 -fstack-protector-strong > -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT > -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 > -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -g -O2 -MT > mod_gnutls_la-gnutls_config.lo -MD -MP -MF .deps/mod_gnutls_la-gnutls_config.Tpo > -c gnutls_config.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_config.o > gnutls_config.c: In function 'mgs_pool_free_credentials': > gnutls_config.c:156:9: error: 'gnutls_openpgp_crt_deinit' is deprecated > (declared at /usr/local/include/gnutls/openpgp.h:65) > [-Werror=deprecated-declarations] > gnutls_openpgp_crt_deinit(sc->cert_crt_pgp[0]); > ^ > gnutls_config.c:172:9: error: 'gnutls_openpgp_keyring_deinit' is > deprecated (declared at /usr/local/include/gnutls/openpgp.h:270) > [-Werror=deprecated-declarations] > gnutls_openpgp_keyring_deinit(sc->pgp_list); > ^ > gnutls_config.c: In function 'mgs_load_files': > gnutls_config.c:490:9: error: 'gnutls_openpgp_crt_init' is deprecated > (declared at /usr/local/include/gnutls/openpgp.h:63) > [-Werror=deprecated-declarations] > ret = gnutls_openpgp_crt_init(&sc->cert_crt_pgp[0]); > ^ > gnutls_config.c:500:9: error: 'gnutls_openpgp_crt_import' is deprecated > (declared at /usr/local/include/gnutls/openpgp.h:67) > [-Werror=deprecated-declarations] > ret = gnutls_openpgp_crt_import(sc->cert_crt_pgp[0], &data, > ^ > gnutls_config.c:611:9: error: 'gnutls_openpgp_keyring_init' is deprecated > (declared at /usr/local/include/gnutls/openpgp.h:269) > [-Werror=deprecated-declarations] > ret = gnutls_openpgp_keyring_init(&sc->pgp_list); > ^ > gnutls_config.c:620:9: error: 'gnutls_openpgp_keyring_import' is > deprecated (declared at /usr/local/include/gnutls/openpgp.h:272) > [-Werror=deprecated-declarations] > ret = gnutls_openpgp_keyring_import(sc->pgp_list, &data, > ^ > cc1: all warnings being treated as errors > Makefile:539: recipe for target 'mod_gnutls_la-gnutls_config.lo' failed > > > Is there a way to compile mod_gnutls without the PGP functions? > > Julien > -------------- next part -------------- An HTML attachment was scrubbed... URL: From thomas2.klute at uni-dortmund.de Sun Feb 19 19:23:28 2017 From: thomas2.klute at uni-dortmund.de (Thomas Klute) Date: Sun, 19 Feb 2017 19:23:28 +0100 Subject: [mod_gnutls-devel] GNUTLS 3.5.9 break mod_gnutls 0.8.2 In-Reply-To: References: Message-ID: I have added "-Wno-error=deprecated-declarations" to the compiler options used in strict mode for now to avoid this build failure (commit 61353933986460ea2d7bcbc57531ecd066795f0d on master). This should be very easy to apply to 0.8.2. In the mid to long term I intend to remove OpenPGP support, ideally together with other larger changes. I'm not sure if an intermediate patch to make it optional is worth the effort, but if someone provides one I'll be happy to merge it. Regards, Thomas Am 18.02.2017 um 05:34 schrieb Julien Wilk: > Got it: > > ./configure --disable-strict > make > make install > > All good now. > > Julien > > On Fri, Feb 17, 2017 at 6:37 PM, Julien Wilk wrote: > >> Hello everyone, >> >> I had a hard time trying to log in to enter a ticket (Google login broken, >> Yahoo login broken, etc.). >> >> Just wanted to point out that the most recent GNUTLS release (3.5.9) >> obsoleted openpgp functions as follows: >> >> >> >> >> *** libgnutls: Removed any references to OpenPGP functionality in >> documentation, and marked all functions in openpgp.h as deprecated. That >> functionality is considered deprecated and should not be used for other >> reason than backwards compatibility.* >> >> >> I was trying to upgrade and compile the most recent GNUTLS/mod_gnutls >> versions. >> >> Current is 3.5.8 / 0.8.2 => OK >> Intended is 3.5.9 / 0.8.2 => KO >> >> his break mod_gnutls here: >> >> his break mod_gnutls here: >> >> libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I../include -Wall >> -I/usr/local/include -I/usr/local/include/p11-kit-1 -DENABLE_SRP=1 >> -I/usr/include/apr-1.0 -I/usr/include -pipe -g -O2 -fstack-protector-strong >> -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT >> -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 >> -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -g -O2 -MT >> mod_gnutls_la-gnutls_config.lo -MD -MP -MF .deps/mod_gnutls_la-gnutls_config.Tpo >> -c gnutls_config.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_config.o >> gnutls_config.c: In function 'mgs_pool_free_credentials': >> gnutls_config.c:156:9: error: 'gnutls_openpgp_crt_deinit' is deprecated >> (declared at /usr/local/include/gnutls/openpgp.h:65) >> [-Werror=deprecated-declarations] >> gnutls_openpgp_crt_deinit(sc->cert_crt_pgp[0]); >> ^ >> gnutls_config.c:172:9: error: 'gnutls_openpgp_keyring_deinit' is >> deprecated (declared at /usr/local/include/gnutls/openpgp.h:270) >> [-Werror=deprecated-declarations] >> gnutls_openpgp_keyring_deinit(sc->pgp_list); >> ^ >> gnutls_config.c: In function 'mgs_load_files': >> gnutls_config.c:490:9: error: 'gnutls_openpgp_crt_init' is deprecated >> (declared at /usr/local/include/gnutls/openpgp.h:63) >> [-Werror=deprecated-declarations] >> ret = gnutls_openpgp_crt_init(&sc->cert_crt_pgp[0]); >> ^ >> gnutls_config.c:500:9: error: 'gnutls_openpgp_crt_import' is deprecated >> (declared at /usr/local/include/gnutls/openpgp.h:67) >> [-Werror=deprecated-declarations] >> ret = gnutls_openpgp_crt_import(sc->cert_crt_pgp[0], &data, >> ^ >> gnutls_config.c:611:9: error: 'gnutls_openpgp_keyring_init' is deprecated >> (declared at /usr/local/include/gnutls/openpgp.h:269) >> [-Werror=deprecated-declarations] >> ret = gnutls_openpgp_keyring_init(&sc->pgp_list); >> ^ >> gnutls_config.c:620:9: error: 'gnutls_openpgp_keyring_import' is >> deprecated (declared at /usr/local/include/gnutls/openpgp.h:272) >> [-Werror=deprecated-declarations] >> ret = gnutls_openpgp_keyring_import(sc->pgp_list, &data, >> ^ >> cc1: all warnings being treated as errors >> Makefile:539: recipe for target 'mod_gnutls_la-gnutls_config.lo' failed >> >> >> Is there a way to compile mod_gnutls without the PGP functions? >> >> Julien >> > > > > _______________________________________________ > mod_gnutls-devel mailing list > mod_gnutls-devel at lists.gnutls.org > http://lists.gnupg.org/mailman/listinfo/mod_gnutls-devel > -- Dipl.-Ing. Thomas Klute E-Mail: thomas2.klute at uni-dortmund.de Tel.: +49 231 58680474