date function for Darwin is incorrect #559
Comments
|
I'm not seeing anything useful in that log. Maybe mobile sucks. I can fix date on Darwin tomorrow.
Eric Crist
On May 7, 2022, at 1:48 PM, TinCanTech ***@***.***> wrote:
https://github.com/OpenVPN/easy-rsa/runs/6336081225?check_suite_focus=true
Let's see the queue of Mac users breaking down the door to help .. yawn
—
Reply to this email directly, view it on GitHub<#559>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AANXQP27WNUNQ7JHH73GBS3VI23G7ANCNFSM5VKYVWHA>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
|
The log doesn't have anything useful. This is the code in question: Lines 1647 to 1661 in af4120c I tested on FreeBSD and got no error. |
|
Following a minor unit-test change, it is apparent that the failed command is the first one: |
Breath held ... |
|
It's very simple. POSIX date only supports the -u option and +"FORMAT" |
|
This is a red herring.
I need to know information on how to reproduce - the op-test.sh script dies early due to missing support for ed25519 in LibreSSL, nothing to do with the date command.
I’m open to a discussion, but I’m thinking of dropping the “POSIX” standard claim in light of a BSD/GNU happy-medium claim. I’ll open a new issue to discuss that.
Eric
… On May 7, 2022, at 16:34, mandree ***@***.***> wrote:
It's very simple. POSIX date only supports the -u option and +"FORMAT"
—
Reply to this email directly, view it on GitHub <#559 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AANXQP5HHRAHVYIICUPZ3Z3VI3OWRANCNFSM5VKYVWHA>.
You are receiving this because you commented.
|
Closed
|
Run the unit test like so: |
|
I do not agree to "dropping POSIX claim". |
|
I think this is an error in the upstream unit tests:
|| :: ***** /Users/ecrist/ersa-release/easy-rsa/easyrsa3/easyrsa build-server-full s01 nopass inline
Generating a 1024 bit RSA private key
............................++++++
.......................++++++
writing new private key to '/Users/ecrist/ersa-release/easy-rsa/easyrsa3/unit tests/pki-sys ssl-rsa/a1845ce5/temp.70e0c66f'
-----
date: illegal time format
usage: date [-jnRu] [-r seconds|file] [-v[+|-]val[ymwdHMS]]
[-I[date | hours | minutes | seconds]]
[-f fmt date | [[[mm]dd]HH]MM[[cc]yy][.ss]] [+format]
Easy-RSA error:
Undefined: 1652052143, 14083200
Note the Undefined at the end. date was fed something empty.
Eric
… On May 8, 2022, at 18:21, TinCanTech ***@***.***> wrote:
I do not agree to "dropping POSIX claim".
—
Reply to this email directly, view it on GitHub <#559 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AANXQP34FAWOXOAMEGMAL53VJBD75ANCNFSM5VKYVWHA>.
You are receiving this because you were assigned.
|
|
I guess this is a Darwin issue. github runner Manual test succeeds, with: |
|
|
So, might be a test/expectation issue?
bash-3.2$ openssl version
LibreSSL 2.8.3
Eric
… On May 8, 2022, at 20:00, TinCanTech ***@***.***> wrote:
***@***.*** easyrsa3 % ./easyrsa init-pki
WARNING!!!
You are about to remove the EASYRSA_PKI at:
* /Users/wiscii/git/easy-rsa/easyrsa3/pki
and initialize a fresh PKI here.
Type the word 'yes' to continue, or any other input to abort.
Confirm removal: yes
* Notice:
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is:
* /Users/wiscii/git/easy-rsa/easyrsa3/pki
IMPORTANT: Easy-RSA 'vars' file has now been moved to your PKI above.
***@***.*** easyrsa3 % ./easyrsa build-ca nopass
* Notice:
Using Easy-RSA configuration from: /Users/wiscii/git/easy-rsa/easyrsa3/pki/vars
* Notice:
Using SSL: openssl LibreSSL 2.8.3
...............+++
.......................................................................................+++
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [Easy-RSA CA]:
* Notice:
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/Users/wiscii/git/easy-rsa/easyrsa3/pki/ca.crt
***@***.*** easyrsa3 % ./easyrsa build-server-full s1 nopass
* Notice:
Using Easy-RSA configuration from: /Users/wiscii/git/easy-rsa/easyrsa3/pki/vars
* Notice:
Using SSL: openssl LibreSSL 2.8.3
Generating a 2048 bit RSA private key
..................................................................+++
...........+++
writing new private key to '/Users/wiscii/git/easy-rsa/easyrsa3/pki/153692f4/temp.37f39c00'
-----
* Notice:
Keypair and certificate request completed. Your files are:
req: /Users/wiscii/git/easy-rsa/easyrsa3/pki/reqs/s1.req
key: /Users/wiscii/git/easy-rsa/easyrsa3/pki/private/s1.key
Using configuration from /Users/wiscii/git/easy-rsa/easyrsa3/pki/153692f4/temp.7237aeb6
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'s1'
Certificate is to be certified until Aug 11 00:53:33 2024 GMT (825 days)
Write out database with 1 new entries
Data Base Updated
* Notice:
Certificate created at: /Users/wiscii/git/easy-rsa/easyrsa3/pki/issued/s1.crt
—
Reply to this email directly, view it on GitHub <#559 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AANXQP37GAIEMCTQJG3IHLTVJBPTZANCNFSM5VKYVWHA>.
You are receiving this because you were assigned.
|
|
Further investigation indicates that Lines 1654 to 1660 in 85b35cc |
|
I don't think date on darwin is a problem at all.
Eric Crist
On May 9, 2022, at 7:56 AM, TinCanTech ***@***.***> wrote:
Further investigation indicates that start_fix_sec is probably the problem:
https://github.com/OpenVPN/easy-rsa/blob/85b35cccb86f9f8ca1d79b0816ef2ef6bd574ae2/easyrsa3/easyrsa#L1654-L1660
—
Reply to this email directly, view it on GitHub<#559 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AANXQP6UEXCWS2CDVYXNQ53VJEDOPANCNFSM5VKYVWHA>.
You are receiving this because you were assigned.Message ID: ***@***.***>
|
I do not buy "too up to date" unless there is some irony I were missing. That version of LibreSSL is pretty stale and has diverted from OpenSSL pretty early. About the date, see https://www.libressl.org/releases.html - Dec 2018 - so why waste time with it? Require a supported version of OpenSSL (meaning in the 1.1.1 or 3.0 tracks) and let the LibreSSL zealots deal with it. I understand why LibreSSL was forked, but essentially is has fallen so far behind it's not worth the efforts. And even OpenBSD offers ports of OpenSSL... |
|
I do get this error when running the command manually: But, in my testing I'm not making it that far in @mandree there are going to be people that may want to run this on their Mac and I think it's worth a little bit of effort. @TinCanTech op-test.sh still fails after your commit. |
|
No objection against running on Macs, but developing new code against an outdated LibreSSL version seems pretty far off. |
|
@ecrist (edit) can you please try running: |
ecrist
added a commit
that referenced
this issue
May 10, 2022
Backport the patch from a4e37cf to 3.0 that fixes the data arguments on Darwin and BSD. Patch originally authored by @TinCanTech. Update .gitignore to ignore macOS .DS_Store files. Update ChangeLog for v3.0.9 release Signed-off-by: Eric F Crist <ecrist@secure-computing.net>
|
LGTM |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/OpenVPN/easy-rsa/runs/6336081225?check_suite_focus=true
Let's see the queue of Mac users breaking down the door to help .. yawn
The text was updated successfully, but these errors were encountered: