cmake: build stubgss library for libtests to match autotools
#17653
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vszakats
force-pushed
the
cm-libtests-gssstub
branch
from
857414f to
8620257
Compare
|
Analysis of PR #17653 at 86202575: Test 2056 failed, which has NOT been flaky recently, so there could be a real issue in this PR. Note that this test has failed in 22 different CI jobs (the link just goes to one of them). Test 2057 failed, which has NOT been flaky recently, so there could be a real issue in this PR. Note that this test has failed in 20 different CI jobs (the link just goes to one of them). Generated by Testclutch |
https://github.com/curl/curl/actions/runs/15761470154/job/44428953936?pr=17653 ``` test 2056...[HTTP Negotiate authentication (stub krb5)] 2056: protocol FAILED! There was no content at all in the file log/16/server.input. Server glitch? Total curl failure? Returned: 2006 == Contents of files in the log/16/ dir after test 2056 === Start of file commands.log ../src/curl -q --output log/16/curl2056.out --include --trace-ascii log/16/trace2056 --trace-config all --trace-time --negotiate http://127.0.0.1:50648/2056 > log/16/stdout2056 2> log/16/stderr2056 === End of file commands.log === Start of file http_server.log 15:33:30.366826 ====> Client connect dyld[17773]: terminating because inserted dylib 'libstubgss.dylib' could not be loaded: tried: '/Users/runner/work/curl/curl/bld/tests/libtest/.libs/libstubgss.dylib' (no such file), '/Users/runner/work/curl/curl/bld/tests/libtest/libstubgss.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need 'arm64e')), 'libstubgss.dylib' (no such file), '/System/Volumes/Preboot/Cryptexes/OSlibstubgss.dylib' (no such file), 'libstubgss.dylib' (no such file), '/Users/runner/work/curl/curl/bld/tests/libtest/.libs/libstubgss.dylib' (no such file), '/Users/runner/work/curl/curl/bld/tests/libtest/libstubgss.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need 'arm64e')), '/Users/runner/work/curl/curl/bld/tests/libstubgss.dylib' (no such file), '/System/Volumes/Preboot/Cryptexes/OS/Users/runner/work/curl/curl/bld/tests/libstubgss.dylib' (no such file), '/Users/runner/work/curl/curl/bld/tests/libstubgss.dylib' (no such file) dyld[17773]: tried: '/Users/runner/work/curl/curl/bld/tests/libtest/.libs/libstubgss.dylib' (no such file), '/Users/runner/work/curl/curl/bld/tests/libtest/libstubgss.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need 'arm64e')), 'libstubgss.dylib' (no such file), '/System/Volumes/Preboot/Cryptexes/OSlibstubgss.dylib' (no such file), 'libstubgss.dylib' (no such file), '/Users/runner/work/curl/curl/bld/tests/libtest/.libs/libstubgss.dylib' (no such file), '/Users/runner/work/curl/curl/bld/tests/libtest/libstubgss.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need 'arm64e')), '/Users/runner/work/curl/curl/bld/tests/libstubgss.dylib' (no such file), '/System/Volumes/Preboot/Cryptexes/OS/Users/runner/work/curl/curl/bld/tests/libstubgss.dylib' (no such file), '/Users/runner/work/curl/curl/bld/tests/libstubgss.dylib' (no such file) ``` https://github.com/curl/curl/actions/runs/15761470154/job/44428953936?pr=17653#step:16:3183
vszakats
force-pushed
the
cm-libtests-gssstub
branch
from
9db8002 to
071f3bd
Compare
vszakats
force-pushed
the
cm-libtests-gssstub
branch
from
071f3bd to
d505f55
Compare
https://github.com/curl/curl/actions/runs/15762896027/job/44433397386?pr=17653#step:16:3248 ``` test 2056...[HTTP Negotiate authentication (stub krb5)] 2056: protocol FAILED! There was no content at all in the file log/4/server.input. Server glitch? Total curl failure? Returned: 2006 == Contents of files in the log/4/ dir after test 2056 === Start of file commands.log ../src/curl -q --output log/4/curl2056.out --include --trace-ascii log/4/trace2056 --trace-config all --trace-time --negotiate http://127.0.0.1:49216/2056 > log/4/stdout2056 2> log/4/stderr2056 === End of file commands.log === Start of file http_server.log 16:59:26.108155 ====> Client connect 16:59:26.137818 accept_connection 3 returned 4 16:59:26.137876 accept_connection 3 returned 0 16:59:26.138003 Read 97 bytes 16:59:26.140198 Process 97 bytes request 16:59:26.140253 Got request: GET /verifiedserver HTTP/1.1 16:59:26.140325 Are-we-friendly question received 16:59:26.140589 Wrote request (97 bytes) input to log/4/server.input 16:59:26.140800 Identifying ourselves as friends 16:59:26.173804 Response sent (55 bytes) and written to log/4/server.response 16:59:26.173842 special request received, no persistency 16:59:26.237431 ====> Client disconnect 0 === End of file http_server.log === Start of file http_verify.log * Trying 127.0.0.1:49216... * Connected to 127.0.0.1 (127.0.0.1) port 49216 * using HTTP/1.x > GET /verifiedserver HTTP/1.1 > Host: 127.0.0.1:49216 > User-Agent: curl/8.15.0-DEV > Accept: */* > * Request completely sent off < HTTP/1.1 200 OK < Content-Length: 16 < { [16 bytes data] * Connection #0 to host 127.0.0.1 left intact === End of file http_verify.log === Start of file http_verify.out WE ROOLZ: 7432 === End of file http_verify.out === Start of file server.cmd Testnum 2056 === End of file server.cmd === Start of file server.response HTTP/1.1 200 OK Content-Length: 16 WE ROOLZ: 7432 === End of file server.response test 2057...[HTTP Negotiate authentication (stub NTLM)] 2057: protocol FAILED! There was no content at all in the file log/19/server.input. Server glitch? Total curl failure? Returned: 2006 == Contents of files in the log/19/ dir after test 2057 === Start of file commands.log ../src/curl -q --output log/19/curl2057.out --include --trace-ascii log/19/trace2057 --trace-config all --trace-time --negotiate http://127.0.0.1:49219/2057 > log/19/stdout2057 2> log/19/stderr2057 === End of file commands.log === Start of file http_server.log 16:59:26.133510 ====> Client connect 16:59:26.139663 accept_connection 3 returned 4 16:59:26.139725 accept_connection 3 returned 0 16:59:26.143086 Read 97 bytes 16:59:26.154577 Process 97 bytes request 16:59:26.173113 Got request: GET /verifiedserver HTTP/1.1 16:59:26.173263 Are-we-friendly question received 16:59:26.237855 Wrote request (97 bytes) input to log/19/server.input 16:59:26.238029 Identifying ourselves as friends 16:59:26.241446 Response sent (55 bytes) and written to log/19/server.response 16:59:26.306495 special request received, no persistency 16:59:26.306574 ====> Client disconnect 0 === End of file http_server.log === Start of file http_verify.log * Trying 127.0.0.1:49219... * Connected to 127.0.0.1 (127.0.0.1) port 49219 * using HTTP/1.x > GET /verifiedserver HTTP/1.1 > Host: 127.0.0.1:49219 > User-Agent: curl/8.15.0-DEV > Accept: */* > * Request completely sent off < HTTP/1.1 200 OK < Content-Length: 16 < { [16 bytes data] * Connection #0 to host 127.0.0.1 left intact === End of file http_verify.log === Start of file http_verify.out WE ROOLZ: 7416 === End of file http_verify.out === Start of file server.cmd Testnum 2057 === End of file server.cmd === Start of file server.response HTTP/1.1 200 OK Content-Length: 16 WE ROOLZ: 7416 === End of file server.response ```
This reverts commit f650be4. There is already a GSS cmake job, right below this one.
This reverts commit 862815f.
vszakats
force-pushed
the
cm-libtests-gssstub
branch
from
05596b4 to
c5f4d9a
Compare
denandz
pushed a commit
to denandz/curl
that referenced
this pull request
Jun 21, 2025
Used by test 2056 and 2057, in a way that's Linux- & autotools-specific. This patch builds it for all Unix, syncing cmake with autotools. Adapt the two tests to find the library in CMake builds as well. Tested OK on Linux. (CI does not test this. The corresponding jobs build in debug mode, while the `LD_PRELOAD` feature is locked to non-debug.) On macOS it didn't load without building everything for aarch64e arch: "../bld/tests/libtest/libstubgss.dylib' (mach-o file, but is an incompatible architecture (have 'arm64', need 'arm64e'))" With that fixed it still did not load correctly and/or the tests did not pass. So, for macOS these tests remain disabled. Also: - GHA/macos: build for aarch64e. (recognized by Apple clang as of this patch. llvm and gcc fall back to aarch64.) Follow-up to 56d949d curl#1687 Closes curl#17653
6 tasks
vszakats
added a commit
that referenced
this pull request
Jun 30, 2025
Replace the `libstubgss.so`-based overload solution with one built into libcurl at compile-time. The previous, `LD_PRELOAD`-based, solution was non-portable, allowlisted for Linux, BSD and Solaris. It also required non-debug builds, which turned out to be an accidental condition: 7d342c7. It also required a curl tool built against a shared libcurl. Detecting this condition wasn't always accurate, e.g. with certain cmake configurations. The overload solution also didn't work on macOS, though it theoretically should have: - #17653 - #2394 Experiments on making the overload solution work in more envs: - #17759 That revealed that it also did not work on NetBSD, in CI. The replacement solution is overloading the necessary GSS-API functions for test 2056 and 2057 at compile time. It requires a debug-enabled curl build (due to its insecure nature). This makes these tests run on all platforms. Including most GSS jobs in CI, that are running tests. (the exception is old-linux, non-debug jobs, where it felt overkill to enable debug for this.) The refactored GSS stub code needs to overload less than before because it's free to use the official GSS API. (This didn't work with the overload solution on Alpine for example). It can also use libcurl functions, allowing to replace `snprintf()` with `msnprintf()`. OS/400 is also overloading GSS API functions. I haven't tested how this works after this PR. In theory it should, because this PR doesn't rely on preprocessor overrides. Note that for future GSS tests, it may be necessary to stub these GSS API functions: `gss_inquire_context()`, `gss_unwrap()`, `gss_wrap()`. They are on codepaths not (yet) touched by tests. Also: - stub-gss: check for token buffer overrun. - stub-gss: replace size macros with `sizeof()`. - GHA: enable debug for some jobs with GSS. - GHA/linux: ignore results for 2056 and 2057 in the valgrind job. They leak the same way as seen with 2077 and 2078. Ref: 7020ba7 #17462 Ref: 1467597 #14430 - GHA/linux: fix to ignore `gss_import_name()` leaks in valgrind builds. only. - lib/vauth/krb5_gssapi: reduce variable scope. - lib/vauth/spnego_gssapi: reduce variable scope. - tests/libtest: drop code and build logic dealing with `libstubgss`. - runtests: - drop `ld_preload` feature. - drop special handling of `LD_PRELOAD` env in tests. - drop logic dealing with shared curl tool detection. - drop `LD_PRELOAD` envs from tests. Follow-up to 56d949d #1687 Closes #17752
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Used by test 2056 and 2057, in a way that's Linux- & autotools-specific.
This patch builds it for all Unix, syncing cmake with autotools.
Adapt the two tests to find the library in CMake builds as well.
Tested OK on Linux. (CI does not test this. The corresponding jobs build
in debug mode, while the
LD_PRELOADfeature is locked to non-debug.)On macOS it didn't load without building everything for aarch64e arch:
"../bld/tests/libtest/libstubgss.dylib' (mach-o file, but is
an incompatible architecture (have 'arm64', need 'arm64e'))"
With that fixed it still did not load correctly and/or the tests did not
pass. So, for macOS these tests remain disabled.
Also:
patch. llvm and gcc fall back to aarch64.)
Follow-up to 56d949d #1687