New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Test failure in test_swtpm_setup_create_cert #477
Comments
Can you please describe the test envionment a bit better using the bug template, especially the versions of relevant components and which version of Gentoo you are using. Describe the bug To Reproduce Expected behavior Desktop (please complete the following information):
Versions of relevant components
Additional context |
Describe the bug To Reproduce Expected behavior Desktop (please complete the following information):
Versions of relevant components
Additional context Portage 3.0.20 (python 3.9.5-final-0, default/linux/amd64/17.1, gcc-11.1.0, glibc-2.33, 5.10.38-gentoo-dist x86_64)System uname: Linux-5.10.38-gentoo-dist-x86_64-Intel_Xeon_E3-12xx_v2_-Ivy_Bridge,_IBRS-with-glibc2.33 gentoo local ACCEPT_KEYWORDS="amd64" |
How does one install certtool of GnuTLS on Gentoo? |
USE="tools" |
Can you give me the complete emerge command line? |
USE="tools" emerge -av net-libs/gnutls |
Is this a new problem or did this already occur with swtpm-0.5.x ? |
Here's a script to test the behavior of
|
Here's teh result: test-cacert: line 1: /usr/bin/bash: No such file or directory Signing certificate... |
I know... Gentoo's certool behavior is an outlier compared to all the other distros. The problem is that some of these test cases are trying with 2 passwords, one for the root-ca and another one for the local-ca and there is no way of passing two passwords to |
I guess the GNUTLS_PIN environment variable is ignored if PKCS11 is disabled. Well Gentoo already required 1 extra gnutls flag (tools) for this package ANYWAY, and requiring the pkcs11 flag on gnutls only adds 1 extra dependency (app-crypt/p11-kit), its not a big deal for requiring it. It obviously needs to be enabled testing, but should net-libs/gnutls[pkcs11] be required for everyone else? It doesn't seem to affect libvirt's provisioning of the TPM. If it just optional features require it that few users are going to use, I'll just require net-libs/gnutls[pkcs11] for testing, then anyone who wants to set a password on the root certificate or use a TPM for it can enable it themselves. |
|
Its fixed now in Gentoo:
|
So it's all working now in Gentoo? If so, can you close this issue? |
RDEPEND=net-libs/gnutls[tools,pkcs11] is essentiallly required for app-crypt/swtpm. New vTPMs cannot be provisioned without it, and upstream expects gnutls to have PKCS11 support: stefanberger/swtpm#477 . Closes: https://bugs.gentoo.org/913586 Bug: https://bugs.gentoo.org/909754 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
RDEPEND=net-libs/gnutls[tools,pkcs11] is essentiallly required for app-crypt/swtpm. New vTPMs cannot be provisioned without it, and upstream expects gnutls to have PKCS11 support: stefanberger/swtpm#477 . Closes: #32704 Closes: https://bugs.gentoo.org/913586 Bug: https://bugs.gentoo.org/909754 Signed-off-by: Christopher Byrne <salah.coronya@gmail.com> Signed-off-by: Matthias Maier <tamiko@gentoo.org>
test_swtpm_setup_create_cert seems to fail if pkcs11 isn't enabled for gnutls and gnutls support is enabled. See https://bugs.gentoo.org/798759 . It appears the underlying cause is the "socket" parameter is not getting passed to swtpm when the --tpm option is passed to swtpm_setup .
The text was updated successfully, but these errors were encountered: