[libvirt] [PATCH] Deal with gnutls 3.5.6 regression
I was not originally planning to do anything for the gnutls 3.5.6 regression: https://www.redhat.com/archives/libvir-list/2016-November/msg00816.html but there's still no immediate sign of the new 3.5.7 release, so while I still don't want to workaround the bug in libvirt, we can at least blacklist that version of gnutls in the test suite, so 'make check' passes on affected systems while we're waiting for 3.5.7 to arrive. Daniel P. Berrange (1): tests: blacklist gnutls 3.5.6 for wildcard tests tests/virnettlssessiontest.c | 9 +++++++++ 1 file changed, 9 insertions(+) -- 2.9.3
GNUTLS 3.5.6 broke wildcard support by reversing the fields in the reported dname. This regression will be fixed in 3.5.7, so rather than workaround it in libvirt we just blacklist that version https://lists.gnupg.org/pipermail/gnutls-devel/2016-November/008224.html Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- tests/virnettlssessiontest.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c index 0d2e106..b146072 100644 --- a/tests/virnettlssessiontest.c +++ b/tests/virnettlssessiontest.c @@ -374,6 +374,14 @@ mymain(void) DO_SESS_TEST(cacertreq.filename, servercertalt2req.filename, clientcertreq.filename, false, false, "wiki.libvirt.org", NULL); +#if GNUTLS_VERSION_NUMBER != 0x030506 + /* + * GNUTLS 3.5.6 broke wildcard support by reversing the + * fields in the reported dname. This regression will + * be fixed in 3.5.7, so rather than workaround it in + * libvirt we just blacklist that version + * https://lists.gnupg.org/pipermail/gnutls-devel/2016-November/008224.html + */ const char *const wildcards1[] = { "C=UK,CN=dogfood", NULL, @@ -412,6 +420,7 @@ mymain(void) false, false, "libvirt.org", wildcards5); DO_SESS_TEST(cacertreq.filename, servercertreq.filename, clientcertreq.filename, false, false, "libvirt.org", wildcards6); +#endif TLS_ROOT_REQ(cacertrootreq, "UK", "libvirt root", NULL, NULL, NULL, NULL, -- 2.9.3
On Mon, Dec 05, 2016 at 12:04:36PM +0000, Daniel P. Berrange wrote:
I was not originally planning to do anything for the gnutls 3.5.6 regression:
https://www.redhat.com/archives/libvir-list/2016-November/msg00816.html
but there's still no immediate sign of the new 3.5.7 release, so while I still don't want to workaround the bug in libvirt, we can at least blacklist that version of gnutls in the test suite, so 'make check' passes on affected systems while we're waiting for 3.5.7 to arrive.
3.5.7 has just hit Fedora updates-testing, but I figure we might as well still blacklist 3.5.6 in our tests Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
Anyone want to review this, if not I'll just claim its a build breaker fix... On Thu, Dec 08, 2016 at 09:56:43AM +0000, Daniel P. Berrange wrote:
On Mon, Dec 05, 2016 at 12:04:36PM +0000, Daniel P. Berrange wrote:
I was not originally planning to do anything for the gnutls 3.5.6 regression:
https://www.redhat.com/archives/libvir-list/2016-November/msg00816.html
but there's still no immediate sign of the new 3.5.7 release, so while I still don't want to workaround the bug in libvirt, we can at least blacklist that version of gnutls in the test suite, so 'make check' passes on affected systems while we're waiting for 3.5.7 to arrive.
3.5.7 has just hit Fedora updates-testing, but I figure we might as well still blacklist 3.5.6 in our tests
Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
On Wed, Dec 14, 2016 at 09:15:12AM +0000, Daniel P. Berrange wrote:
Anyone want to review this, if not I'll just claim its a build breaker fix...
On Thu, Dec 08, 2016 at 09:56:43AM +0000, Daniel P. Berrange wrote:
On Mon, Dec 05, 2016 at 12:04:36PM +0000, Daniel P. Berrange wrote:
I was not originally planning to do anything for the gnutls 3.5.6 regression:
https://www.redhat.com/archives/libvir-list/2016-November/msg00816.html
but there's still no immediate sign of the new 3.5.7 release, so while I still don't want to workaround the bug in libvirt, we can at least blacklist that version of gnutls in the test suite, so 'make check' passes on affected systems while we're waiting for 3.5.7 to arrive.
3.5.7 has just hit Fedora updates-testing, but I figure we might as well still blacklist 3.5.6 in our tests
Isn't the point of the test suite to also fail on broken systems? Jan
On Wed, Dec 14, 2016 at 11:01:10AM +0100, Ján Tomko wrote:
On Wed, Dec 14, 2016 at 09:15:12AM +0000, Daniel P. Berrange wrote:
Anyone want to review this, if not I'll just claim its a build breaker fix...
On Thu, Dec 08, 2016 at 09:56:43AM +0000, Daniel P. Berrange wrote:
On Mon, Dec 05, 2016 at 12:04:36PM +0000, Daniel P. Berrange wrote:
I was not originally planning to do anything for the gnutls 3.5.6 regression:
https://www.redhat.com/archives/libvir-list/2016-November/msg00816.html
but there's still no immediate sign of the new 3.5.7 release, so while I still don't want to workaround the bug in libvirt, we can at least blacklist that version of gnutls in the test suite, so 'make check' passes on affected systems while we're waiting for 3.5.7 to arrive.
3.5.7 has just hit Fedora updates-testing, but I figure we might as well still blacklist 3.5.6 in our tests
Isn't the point of the test suite to also fail on broken systems?
To some extent yes. The question is whether the failure is serious enough that we should continue to have the tests failure, or just a minor annoyance that we should paper over it. I'm fairly on the fence about this one - originally I wasn't going to fix it, but it took a while for 3.5.7 to arrive and quite a few people raised the issue of broken tests to me in the meanwhile. We could just leave this patch sitting on the list here for archive reference, but not fix it in git. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
On 14.12.2016 11:17, Daniel P. Berrange wrote:
On Wed, Dec 14, 2016 at 11:01:10AM +0100, Ján Tomko wrote:
On Wed, Dec 14, 2016 at 09:15:12AM +0000, Daniel P. Berrange wrote:
Anyone want to review this, if not I'll just claim its a build breaker fix...
On Thu, Dec 08, 2016 at 09:56:43AM +0000, Daniel P. Berrange wrote:
On Mon, Dec 05, 2016 at 12:04:36PM +0000, Daniel P. Berrange wrote:
I was not originally planning to do anything for the gnutls 3.5.6 regression:
https://www.redhat.com/archives/libvir-list/2016-November/msg00816.html
but there's still no immediate sign of the new 3.5.7 release, so while I still don't want to workaround the bug in libvirt, we can at least blacklist that version of gnutls in the test suite, so 'make check' passes on affected systems while we're waiting for 3.5.7 to arrive.
3.5.7 has just hit Fedora updates-testing, but I figure we might as well still blacklist 3.5.6 in our tests
Isn't the point of the test suite to also fail on broken systems?
To some extent yes. The question is whether the failure is serious enough that we should continue to have the tests failure, or just a minor annoyance that we should paper over it.
I'm fairly on the fence about this one - originally I wasn't going to fix it, but it took a while for 3.5.7 to arrive and quite a few people raised the issue of broken tests to me in the meanwhile.
We could just leave this patch sitting on the list here for archive reference, but not fix it in git.
I'm up for this idea and leave the code clean. Michal
participants (3)
-
Daniel P. Berrange -
Ján Tomko -
Michal Privoznik