Bug 1984842
| Summary: | gnupg2: FTBFS due to test suite failure: <standard>tests/openpgp/ecc.scm | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Florian Weimer <fweimer> | ||||
| Component: | gnupg2 | Assignee: | Jakub Jelen <jjelen> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Stanislav Zidek <szidek> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | CentOS Stream | CC: | bstinson, jwboyer | ||||
| Target Milestone: | beta | Keywords: | Rebase, Triaged | ||||
| Target Release: | 9.0 | Flags: | pm-rhel:
mirror+
|
||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | gnupg2-2.3.3-1.el9 | Doc Type: | No Doc Update | ||||
| Doc Text: |
Rebase package(s) to version: 2.3.3
Highlights, important fixes, or notable enhancements:
* Fix Let's Encrypt certificate chain validation.
* remove the gpg-zip tool
* disabled internal ccid driver to avoid clashing with system pcscd
* many bugfixes
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=NEWS;h=d2bb9cbbed9126893b1c019045acf428e752670a;hb=61ac580a2075564bc775b6764a239dad5e336251
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2022-05-17 15:37:05 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
The build failure is sporadic, but can be reproduced with: cd /builddir/build/BUILD/gnupg-2.3.1/tests/openpgp while LC_ALL=C EXEEXT= PATH="../gpgscm:/builddir/.local/bin:/builddir/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin" abs_top_srcdir="/builddir/build/BUILD/gnupg-2.3.1" objdir="/builddir/build/BUILD/gnupg-2.3.1" GPGSCM_PATH="/builddir/build/BUILD/gnupg-2.3.1/tests/gpgscm" /builddir/build/BUILD/gnupg-2.3.1/tests/gpgscm/gpgscm /builddir/build/BUILD/gnupg-2.3.1/tests/openpgp/run-tests.scm ecc.scm ; do : ; done (In a build chroot.) I've seen one x86-64 failure. It could be related to bit patterns, similar to the MPI padding problem in OpenPGP and this upstream issue: https://dev.gnupg.org/T5163 Since the build failure is so rare, I do not consider this bug a blocker for the mass rebuild anymore. I got the same failure today when building the update for centos 9 stream: https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=784660 ``` Checking ECC encryption and decryption > plain-1 ..gpg: encrypted with nistp384 key, ID AA8B938F9A201946, created 2011-02-09 "ec_dsa_dh_384 <openpgp>" gpg: public key decryption failed: Corrupted protection gpg: decryption failed: Corrupted protection : (() ((throw (:stderr result)) (call-popen cmd input))) 0: #<CLOSURE> 1: tests.scm:443: (apply throw error) FAIL: <standard>tests/openpgp/ecc.scm ``` It failed only on i386, while already worked on other arches. Your failure was on s390x so I will try to have a better look into this. It looks like this is fixed with https://dev.gnupg.org/rG5b1806454c03b3b493222f405ffced80a5d430ad which is for some reason missing from the 2.3.1 release we have in RHEL9. I did not see this failure in Fedora ever. I tried to run the test for some time locally but did not hit the issue even with the 2.3.1 I think the best course of action right now would be rebase to 2.3.3 right now. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: gnupg2), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:3902 |
Created attachment 1804435 [details] build.log Rebuilding gnupg2-2.3.1-1.el9 fails with this error: Checking ECC encryption and decryption > plain-1 ..gpg: encrypted with nistp384 key, ID AA8B938F9A201946, created 2011-02-09 "ec_dsa_dh_384 <openpgp>" gpg: public key decryption failed: Corrupted protection gpg: decryption failed: Corrupted protection : (() ((throw (:stderr result)) (call-popen cmd input))) 0: #<CLOSURE> 1: tests.scm:443: (apply throw error) FAIL: <standard>tests/openpgp/ecc.scm This may be related to a glibc update. I will try to gather more details.