Bug 2142849

Summary: lasso-2.7.0-9.fc38 FTBFS: tests fail
Product: [Fedora] Fedora Reporter: Petr Pisar <ppisar>
Component: lassoAssignee: Simo Sorce <ssorce>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 38CC: jhrozek, jpazdziora, rcritten, ssorce, xavier
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://koschei.fedoraproject.org/package/lasso?collection=f38
Whiteboard:
Fixed In Version: lasso-2.8.2-1.fc38 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-04-29 02:52:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2117176, 2168842    

Description Petr Pisar 2022-11-15 11:09:51 UTC 
lasso-2.7.0-9.fc38 fails to build in Fedora 38 because a test fails:

+ make check CK_TIMEOUT_MULTIPLIER=10
make  check-recursive
make[1]: Entering directory '/builddir/build/BUILD/lasso-2.7.0'
Making check in lasso
make[2]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/lasso'
/usr/bin/python3 ./build_strerror.py . >.errors.c.new
if ! cmp -s ./errors.c .errors.c.new; then \
mv -f .errors.c.new errors.c; else \
rm .errors.c.new; fi
make  check-recursive
make[3]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/lasso'
Making check in xml
make[4]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/lasso/xml'
Making check in saml-2.0
make[5]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/lasso/xml/saml-2.0'
make[5]: Nothing to be done for 'check'.
make[5]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/lasso/xml/saml-2.0'
Making check in soap-1.1
make[5]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/lasso/xml/soap-1.1'
make[5]: Nothing to be done for 'check'.
make[5]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/lasso/xml/soap-1.1'
Making check in dsig
make[5]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/lasso/xml/dsig'
make[5]: Nothing to be done for 'check'.
make[5]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/lasso/xml/dsig'
Making check in ecp
make[5]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/lasso/xml/ecp'
make[5]: Nothing to be done for 'check'.
make[5]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/lasso/xml/ecp'
make[5]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/lasso/xml'
make[5]: Nothing to be done for 'check-am'.
make[5]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/lasso/xml'
make[4]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/lasso/xml'
Making check in id-ff
make[4]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/lasso/id-ff'
make[4]: Nothing to be done for 'check'.
make[4]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/lasso/id-ff'
Making check in saml-2.0
make[4]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/lasso/saml-2.0'
make[4]: Nothing to be done for 'check'.
make[4]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/lasso/saml-2.0'
make[4]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/lasso'
/usr/bin/python3 ./build_strerror.py . >.errors.c.new
if ! cmp -s ./errors.c .errors.c.new; then \
mv -f .errors.c.new errors.c; else \
rm .errors.c.new; fi
make[4]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/lasso'
make[3]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/lasso'
make[2]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/lasso'
Making check in tests
make[2]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/tests'
Making check in data
make[3]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/tests/data'
make[3]: Nothing to be done for 'check'.
make[3]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/tests/data'
make[3]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/tests'
make  check-TESTS
make[4]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/tests'
make[5]: Entering directory '/builddir/build/BUILD/lasso-2.7.0/tests'
FAIL: tests
PASS: tests2
============================================================================
Testsuite summary for lasso 2.7.0
============================================================================
# TOTAL: 2
# PASS:  1
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0
============================================================================
See tests/test-suite.log
Please report to lasso-devel.libre-entreprise.org
============================================================================
make[5]: Leaving directory '/builddir/build/BUILD/lasso-2.7.0/tests'

A difference between passing and failing build roots is at <https://koschei.fedoraproject.org/build/13946736>. An update of xmlsec1-devel
from 1.2.34-3.fc38 to 1.2.35-1.fc38 is suspicious.
Comment 1 Ben Cotton 2023-02-07 14:59:08 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora Linux 38 development cycle.
Changing version to 38.
Comment 2 Xavier Bachelot 2023-03-09 10:40:02 UTC 
Fixed by https://src.fedoraproject.org/rpms/lasso/pull-request/8
Comment 3 Jan Pazdziora (Red Hat) 2023-04-20 09:13:17 UTC 
The test-suite.log has a bunch of

lasso:ERROR:tools.c:586:lasso_query_sign: assertion failed: (rsa)
Bail out! lasso:ERROR:tools.c:586:lasso_query_sign: assertion failed: (rsa)

errors.

I also observe the same fails when attempting to use mod_auth_mellon on Fedora 38:

Error GETing http://www:8079/saml-redirect-uri/login?ReturnTo=http%3A%2F%2Fwww%3A8079%2Fadmin%2Flogin%2F%3Fnext%3D%2Fadmin%2F&IdP=http%3A%2F%2Fkeycloak%3A8082%2Frealms%2Frealm%2Db: Server closed connection without sending any data back at /test.pl line 21.

lasso:ERROR:tools.c:586:lasso_query_sign: assertion failed: (rsa)
[Thu Apr 20 09:05:42.901840 2023] [core:notice] [pid 17:tid 17] AH00051: child pid 20 exit signal Abort (6), possible coredump in /etc/httpd
Comment 4 Petr Pisar 2023-04-20 09:30:22 UTC 
The linked pull request rebases lasso from 2.7.0 to 2.8.1. Upstream changelog <https://git.entrouvert.org/entrouvert/lasso/src/tag/v2.8.1/NEWS> notes many changes in the cryptography part.
Comment 5 Jan Pazdziora (Red Hat) 2023-04-20 09:36:21 UTC 
Simo, since this is no longer just a FTBFS but it directly affects users in Fedora 38 (comment 3), as well as in rawhide (see bug 2187631), could you please consider reviewing the proposed PR and potentially rebase and rebuild lasso in Fedora 38 and rawhide to see where it gets us?
Comment 6 Simo Sorce 2023-04-20 16:41:49 UTC 
JFY, I am trying to resolve rawhide issues where lasso rebase fails to build against newer xmlsec1 which iws a major ABI/API breaking change.
Once that is solved, I will try to build this new version in 38
Comment 7 Simo Sorce 2023-04-20 18:02:04 UTC 
Rawhide has issues because there xmlsec1 was rebased to 1.3.0 and that breaks a bunch of things.

However I have a build passing for f38 here:
https://koji.fedoraproject.org/koji/taskinfo?taskID=100179940
Comment 8 Fedora Update System 2023-04-20 18:07:40 UTC 
FEDORA-2023-c6c902f9fe has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-c6c902f9fe
Comment 9 Fedora Update System 2023-04-21 03:20:56 UTC 
FEDORA-2023-c6c902f9fe has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-c6c902f9fe`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-c6c902f9fe

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 10 Jan Pazdziora (Red Hat) 2023-04-21 07:10:20 UTC 
Thanks for the Fedora 38 build. Karma given, it fixes the mod_auth_mellon use-case.
Comment 11 Fedora Update System 2023-04-29 02:52:43 UTC 
FEDORA-2023-c6c902f9fe has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.