Description of problem: ~/Projects/Mine/RPM/tmp/SPECS α: /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /tmp/pem/objsign-ca-bundle.pem p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/. Segmentation fault (core dumped) 0 <- /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /tmp/pem/objsign-ca-bundle.pem ~/Projects/Mine/RPM/tmp/SPECS α: gdb /usr/bin/p11-kit GNU gdb (GDB) Fedora (7.6-34.fc19) Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/p11-kit...Reading symbols from /usr/bin/p11-kit...(no debugging symbols found)...done. (no debugging symbols found)...done. Missing separate debuginfos, use: debuginfo-install p11-kit-0.18.5-1.fc19.i686 p11-kit-0.18.5-1.fc19.x86_64 (gdb) set args extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /tmp/pem/objsign-ca-bundle.pem (gdb) run Starting program: /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /tmp/pem/objsign-ca-bundle.pem [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/. Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7bceeb2 in p11_lexer_next () from /lib64/libp11-kit.so.0 (gdb) bt #0 0x00007ffff7bceeb2 in p11_lexer_next () from /lib64/libp11-kit.so.0 #1 0x00007ffff7bc0d94 in _p11_conf_parse_file () from /lib64/libp11-kit.so.0 #2 0x00007ffff7bc116a in load_configs_from_directory () from /lib64/libp11-kit.so.0 #3 0x00007ffff7bc1740 in _p11_conf_load_modules () from /lib64/libp11-kit.so.0 #4 0x00007ffff7bc385c in _p11_kit_initialize_registered_unlocked_reentrant () from /lib64/libp11-kit.so.0 #5 0x00007ffff7bc3efd in p11_kit_initialize_registered () from /lib64/libp11-kit.so.0 #6 0x0000000000404439 in p11_tool_extract () #7 0x0000000000402ca7 in main () Config files: ~/Projects/Mine/RPM/tmp/SPECS α: ls -la /usr/share/p11-kit/modules/* -rw-r--r-- 1 root root 293 May 5 02:01 /usr/share/p11-kit/modules/gnome-keyring.module -rw-r--r-- 1 root root 693 Jul 18 06:02 /usr/share/p11-kit/modules/p11-kit-trust.module 0 <- ls -la /usr/share/p11-kit/modules/* ~/Projects/Mine/RPM/tmp/SPECS α: cat /usr/share/p11-kit/modules/* # The file is installed/loaded from the default module p11-kit directory module: gnome-keyring-pkcs11.so # And where to store and lookup trust objects x-trust-store: pkcs11:library-manufacturer=GNOME%20Keyring;serial=1:XDG:DEFAULT x-trust-lookup: pkcs11:library-manufacturer=GNOME%20Keyring # See pkcs11.conf(5) to understand this file # This is a module config for the 'included' p11-kit trust module module: p11-kit-trust.so # This setting affects the order that trust policy and other information # is looked up when going across various modules. Other trust policy modules # need to specify the priority where they slot into things. priority: 1 # Mark this module as a viable source of trust policy information trust-policy: yes # This is for drop-in compatibilty with glib-networking and gcr. Those # projects used this non-standard attribute to denote slots to use to # retrieve trust information. x-trust-lookup: pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module
Removing the module files makes no change. There is nothing in /etc/pkcs11/modules. How can this very untested and immature software ship in such a way that it breaks everything across the distro?
Downgrading to the version shipping in the base distro repos rather than the upgrades gives me a different error: p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/. p11-kit: couldn't read config file: /etc/pkcs11/modules/. p11-kit: couldn't initialize registered modules: Internal error p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/. p11-kit: couldn't read config file: /etc/pkcs11/modules/. p11-kit: couldn't initialize registered modules: Internal error p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/. p11-kit: couldn't read config file: /etc/pkcs11/modules/. p11-kit: couldn't initialize registered modules: Internal error p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/. p11-kit: couldn't read config file: /etc/pkcs11/modules/. p11-kit: couldn't initialize registered modules: Internal error p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/. p11-kit: couldn't read config file: /etc/pkcs11/modules/. p11-kit: couldn't initialize registered modules: Internal error
Just in case you were wondering why you haven't received any ABRT reports about this grave bug: ABRT ITSELF IS BROKEN because of this.
It's strange that p11-kit attempts to load a file of filename '.' (dot). The code appears to check for the type, and skips directories. Please run find /etc/pkcs11/modules/ Does it show anything in addition to /etc/pkcs11/modules/ ? I cannot think of a reason why it would happen, but it sounds like the code attempts to process the directory entry '.' as a file. Maybe the code to distinguish a file and a directory fails? Can you find a way to reinstall the latest p11-kit and also please install the debuginfo package for p11-kit? Can you try to set breakpoings and step through? (gdb) break load_configs_from_directory (gdb) r Once there, set another breakpoint on the following line: if (!is_dir && !load_config_from_file (path, dp->d_name, configs, flags)) { which is 429 in the latest package. (gdb) break 429 (gdb) c Each time you stop there, please (gdb) print is_dir (gdb) print dp->d_name (gdb) print path What output do you get?
> Program received signal SIGSEGV, Segmentation fault. > 0x00007ffff7bceeb2 in p11_lexer_next () from /lib64/libp11-kit.so.0 > (gdb) bt > #0 0x00007ffff7bceeb2 in p11_lexer_next () from /lib64/libp11-kit.so.0 > #1 0x00007ffff7bc0d94 in _p11_conf_parse_file () from /lib64/libp11-kit.so.0 > #2 0x00007ffff7bc116a in load_configs_from_directory () from /lib64/libp11-kit.so.0 This stack is unexpected. load_configs_from_directory doesn't call _p11_conf_parse_file directly, we should see another stack entry in between.
find /etc/pkcs11/modules/ /etc/pkcs11/modules/
This program is totally retarded. Look at the file name parameter in frame 2: gdb /usr/bin/p11-kit GNU gdb (GDB) Fedora (7.6-34.fc19) Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/p11-kit...Reading symbols from /usr/lib/debug/usr/bin/p11-kit.debug...done. done. (gdb) set args extract --format=openssl-bundle --filter=certificates --overwrite /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt (gdb) run Starting program: /usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". p11-kit: invalid config filename, will be ignored in the future: /etc/pkcs11/modules/. Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7bceeb2 in p11_lexer_next (lexer=lexer@entry=0x7fffffffdbf0, failed=failed@entry=0x7fffffffdbdf) at lexer.c:113 113 if (strncmp (lexer->at, "-----BEGIN ", 11) == 0) { (gdb) info locals colon = <optimized out> value = <optimized out> line = <optimized out> end = <optimized out> pos = <optimized out> part = <optimized out> __func__ = "p11_lexer_next" __PRETTY_FUNCTION__ = "p11_lexer_next" (gdb) f 1 #1 0x00007ffff7bc0d94 in _p11_conf_parse_file (filename=filename@entry=0x61d290 "/etc/pkcs11/modules/.", flags=flags@entry=1) at conf.c:136 136 while (p11_lexer_next (&lexer, &failed)) { (gdb) info locals map = 0x637bc0 data = 0xffffffffffffffff lexer = {filename = 0x61d4a0 "/etc/pkcs11/modules/.", at = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>, remaining = 2, complained = 0, tok_type = 0, tok = {section = {name = 0x0}, field = {name = 0x0, value = 0x0}, pem = {begin = 0x0, length = 0}}} failed = false length = 2 mmap = 0x61d3f0 error = <optimized out> __PRETTY_FUNCTION__ = "_p11_conf_parse_file" __func__ = "_p11_conf_parse_file" Re-tar-ded.
Of course, if I remove the empty directory, it DOES NOT MATTER, still retarded: /usr/bin/update-ca-trust p11-kit: invalid config filename, will be ignored in the future: /usr/share/p11-kit/modules/. /usr/bin/update-ca-trust: line 14: 14681 Segmentation fault (core dumped) /usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite $DEST/openssl/ca-bundle.trust.crt p11-kit: invalid config filename, will be ignored in the future: /usr/share/p11-kit/modules/. /usr/bin/update-ca-trust: line 15: 15011 Segmentation fault (core dumped) /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth $DEST/pem/tls-ca-bundle.pem p11-kit: invalid config filename, will be ignored in the future: /usr/share/p11-kit/modules/. /usr/bin/update-ca-trust: line 16: 15013 Segmentation fault (core dumped) /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose email $DEST/pem/email-ca-bundle.pem p11-kit: invalid config filename, will be ignored in the future: /usr/share/p11-kit/modules/. /usr/bin/update-ca-trust: line 17: 15016 Segmentation fault (core dumped) /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing $DEST/pem/objsign-ca-bundle.pem p11-kit: invalid config filename, will be ignored in the future: /usr/share/p11-kit/modules/. /usr/bin/update-ca-trust: line 18: 15019 Segmentation fault (core dumped) /usr/bin/p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth $DEST/java/cacerts
Not even the F20 src RPM rebuilt in my system works. It doesn't even build: --------------------------------- Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.l6IPs9 + umask 022 + cd /home/rudd-o/Projects/Mine/RPM/tmp/BUILD + cd p11-kit-0.19.3 + make check Making check in build make[1]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/build' Making check in certs make[2]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/build/certs' make[2]: Nothing to be done for `check'. make[2]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/build/certs' make[2]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/build' make[2]: Nothing to be done for `check-am'. make[2]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/build' make[1]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/build' Making check in common make[1]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common' Making check in . make[2]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common' make[2]: Nothing to be done for `check-am'. make[2]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common' Making check in tests make[2]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common/tests' make check-TESTS make[3]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common/tests' 1..1 ok 1 /test/success PASS: test-tests 1..2 ok 1 /compat/strndup ok 2 /compat/getauxval PASS: test-compat 1..2 ok 1 /hash/murmur3 ok 2 /hash/murmur3-incr PASS: test-hash 1..14 ok 1 /dict/create ok 2 /dict/set-get ok 3 /dict/set-get-remove ok 4 /dict/remove-destroys ok 5 /dict/set-clear ok 6 /dict/set-destroys ok 7 /dict/clear-destroys ok 8 /dict/free-null ok 9 /dict/free-destroys ok 10 /dict/iterate ok 11 /dict/iterate-remove ok 12 /dict/add-check-lots-and-collisions ok 13 /dict/count ok 14 /dict/ulongptr PASS: test-dict 1..8 ok 1 /array/create ok 2 /array/add ok 3 /array/add-remove ok 4 /array/remove-destroys ok 5 /array/remove-and-count ok 6 /array/free-null ok 7 /array/free-destroys ok 8 /array/clear-destroys PASS: test-array 1..11 ok 1 /constants/types ok 2 /constants/classes ok 3 /constants/trusts ok 4 /constants/certs ok 5 /constants/keys ok 6 /constants/asserts ok 7 /constants/categories ok 8 /constants/mechanisms ok 9 /constants/users ok 10 /constants/states ok 11 /constants/returns PASS: test-constants 1..27 ok 1 /attrs/equal ok 2 /attrs/hash ok 3 /attrs/to-string ok 4 /attrs/terminator ok 5 /attrs/count ok 6 /attrs/build-one ok 7 /attrs/build-two ok 8 /attrs/build-invalid ok 9 /attrs/buildn-one ok 10 /attrs/buildn-two ok 11 /attrs/build-add ok 12 /attrs/build-null ok 13 /attrs/dup ok 14 /attrs/take ok 15 /attrs/merge-replace ok 16 /attrs/merge-augment ok 17 /attrs/merge-empty ok 18 /attrs/free-null ok 19 /attrs/match ok 20 /attrs/matchn ok 21 /attrs/find ok 22 /attrs/findn ok 23 /attrs/find-bool ok 24 /attrs/find-ulong ok 25 /attrs/find-value ok 26 /attrs/find-valid ok 27 /attrs/remove PASS: test-attrs 1..6 ok 1 /buffer/init-uninit ok 2 /buffer/init-for-data ok 3 /buffer/append ok 4 /buffer/null ok 5 /buffer/add ok 6 /buffer/steal PASS: test-buffer 1..5 ok 1 /url/decode-success ok 2 /url/decode-skip ok 3 /url/decode-failure ok 4 /url/encode ok 5 /url/encode-verbatim PASS: test-url 1..7 ok 1 /path/base ok 2 /path/build ok 3 /path/expand ok 4 /path/absolute ok 5 /path/parent ok 6 /path/prefix ok 7 /path/canon PASS: test-path 1..6 ok 1 /lexer/basic ok 2 /lexer/corners ok 3 /lexer/following ok 4 /lexer/bad-pem ok 5 /lexer/bad-section ok 6 /lexer/bad-value PASS: test-lexer 1..1 p11-kit: Details: value: No such file or directory ok 1 /message/with-err PASS: test-message =================== All 12 tests passed =================== make[3]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common/tests' make[2]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common/tests' make[1]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/common' Making check in p11-kit make[1]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit' Making check in . make[2]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit' make[2]: Nothing to be done for `check-am'. make[2]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit' Making check in tests make[2]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit/tests' make check-TESTS make[3]: Entering directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit/tests' 1..2 ok 1 /progname/test_progname_default ok 2 /progname/test_progname_set PASS: test-progname 1..1 ok 1 /util/space-strlen PASS: test-util 1..16 ok 1 /conf/test_parse_conf_1 ok 2 /conf/test_parse_ignore_missing p11-kit: couldn't open config file: /home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit/tests/files/non-existant.conf: No such file or directory ok 3 /conf/test_parse_fail_missing ok 4 /conf/test_merge_defaults ok 5 /conf/test_load_globals_merge ok 6 /conf/test_load_globals_no_user ok 7 /conf/test_load_globals_system_sets_only ok 8 /conf/test_load_globals_user_sets_only p11-kit: invalid mode for 'user-config': bad ok 9 /conf/test_load_globals_system_sets_invalid p11-kit: invalid mode for 'user-config': bad ok 10 /conf/test_load_globals_user_sets_invalid p11-kit: invalid config filename, will be ignored in the future: /home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit/tests/files/user-modules/. /bin/sh: line 5: 30137 Segmentation fault (core dumped) ${dir}$tst FAIL: test-conf 1..40 ok 1 /uri/test_uri_parse ok 2 /uri/test_uri_parse_bad_scheme ok 3 /uri/test_uri_parse_with_label ok 4 /uri/test_uri_parse_with_label_and_klass ok 5 /uri/test_uri_parse_with_id ok 6 /uri/test_uri_parse_with_bad_string_encoding ok 7 /uri/test_uri_parse_with_bad_hex_encoding ok 8 /uri/test_uri_parse_with_token ok 9 /uri/test_uri_parse_with_token_bad_encoding ok 10 /uri/test_uri_parse_with_bad_syntax ok 11 /uri/test_uri_parse_with_spaces ok 12 /uri/test_uri_parse_with_library ok 13 /uri/test_uri_parse_with_library_bad_encoding ok 14 /uri/test_uri_build_empty ok 15 /uri/test_uri_build_with_token_info ok 16 /uri/test_uri_build_with_token_null_info ok 17 /uri/test_uri_build_with_token_empty_info ok 18 /uri/test_uri_build_with_attributes ok 19 /uri/test_uri_parse_private_key ok 20 /uri/test_uri_parse_secret_key ok 21 /uri/test_uri_parse_library_version ok 22 /uri/test_uri_parse_parse_unknown_object_type ok 23 /uri/test_uri_parse_unrecognized ok 24 /uri/test_uri_parse_too_long_is_unrecognized ok 25 /uri/test_uri_build_object_type_cert ok 26 /uri/test_uri_build_object_type_private ok 27 /uri/test_uri_build_object_type_public ok 28 /uri/test_uri_build_object_type_secret ok 29 /uri/test_uri_build_with_library ok 30 /uri/test_uri_build_library_version ok 31 /uri/test_uri_get_set_unrecognized ok 32 /uri/test_uri_match_token ok 33 /uri/test_uri_match_module ok 34 /uri/test_uri_match_version ok 35 /uri/test_uri_match_attributes ok 36 /uri/test_uri_get_set_attribute ok 37 /uri/test_uri_get_set_attributes ok 38 /uri/test_uri_pin_source ok 39 /uri/test_uri_free_null ok 40 /uri/test_uri_message PASS: test-uri 1..8 ok 1 /pin/test_pin_register_unregister ok 2 /pin/test_pin_read ok 3 /pin/test_pin_read_no_match ok 4 /pin/test_pin_register_duplicate ok 5 /pin/test_pin_register_fallback ok 6 /pin/test_pin_file ok 7 /pin/test_pin_file_large ok 8 /pin/test_pin_ref_unref PASS: test-pin 1..7 ok 1 /init/test_recursive_initialization ok 2 /init/test_threaded_initialization ok 3 /init/test_mutexes ok 4 /init/test_load_and_initialize ok 5 /init/test_fork_initialization ok 6 /init/test_initalize_fail ok 7 /init/test_finalize_fail PASS: test-init 1..10 /bin/sh: line 5: 30155 Segmentation fault (core dumped) ${dir}$tst FAIL: test-modules 1..9 /bin/sh: line 5: 30163 Segmentation fault (core dumped) ${dir}$tst FAIL: test-deprecated 1..43 /bin/sh: line 5: 30169 Segmentation fault (core dumped) ${dir}$tst FAIL: test-proxy 1..27 /bin/sh: line 5: 30177 Segmentation fault (core dumped) ${dir}$tst FAIL: test-iter 1..3 ok 1 /virtual/test_initialize ok 2 /virtual/test_fall_through ok 3 /virtual/test_get_function_list PASS: test-virtual 1..44 ok 1 /managed/test_initialize_finalize ok 2 /managed/test_initialize_fail ok 3 /managed/test_separate_close_all_sessions ok 4 /managed/test_get_info ok 5 /managed/test_get_slot_list ok 6 /managed/test_get_slot_info ok 7 /managed/test_get_token_info ok 8 /managed/test_get_mechanism_list ok 9 /managed/test_get_mechanism_info ok 10 /managed/test_init_token ok 11 /managed/test_wait_for_slot_event ok 12 /managed/test_open_close_session ok 13 /managed/test_close_all_sessions ok 14 /managed/test_get_function_status ok 15 /managed/test_cancel_function ok 16 /managed/test_get_session_info ok 17 /managed/test_init_pin ok 18 /managed/test_set_pin ok 19 /managed/test_operation_state ok 20 /managed/test_login_logout ok 21 /managed/test_get_attribute_value ok 22 /managed/test_set_attribute_value ok 23 /managed/test_create_object ok 24 /managed/test_copy_object ok 25 /managed/test_destroy_object ok 26 /managed/test_get_object_size ok 27 /managed/test_find_objects ok 28 /managed/test_encrypt ok 29 /managed/test_decrypt ok 30 /managed/test_digest ok 31 /managed/test_sign ok 32 /managed/test_sign_recover ok 33 /managed/test_verify ok 34 /managed/test_verify_recover ok 35 /managed/test_digest_encrypt ok 36 /managed/test_decrypt_digest ok 37 /managed/test_sign_encrypt ok 38 /managed/test_decrypt_verify ok 39 /managed/test_generate_key ok 40 /managed/test_generate_key_pair ok 41 /managed/test_wrap_key ok 42 /managed/test_unwrap_key ok 43 /managed/test_derive_key ok 44 /managed/test_random PASS: test-managed 1..41 ok 1 /log/test_get_info ok 2 /log/test_get_slot_list ok 3 /log/test_get_slot_info ok 4 /log/test_get_token_info ok 5 /log/test_get_mechanism_list ok 6 /log/test_get_mechanism_info ok 7 /log/test_init_token ok 8 /log/test_wait_for_slot_event ok 9 /log/test_open_close_session ok 10 /log/test_close_all_sessions ok 11 /log/test_get_function_status ok 12 /log/test_cancel_function ok 13 /log/test_get_session_info ok 14 /log/test_init_pin ok 15 /log/test_set_pin ok 16 /log/test_operation_state ok 17 /log/test_login_logout ok 18 /log/test_get_attribute_value ok 19 /log/test_set_attribute_value ok 20 /log/test_create_object ok 21 /log/test_copy_object ok 22 /log/test_destroy_object ok 23 /log/test_get_object_size ok 24 /log/test_find_objects ok 25 /log/test_encrypt ok 26 /log/test_decrypt ok 27 /log/test_digest ok 28 /log/test_sign ok 29 /log/test_sign_recover ok 30 /log/test_verify ok 31 /log/test_verify_recover ok 32 /log/test_digest_encrypt ok 33 /log/test_decrypt_digest ok 34 /log/test_sign_encrypt ok 35 /log/test_decrypt_verify ok 36 /log/test_generate_key ok 37 /log/test_generate_key_pair ok 38 /log/test_wrap_key ok 39 /log/test_unwrap_key ok 40 /log/test_derive_key ok 41 /log/test_random PASS: test-log ============================================================================ 5 of 13 tests failed Please report to https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue ============================================================================ make[3]: *** [check-TESTS] Error 1 make[3]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit/tests' make[2]: *** [check-am] Error 2 make[2]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit/tests' make[1]: *** [check-recursive] Error 1 make[1]: Leaving directory `/home/rudd-o/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3/p11-kit' make: *** [check-recursive] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.l6IPs9 (%check) RPM build errors: user mockbuild does not exist - using root group mockbuild does not exist - using root user mockbuild does not exist - using root group mockbuild does not exist - using root user mockbuild does not exist - using root group mockbuild does not exist - using root Bad exit status from /var/tmp/rpm-tmp.l6IPs9 (%check) ------------------------------ I guess it won't run on any file system other than ext4?
Upstreamed: https://bugs.freedesktop.org/show_bug.cgi?id=68525
> #1 0x00007ffff7bc0d94 in _p11_conf_parse_file > (filename=filename@entry=0x61d290 "/etc/pkcs11/modules/.", > flags=flags@entry=1) at conf.c:136 As I said, on your system the code attempts to interpret the directory "/etc/pkcs11/modules/." as a file. That indicates something went wrong on your system when scanning for files. Can you please do the second half of comment 4? I don't think we have a general problem. I think something is messed up on your particular system, and we need to find out what and why.
~/Projects/Mine/RPM/tmp/BUILD/p11-kit-0.19.3 α: uname -r 3.10.7-200.fc19.x86_64
My system is fine, I traced everything that you requested in upstream ( https://bugs.freedesktop.org/show_bug.cgi?id=68525 ) . The problem is simply that readdir() is not returning valid d_type values for directory entries like ".", and this is both true for tmpfs and for ZFS at least. That code is an optimization to avoid stat() which should be removed until the cause for the regression in readdir() is tracked down.
Look, here is the problem: Currently, only some file systems (among them: Btrfs, ext2, ext3, and ext4) have full support for returning the file type in d_type. All applications must properly handle a return of DT_UNKNOWN. Straight from the readdir() man page. In the process of optimizing the program to avoid some stat calls, the authors made it broken in every system that is not running these file systems. PLEASE, can you disable the HAVE_STRUCT_DIRENT_D_TYPE define during the build?
(For the record, the returned value from d_type is 15 as opposed to what ext* returns, which is 4. This readdir optimization of providing d_type is only valid for a few file systems, the majority including tmpfs do not support it.)
Patch about to be attached. With the proper Patch: and %patch after %prep, this fixes the issue.
Created attachment 790054 [details] Fix for readdir brokenness This makes the program pass all tests in file systems not ext4
Created attachment 790055 [details] New specfile There ya go.
After installing the updated rebuilt program, curl finally works: /home/rudd-o
/home/rudd-o (): bash -x /usr/bin/update-ca-trust + DEST=/etc/pki/ca-trust/extracted + /usr/bin/p11-kit extract --format=openssl-bundle --filter=certificates --overwrite /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt p11-kit: the CKA_X_CRITICAL attribute is not valid for the object p11-kit: couldn't load file into objects: /usr/share/pki/ca-trust-source/ca-bundle.supplement.p11-kit + /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose server-auth /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem p11-kit: the CKA_X_CRITICAL attribute is not valid for the object p11-kit: couldn't load file into objects: /usr/share/pki/ca-trust-source/ca-bundle.supplement.p11-kit + /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose email /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem p11-kit: the CKA_X_CRITICAL attribute is not valid for the object p11-kit: couldn't load file into objects: /usr/share/pki/ca-trust-source/ca-bundle.supplement.p11-kit + /usr/bin/p11-kit extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem p11-kit: the CKA_X_CRITICAL attribute is not valid for the object p11-kit: couldn't load file into objects: /usr/share/pki/ca-trust-source/ca-bundle.supplement.p11-kit + /usr/bin/p11-kit extract --format=java-cacerts --filter=ca-anchors --overwrite --purpose server-auth /etc/pki/ca-trust/extracted/java/cacerts p11-kit: the CKA_X_CRITICAL attribute is not valid for the object p11-kit: couldn't load file into objects: /usr/share/pki/ca-trust-source/ca-bundle.supplement.p11-kit 0 <- bash -x /usr/bin/update-ca-trust /home/rudd-o (): ls -la /etc/pki/ca-trust/extracted/java/cacerts -r--r--r-- 1 root root 162,541 Aug 25 04:29 /etc/pki/ca-trust/extracted/java/cacerts 0 <- ls -la /etc/pki/ca-trust/extracted/java/cacerts /home/rudd-o (): curl https://google.com <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="https://www.google.com/">here</A>. </BODY></HTML> I also see that your bugzilla still truncates anything after a nonascii character. When are you guys going to fix that?
(In reply to Rudd-O DragonFear from comment #1) > Removing the module files makes no change. > > There is nothing in /etc/pkcs11/modules. /usr/share/p11-kit/modules is probably where you want to look. > How can this very untested and immature software ship in such a way that it > breaks everything across the distro? Please ask your distro if they meant to ship the unstable p11-kit version instead of the stable branch. The release announcements for the 0.19.x contain appropriate warnings that 0.19.x is unstable and for testing. But thanks for testing :)
(In reply to Stef Walter from comment #21) > Please ask your distro if they meant to ship the unstable p11-kit version > instead of the stable branch. The release announcements for the 0.19.x > contain appropriate warnings that 0.19.x is unstable and for testing. > > But thanks for testing :) Oops, above comment was meant for this bug: https://bugs.freedesktop.org/show_bug.cgi?id=68525 Sorry.
(In reply to Rudd-O DragonFear from comment #14) > Look, here is the problem: > > Currently, only some file systems (among them: Btrfs, ext2, ext3, and > ext4) have full support for returning the file type in d_type. All > applications must properly handle a return of DT_UNKNOWN. > > > Straight from the readdir() man page. > > In the process of optimizing the program to avoid some stat calls, the > authors made it broken in every system that is not running these file > systems. Not true. We handle DT_UNKNOWN correctly here, falling back to stat() if it is set. Why is ZFS returning garbage in the d_type field instead of DT_UNKNOWN? Could you provide instructions for how you use ZFS on Linux so I can reproduce here?
Verified that tmpfs does not have this problem: # uname -a Linux stef.thewalter.lan 3.10.4-300.fc19.x86_64 #1 SMP Tue Jul 30 11:29:05 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux # mount -t tmpfs tmpfs /etc/pkcs11 # mount | grep /etc/pkcs11tmpfs on /etc/pkcs11 type tmpfs (rw,relatime,seclabel) # mkdir /etc/pkcs11/modules # cp /usr/share/p11-kit/modules/p11-kit-trust.module /etc/pkcs11/modules/ # /usr/bin/p11-kit --verbose extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /tmp/objsign-ca-bundle.pem (p11-kit:6371) p11_library_init_impl: initializing library (p11-kit:6371) p11_kit_modules_load: in (p11-kit:6371) _p11_conf_parse_file: reading config file: /etc/pkcs11/pkcs11.conf (p11-kit:6371) _p11_conf_parse_file: config file does not exist (p11-kit:6371) _p11_conf_parse_file: reading config file: /root/.config/pkcs11/pkcs11.conf (p11-kit:6371) _p11_conf_parse_file: config file does not exist (p11-kit:6371) load_configs_from_directory: loading module configs in: /root/.config/pkcs11/modules (p11-kit:6371) load_configs_from_directory: module configs do not exist (p11-kit:6371) load_configs_from_directory: loading module configs in: /etc/pkcs11/modules (p11-kit:6371) _p11_conf_parse_file: reading config file: /etc/pkcs11/modules/p11-kit-trust.module (p11-kit:6371) _p11_conf_parse_file: config value: module: p11-kit-trust.so ...
Verified that btrfs does not have this problem: # dd if=/dev/zero of=/data/dsk1 bs=1M count=500 500+0 records in 500+0 records out 524288000 bytes (524 MB) copied, 2,83437 s, 185 MB/s # losetup /dev/loop1 /data/dsk1 # mkfs.btrfs /dev/loop1 WARNING! - Btrfs v0.20-rc1 IS EXPERIMENTAL WARNING! - see http://btrfs.wiki.kernel.org before using SMALL VOLUME: forcing mixed metadata/data groups Created a data/metadata chunk of size 8388608 fs created label (null) on /dev/loop1 nodesize 4096 leafsize 4096 sectorsize 4096 size 500.00MB Btrfs v0.20-rc1 # mount -t btrfs /dev/loop1 /etc/pkcs11 # mount | grep /etc/pkcs11 /dev/loop1 on /etc/pkcs11 type btrfs (rw,relatime,seclabel,space_cache) # mkdir /etc/pkcs11/modules # cp /usr/share/p11-kit/modules/p11-kit-trust.module /etc/pkcs11/modules/ # /usr/bin/p11-kit --verbose extract --format=pem-bundle --filter=ca-anchors --overwrite --purpose code-signing /tmp/objsign-ca-bundle.pem (p11-kit:6880) p11_library_init_impl: initializing library (p11-kit:6880) p11_kit_modules_load: in (p11-kit:6880) _p11_conf_parse_file: reading config file: /etc/pkcs11/pkcs11.conf (p11-kit:6880) _p11_conf_parse_file: config file does not exist (p11-kit:6880) _p11_conf_parse_file: reading config file: /root/.config/pkcs11/pkcs11.conf (p11-kit:6880) _p11_conf_parse_file: config file does not exist (p11-kit:6880) load_configs_from_directory: loading module configs in: /root/.config/pkcs11/modules (p11-kit:6880) load_configs_from_directory: module configs do not exist (p11-kit:6880) load_configs_from_directory: loading module configs in: /etc/pkcs11/modules (p11-kit:6880) _p11_conf_parse_file: reading config file: /etc/pkcs11/modules/p11-kit-trust.module (p11-kit:6880) _p11_conf_parse_file: config value: module: p11-kit-trust.so ...
Looking at your instructions for using ZFS on Fedora: http://rudd-o.com/linux-and-free-software/installing-fedora-on-top-of-zfs It appears you are using a patched linux kernel, along with a patched boot loader. I was unable to follow those instructions on Fedora 19, due to the (awkward) new disk partitioner. However the fact remains that this is not a problem in Fedora, and likely something broken by the ZFS kernel patches. You are welcome to continue to discuss this at the p11-kit upstream bug report, to see if we can find where the bug lies, and how to make your heavily customized system work. If you are in fact using a *stock* Fedora kernel, and can reproduce this on a system on which you have installed only Fedora provided RPMs ... then please reopen.
I am in fact using a stock Fedora kernel, with zero patches, just a few extra kernel modules.
Fair enough, but ZFS in the kernel is hardly stock Fedora, and therefore this doesn't seem like a Fedora bug to me.