summaryrefslogtreecommitdiff
path: root/user/xmlsec/fix-tests.patch
diff options
context:
space:
mode:
authorA. Wilcox <awilcox@wilcox-tech.com>2019-06-15 04:37:09 +0000
committerA. Wilcox <awilcox@wilcox-tech.com>2019-06-15 04:37:09 +0000
commitdeab6eb23676f370581a6e2c40dfec388f9dfc67 (patch)
tree8ed58e9f8615d36afda63ea273d32c91c97f05b9 /user/xmlsec/fix-tests.patch
parent1646ba51463829350eaf8d6b78f1fa9e5f83e967 (diff)
parent0142d183c2d44dc2562beb0481f0fe71698e882e (diff)
downloadpackages-deab6eb23676f370581a6e2c40dfec388f9dfc67.tar.gz
packages-deab6eb23676f370581a6e2c40dfec388f9dfc67.tar.bz2
packages-deab6eb23676f370581a6e2c40dfec388f9dfc67.tar.xz
packages-deab6eb23676f370581a6e2c40dfec388f9dfc67.zip
Merge branch 'xmlsec-gnutls' into 'master'
user/xmlsec: fix tests, add -gcrypt and -gnutls, and more * URL changed to official website. * Source changed to official download URL instead of GitHub archive. * Tests were being skipped spuriously due to the test suite being broken. The relevant commits to fix this have been backported and applied. * Add the -gnutls (for experimental/aqbanking) and -gcrypt (required in order to build -gnutls) subpackages. * The *.la files have been removed from the main package (remove options=libtool). It is assumed these are no longer needed, since the only official reverse dependency at this time is libreoffice, which uses pkg-config and not libtool. * usr/lib/libxmlsec1-nss.so was moved to -dev by running the -dev split function before the plugin split functions. * usr/lib/xmlsec1Conf.sh was moved to -dev. See merge request !244
Diffstat (limited to 'user/xmlsec/fix-tests.patch')
-rw-r--r--user/xmlsec/fix-tests.patch176
1 files changed, 176 insertions, 0 deletions
diff --git a/user/xmlsec/fix-tests.patch b/user/xmlsec/fix-tests.patch
new file mode 100644
index 000000000..73acdf800
--- /dev/null
+++ b/user/xmlsec/fix-tests.patch
@@ -0,0 +1,176 @@
+Backport of the following commits:
+
+b841f2c0b1e9cf24d991cc8b5d21e5a3b7c6ad80
+f25e8f07428b9475fa576bf78d77fb4fa366bc70
+106e7dbf39d96c46aedecf229d55a09e7593f1ec
+
+diff --git a/tests/testDSig.sh b/tests/testDSig.sh
+index 77372311..f2014464 100755
+--- a/tests/testDSig.sh
++++ b/tests/testDSig.sh
+@@ -805,98 +805,98 @@ execDSigTest $res_success \
+ "signature-rsa-detached-b64-transform" \
+ "base64 sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-xpath-transform" \
+ "xpath sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-xslt-transform-retrieval-method" \
+ "xslt sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-xslt-transform" \
+ "xslt sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-enveloped" \
+ "enveloped-signature sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-enveloping" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-cert-chain" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-cert" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-issuer-serial" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-ski" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-subject-name" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161"
+
+ execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-xpath-transform-enveloped" \
+ "enveloped-signature xpath sha1 rsa-sha1" \
+ "rsa x509" \
+- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+
+ ##########################################################################
+@@ -940,7 +940,7 @@ execDSigTest $res_fail \
+ "merlin-xmldsig-twenty-three/signature-x509-crt-crl" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+- "--X509-skip-strict-checks --trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format $url_map_xml_stylesheet_2018"
++ "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format $url_map_xml_stylesheet_2018"
+
+ execDSigTest $res_fail \
+ "" \
+diff --git a/tests/testrun.sh b/tests/testrun.sh
+index ea65802b..fe0334c7 100755
+--- a/tests/testrun.sh
++++ b/tests/testrun.sh
+@@ -59,7 +59,7 @@ if [ "z$XMLSEC_DEFAULT_CRYPTO" != "z" ] ; then
+ elif [ "z$crypto" != "z" ] ; then
+ xmlsec_params="$xmlsec_params --crypto $crypto"
+ fi
+-xmlsec_params="$xmlsec_params --X509-skip-strict-checks --crypto-config $crypto_config"
++xmlsec_params="$xmlsec_params --crypto-config $crypto_config"
+
+ #
+ # Setup keys config
+@@ -308,8 +308,8 @@ execDSigTest() {
+ # run tests
+ if [ -n "$params1" ] ; then
+ printf " Verify existing signature "
+- echo "$VALGRIND $xmlsec_app verify $xmlsec_params $params1 $full_file.xml" >> $curlogfile
+- $VALGRIND $xmlsec_app verify $xmlsec_params $params1 $full_file.xml >> $curlogfile 2>> $curlogfile
++ echo "$VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params1 $full_file.xml" >> $curlogfile
++ $VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params1 $full_file.xml >> $curlogfile 2>> $curlogfile
+ printRes $expected_res $?
+ if [ $? != 0 ]; then
+ failures=`expr $failures + 1`
+@@ -328,8 +328,8 @@ execDSigTest() {
+
+ if [ -n "$params3" -a -z "$PERF_TEST" ] ; then
+ printf " Verify new signature "
+- echo "$VALGRIND $xmlsec_app verify $xmlsec_params $params3 $tmpfile" >> $curlogfile
+- $VALGRIND $xmlsec_app verify $xmlsec_params $params3 $tmpfile >> $curlogfile 2>> $curlogfile
++ echo "$VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params3 $tmpfile" >> $curlogfile
++ $VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params3 $tmpfile >> $curlogfile 2>> $curlogfile
+ printRes $res_success $?
+ if [ $? != 0 ]; then
+ failures=`expr $failures + 1`
+@@ -406,7 +406,7 @@ execEncTest() {
+ if [ -n "$params1" ] ; then
+ rm -f $tmpfile
+ printf " Decrypt existing document "
+- echo "$VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 $full_file.xml" >> $curlogfile
++ echo "$VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 $full_file.xml" >> $curlogfile
+ $VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 --output $tmpfile $full_file.xml >> $curlogfile 2>> $curlogfile
+ res=$?
+ echo "=== TEST RESULT: $res; expected: $expected_res" >> $curlogfile