From 0142d183c2d44dc2562beb0481f0fe71698e882e Mon Sep 17 00:00:00 2001 From: Max Rees Date: Fri, 14 Jun 2019 23:10:53 -0400 Subject: user/xmlsec: fix tests, add -gcrypt and -gnutls, and more * URL changed to official website. * Source changed to official download URL instead of GitHub archive. * Tests were being skipped spuriously due to the test suite being broken. The relevant commits to fix this have been backported and applied. * Add the -gnutls (for experimental/aqbanking) and -gcrypt (required in order to build -gnutls) subpackages. * The *.la files have been removed from the main package (remove options=libtool). It is assumed these are no longer needed, since the only official reverse dependency at this time is libreoffice, which uses pkg-config and not libtool. * usr/lib/libxmlsec1-nss.so was moved to -dev by running the -dev split function before the plugin split functions. * usr/lib/xmlsec1Conf.sh was moved to -dev. --- user/xmlsec/APKBUILD | 53 ++++++++----- user/xmlsec/fix-tests.patch | 176 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 211 insertions(+), 18 deletions(-) create mode 100644 user/xmlsec/fix-tests.patch (limited to 'user') diff --git a/user/xmlsec/APKBUILD b/user/xmlsec/APKBUILD index 171427b55..4b7f83509 100644 --- a/user/xmlsec/APKBUILD +++ b/user/xmlsec/APKBUILD @@ -1,25 +1,21 @@ # Maintainer: Max Rees pkgname=xmlsec pkgver=1.2.28 -_pkgver=1_2_28 -pkgrel=0 +_pkgname="$pkgname${pkgver%%.*}" +pkgrel=1 pkgdesc="C-based XML signature and encryption syntax and processing library" -url="https://github.com/lsh123/$pkgname/" +url="https://www.aleksey.com/xmlsec/" arch="all" -options="libtool" license="MIT" depends="" checkdepends="nss-tools" -makedepends="$depends_dev libxml2-dev libxslt-dev nss-dev openssl-dev - autoconf automake libtool" -subpackages="$pkgname-nss $pkgname-dev $pkgname-doc" -source="$url/archive/$pkgname-$_pkgver.tar.gz" -builddir="$srcdir/$pkgname-$pkgname-$_pkgver" - -prepare() { - default_prepare - ./autogen.sh -} +makedepends="libxml2-dev libxslt-dev openssl-dev + gnutls-dev libgcrypt-dev nss-dev" +subpackages="$pkgname-dev $pkgname-doc + $pkgname-gcrypt $pkgname-gnutls $pkgname-nss" +source="http://www.aleksey.com/xmlsec/download/$_pkgname-$pkgver.tar.gz + fix-tests.patch" +builddir="$srcdir/$_pkgname-$pkgver" build() { ./configure \ @@ -28,9 +24,9 @@ build() { --prefix=/usr \ --disable-static \ --enable-pkgconfig \ - --with-openssl=/usr \ - --without-gnutls \ - --without-gcrypt \ + --with-openssl \ + --with-gnutls \ + --with-gcrypt \ --with-default-crypto='openssl' make } @@ -46,6 +42,26 @@ package() { install -m644 'COPYING' "$pkgdir/usr/share/licenses/$pkgname/" } +dev() { + default_dev + mkdir -p "$subpkgdir"/usr/lib + mv "$pkgdir"/usr/lib/xmlsec1Conf.sh "$subpkgdir"/usr/lib +} + +gcrypt() { + pkgdesc="xmlsec gcrypt plugin" + install_if="$pkgname=$pkgver-r$pkgrel gcrypt" + mkdir -p "$subpkgdir"/usr/lib/ + mv "$pkgdir"/usr/lib/libxmlsec1-gcrypt.so* "$subpkgdir"/usr/lib/ +} + +gnutls() { + pkgdesc="xmlsec gnutls plugin" + install_if="$pkgname=$pkgver-r$pkgrel gnutls" + mkdir -p "$subpkgdir"/usr/lib/ + mv "$pkgdir"/usr/lib/libxmlsec1-gnutls.so* "$subpkgdir"/usr/lib/ +} + nss() { pkgdesc="xmlsec NSS plugin" install_if="$pkgname=$pkgver-r$pkgrel nss" @@ -53,4 +69,5 @@ nss() { mv "$pkgdir"/usr/lib/libxmlsec1-nss.so* "$subpkgdir"/usr/lib/ } -sha512sums="fb0c775f6455ce5a5579a69bb91d60fe90c023e538c32bdf2a70aa413a53b22ef938349a3ce6b42bb23f8f70b4e00f1b9917f877487bb1507c927ec70c3d95f5 xmlsec-1_2_28.tar.gz" +sha512sums="17fa59e4ffee5e024caa4895e8ed21d1435f14e3a37d0ed781b1dd216333ae3b6099c460efd45d4a8097d0202522150b7b0ad543b47c1596d8473b6922270480 xmlsec1-1.2.28.tar.gz +2f146b31460ae1843a696c77cef03b36a0bf212028189055834e2e50d7a3142f6a069ce18a5c6b2251b5846fad7e96a6d9e26a6445fd182ac4c44c70afc4f8a3 fix-tests.patch" diff --git a/user/xmlsec/fix-tests.patch b/user/xmlsec/fix-tests.patch new file mode 100644 index 000000000..73acdf800 --- /dev/null +++ b/user/xmlsec/fix-tests.patch @@ -0,0 +1,176 @@ +Backport of the following commits: + +b841f2c0b1e9cf24d991cc8b5d21e5a3b7c6ad80 +f25e8f07428b9475fa576bf78d77fb4fa366bc70 +106e7dbf39d96c46aedecf229d55a09e7593f1ec + +diff --git a/tests/testDSig.sh b/tests/testDSig.sh +index 77372311..f2014464 100755 +--- a/tests/testDSig.sh ++++ b/tests/testDSig.sh +@@ -805,98 +805,98 @@ execDSigTest $res_success \ + "signature-rsa-detached-b64-transform" \ + "base64 sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-detached" \ + "sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-detached-xpath-transform" \ + "xpath sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-detached-xslt-transform-retrieval-method" \ + "xslt sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-detached-xslt-transform" \ + "xslt sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-enveloped" \ + "enveloped-signature sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-enveloping" \ + "sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest-x509-data-cert-chain" \ + "sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest-x509-data-cert" \ + "sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest-x509-data-issuer-serial" \ + "sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest-x509-data-ski" \ + "sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest-x509-data-subject-name" \ + "sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-manifest" \ + "sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00 $url_map_rfc3161" + + execDSigTest $res_success \ + "phaos-xmldsig-three" \ + "signature-rsa-xpath-transform-enveloped" \ + "enveloped-signature xpath sha1 rsa-sha1" \ + "rsa x509" \ +- "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00" ++ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00" + + + ########################################################################## +@@ -940,7 +940,7 @@ execDSigTest $res_fail \ + "merlin-xmldsig-twenty-three/signature-x509-crt-crl" \ + "sha1 rsa-sha1" \ + "rsa x509" \ +- "--X509-skip-strict-checks --trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format $url_map_xml_stylesheet_2018" ++ "--trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format $url_map_xml_stylesheet_2018" + + execDSigTest $res_fail \ + "" \ +diff --git a/tests/testrun.sh b/tests/testrun.sh +index ea65802b..fe0334c7 100755 +--- a/tests/testrun.sh ++++ b/tests/testrun.sh +@@ -59,7 +59,7 @@ if [ "z$XMLSEC_DEFAULT_CRYPTO" != "z" ] ; then + elif [ "z$crypto" != "z" ] ; then + xmlsec_params="$xmlsec_params --crypto $crypto" + fi +-xmlsec_params="$xmlsec_params --X509-skip-strict-checks --crypto-config $crypto_config" ++xmlsec_params="$xmlsec_params --crypto-config $crypto_config" + + # + # Setup keys config +@@ -308,8 +308,8 @@ execDSigTest() { + # run tests + if [ -n "$params1" ] ; then + printf " Verify existing signature " +- echo "$VALGRIND $xmlsec_app verify $xmlsec_params $params1 $full_file.xml" >> $curlogfile +- $VALGRIND $xmlsec_app verify $xmlsec_params $params1 $full_file.xml >> $curlogfile 2>> $curlogfile ++ echo "$VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params1 $full_file.xml" >> $curlogfile ++ $VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params1 $full_file.xml >> $curlogfile 2>> $curlogfile + printRes $expected_res $? + if [ $? != 0 ]; then + failures=`expr $failures + 1` +@@ -328,8 +328,8 @@ execDSigTest() { + + if [ -n "$params3" -a -z "$PERF_TEST" ] ; then + printf " Verify new signature " +- echo "$VALGRIND $xmlsec_app verify $xmlsec_params $params3 $tmpfile" >> $curlogfile +- $VALGRIND $xmlsec_app verify $xmlsec_params $params3 $tmpfile >> $curlogfile 2>> $curlogfile ++ echo "$VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params3 $tmpfile" >> $curlogfile ++ $VALGRIND $xmlsec_app verify --X509-skip-strict-checks $xmlsec_params $params3 $tmpfile >> $curlogfile 2>> $curlogfile + printRes $res_success $? + if [ $? != 0 ]; then + failures=`expr $failures + 1` +@@ -406,7 +406,7 @@ execEncTest() { + if [ -n "$params1" ] ; then + rm -f $tmpfile + printf " Decrypt existing document " +- echo "$VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 $full_file.xml" >> $curlogfile ++ echo "$VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 $full_file.xml" >> $curlogfile + $VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 --output $tmpfile $full_file.xml >> $curlogfile 2>> $curlogfile + res=$? + echo "=== TEST RESULT: $res; expected: $expected_res" >> $curlogfile -- cgit v1.2.3-70-g09d2