gnutls 3.6.7 was stabilized on amd64 last week. Installing it forced a rebuild of mail-filter/opendkim. After the rebuild opendkim started and ran normally but could not longer verify any signature - every message failed. Removing the gnutls USE flag and rebuilding opendkim fixed the problem. I recommend setting -gnutls for mail-filter/opendkim, since this is unlikely to get fixed any time soon.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f7972686b2df35e61187a82e47566d402178c6c commit 8f7972686b2df35e61187a82e47566d402178c6c Author: Ralph Seichter <github@seichter.de> AuthorDate: 2019-04-16 20:17:14 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2019-04-16 22:53:46 +0000 mail-filter/opendkim: Removed 'gnutls' support, added enewgroup Removed support for the 'gnutls' use flag. Added missing enewgroup statement. These modifications address the two bugs listed below. Closes: https://bugs.gentoo.org/682906 Closes: https://bugs.gentoo.org/683338 Signed-off-by: Ralph Seichter <gentoo@seichter.de> Package-Manager: Portage-2.3.62, Repoman-2.3.11 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> mail-filter/opendkim/opendkim-2.10.3-r10.ebuild | 227 ++++++++++++++++++++++++ 1 file changed, 227 insertions(+)
We've "fixed" this by dropping the gnutls support for now. If someone comes up with a patch that works with the new version, don't hesitate to point it out to us.
> Removing the gnutls USE flag and rebuilding opendkim fixed the problem. What algorithm you use? is it a weak? For example using SHA-1?
Created attachment 573142 [details, diff] opendkim-2.10.3-gnutls-3.6.patch Please try this patch on top of the existing patchset
Ralf, Mjo, check Alon's patch. Seems simple enough and likely to solve the issue.
The test suite crashes using gnutls-3.6, with or without the additional patch: PASS: t-setup PASS: t-test00 PASS: t-test02 PASS: t-test01 PASS: t-test03 ../../build-aux/test-driver: line 107: 8074 Aborted "$@" > $log_file 2>&1 FAIL: t-test04 ../../build-aux/test-driver: line 107: 8081 Aborted "$@" > $log_file 2>&1 FAIL: t-test05 ... I'm not sure if that's a regression or not (with respect to gnutls-3.4), but I don't think we should add back the USE flag with 55 failing tests.
If I read the upstream issues correctly, even the latest Beta versions of OpenDKIM need to be patched to make gnutls work, let alone the four-year-old release we are packaging. Given that there has not been any reaction by Murray regarding our previous work, I don't think it is worth investing time in this particular issue.
*** Bug 682290 has been marked as a duplicate of this bug. ***
This is really an upstream problem. Ideally a patch for this would be sent upstream, and then we'd be happy to include it. It can't segfault the test suite though =)
