834830 – app-crypt/libsecret[tpm] fails tests "libegg/test-tpm2" and "secret-tool/test-secret-tool-tpm2"

Bug 834830 - app-crypt/libsecret[tpm] fails tests "libegg/test-tpm2" and "secret-tool/test-secret-tool-tpm2"

Summary: app-crypt/libsecret[tpm] fails tests "libegg/test-tpm2" and "secret-tool/test...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Linux Gnome Desktop Team

URL:
Whiteboard:
Keywords:	PullRequest

Depends on:
Blocks:

Reported:	2022-03-09 12:46 UTC by Paolo Pedroni
Modified:	2022-03-27 04:27 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/gentoo/gentoo/pull/24509
Package list:
Runtime testing required:	---

Attachments
libsecret-0.20.5:20220309-123018.log.gz (libsecret-0.20.5:20220309-123018.log.gz,10.35 KB, application/gzip) 2022-03-09 12:46 UTC, Paolo Pedroni	Details
tstlog.txr (testlog.txt,64.68 KB, text/plain) 2022-03-09 12:46 UTC, Paolo Pedroni	Details
testlog.txt (testlog.txt,64.68 KB, text/plain) 2022-03-09 12:47 UTC, Paolo Pedroni	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paolo Pedroni 2022-03-09 12:46:12 UTC

Created attachment 766633 [details]
libsecret-0.20.5:20220309-123018.log.gz

>>> Test phase: app-crypt/libsecret-0.20.5
 * abi_x86_64.amd64: running multilib-minimal_abi_src_test
 * Scanning for an open DISPLAY to start Xvfb ...
 * Starting Xvfb on $DISPLAY=4 ...
meson test -C /var/tmp/portage/app-crypt/libsecret-0.20.5/work/libsecret-0.20.5-abi_x86_64.amd64 --num-processes 15
ninja: Entering directory `/var/tmp/portage/app-crypt/libsecret-0.20.5/work/libsecret-0.20.5-abi_x86_64.amd64'
ninja: no work to do.
 1/26 libsecret:libegg / test-hex                      OK              0.11s
 2/26 libsecret:libegg / test-dh                       OK              0.11s
 3/26 libsecret:libegg / test-hkdf                     OK              0.11s
 4/26 libsecret:libsecret / test-attributes            OK              0.10s
 5/26 libsecret:libsecret / test-value                 OK              0.12s
 6/26 libsecret:libegg / test-tpm2                     FAIL            0.27s   killed by signal 6 SIGABRT
>>> MALLOC_PERTURB_=141 /var/tmp/portage/app-crypt/libsecret-0.20.5/work/libsecret-0.20.5-abi_x86_64.amd64/egg/test-tpm2

 7/26 libsecret:libegg / test-secmem                   OK              0.38s
 8/26 libsecret:javascript / test-js-lookup            OK              0.51s
 9/26 libsecret:libsecret / test-file-collection       OK              0.72s
10/26 libsecret:javascript / test-js-clear             OK              0.71s
11/26 libsecret:javascript / test-js-store             OK              0.66s
12/26 libsecret:vala / test-vala-unstable              OK              0.35s
13/26 libsecret:vala / test-vala-lang                  OK              0.54s
14/26 libsecret:python / test-py-store                 OK              1.15s
15/26 libsecret:secret-tool / test-secret-tool-tpm2.sh FAIL            0.35s   (exit status 139 or signal 11 SIGSEGV)
>>> MALLOC_PERTURB_=109 abs_top_builddir=/var/tmp/portage/app-crypt/libsecret-0.20.5/work/libsecret-0.20.5-abi_x86_64.amd64 /var/tmp/portage/app-crypt/libsecret-0.20.5/work/libsecret-0.20.5/tool/test-secret-tool-tpm2.sh

16/26 libsecret:secret-tool / test-secret-tool.sh      OK              0.69s
17/26 libsecret:python / test-py-clear                 OK              1.59s
18/26 libsecret:python / test-py-lookup                OK              1.65s
19/26 libsecret:libsecret / test-session               OK              1.85s
20/26 libsecret:libsecret / test-prompt                OK              2.78s
21/26 libsecret:libsecret / test-password              OK              3.14s
22/26 libsecret:libsecret / test-paths                 OK              3.95s
23/26 libsecret:libsecret / test-item                  OK              4.12s
24/26 libsecret:libsecret / test-methods               OK              4.66s
25/26 libsecret:libsecret / test-collection            OK              4.70s
26/26 libsecret:libsecret / test-service               OK             14.49s


Ok:                 24 
Expected Fail:      0   
Fail:               2   
Unexpected Pass:    0   
Skipped:            0   
Timeout:            0

Relevant part of testlog.txt says:
 6/26 libsecret:libegg / test-tpm2                     FAIL            0.27s   killed by signal 6 SIGABRT
12:30:34 MALLOC_PERTURB_=141 /var/tmp/portage/app-crypt/libsecret-0.20.5/work/libsecret-0.20.5-abi_x86_64.amd64/egg/test-tpm2
----------------------------------- output -----------------------------------
stdout:
# random seed: R02S0ce158b31ff6c80f9e8a9206cabe5294
1..2
# Start of tpm tests
Bail out! ERROR:../libsecret-0.20.5/egg/test-tpm2.c:34:test_egg_tpm2_generate_master_password: 'context' should not be NULL
stderr:
ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: Permission denied 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: Permission denied 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
WARNING:tcti:src/util/io.c:252:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused 
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:591:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:254:tctildr_get_default() No standard TCTI could be loaded 
ERROR:tcti:src/tss2-tcti/tctildr.c:428:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 
**
ERROR:../libsecret-0.20.5/egg/test-tpm2.c:34:test_egg_tpm2_generate_master_password: 'context' should not be NULL
------------------------------------------------------------------------------
[...]
15/26 libsecret:secret-tool / test-secret-tool-tpm2.sh FAIL            0.35s   (exit status 139 or signal 11 SIGSEGV)
12:30:35 MALLOC_PERTURB_=109 abs_top_builddir=/var/tmp/portage/app-crypt/libsecret-0.20.5/work/libsecret-0.20.5-abi_x86_64.amd64 /var/tmp/portage/app-crypt/libsecret-0.20.5/work/libsecret-0.20.5/tool/test-secret-tool-tpm2.sh
----------------------------------- output -----------------------------------
stdout:
1..6
stderr:
ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: Permission denied 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
ERROR:tcti:src/tss2-tcti/tcti-device.c:442:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: Permission denied 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0 
WARNING:tcti:src/util/io.c:252:socket_connect() Failed to connect to host 127.0.0.1, port 2321: errno 111: Connection refused 
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:591:Tss2_Tcti_Swtpm_Init() Cannot connect to swtpm TPM socket 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0 
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:254:tctildr_get_default() No standard TCTI could be loaded 
ERROR:tcti:src/tss2-tcti/tctildr.c:428:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI 
Segmentation fault (core dumped)
------------------------------------------------------------------------------

# ll /dev/tpm*
crw-rw---- 1 tss root  10,   224  9 mar 09.55 /dev/tpm0
crw-rw---- 1 tss tss  241, 65536  9 mar 09.55 /dev/tpmrm0

# emerge --info =app-crypt/libsecret-0.20.5
Portage 3.0.30 (python 3.9.9-final-0, default/linux/amd64/17.1/desktop/plasma/systemd, gcc-11.2.1, glibc-2.33-r13, 5.15.26-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-5.15.26-gentoo-x86_64-Intel-R-_Core-TM-_i5-1035G1_CPU_@_1.00GHz-with-glibc2.33
KiB Mem:    15892208 total,   2262144 free
KiB Swap:   16777212 total,  16775932 free
Timestamp of repository gentoo: Wed, 09 Mar 2022 08:15:01 +0000
Head commit of repository gentoo: 55a47e9bcd7dad6f6314feb731fb156573f17d5d
sh dash 0.5.11.5
ld GNU ld (Gentoo 2.37_p1 p2) 2.37
distcc 3.4 x86_64-pc-linux-gnu [enabled]
ccache version 4.5.1 [disabled]
app-misc/pax-utils:        1.3.3::gentoo
app-shells/bash:           5.1_p16::gentoo
dev-java/java-config:      2.3.1::gentoo
dev-lang/perl:             5.34.0-r6::gentoo
dev-lang/python:           2.7.18_p13::gentoo, 3.9.9-r1::gentoo, 3.10.2_p1::gentoo
dev-lang/rust:             1.58.1::gentoo
dev-util/ccache:           4.5.1::gentoo
dev-util/cmake:            3.22.2::gentoo
dev-util/meson:            0.60.3::gentoo
sys-apps/baselayout:       2.7-r3::gentoo
sys-apps/sandbox:          2.25::gentoo
sys-apps/systemd:          249.9::gentoo
sys-devel/autoconf:        2.13-r1::gentoo, 2.71-r1::gentoo
sys-devel/automake:        1.16.4::gentoo
sys-devel/binutils:        2.37_p1-r2::gentoo
sys-devel/binutils-config: 5.4::gentoo
sys-devel/clang:           13.0.1::gentoo
sys-devel/gcc:             11.2.1_p20220115::gentoo
sys-devel/gcc-config:      2.5-r1::gentoo
sys-devel/libtool:         2.4.6-r6::gentoo
sys-devel/lld:             13.0.1::gentoo
sys-devel/llvm:            13.0.1::gentoo
sys-devel/make:            4.3::gentoo
sys-kernel/linux-headers:  5.15-r3::gentoo (virtual/os-headers)
sys-libs/glibc:            2.33-r13::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: rsync
    sync-uri: rsync://rsync.europe.gentoo.org/gentoo-portage
    priority: -1000
    sync-rsync-verify-jobs: 1
    sync-rsync-extra-opts: 
    sync-rsync-verify-max-age: 24
    sync-rsync-verify-metamanifest: yes

x-portage
    location: /usr/local/portage
    masters: gentoo
    priority: 0

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE"
AR="/usr/bin/gcc-ar"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -frecord-gcc-switches -march=icelake-client -mabm -ftree-vectorize -flto=8"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/easy-rsa /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -frecord-gcc-switches -march=icelake-client -mabm -ftree-vectorize -flto=8"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--keep-going y --with-bdeps y"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe -frecord-gcc-switches -march=icelake-client -mabm -ftree-vectorize -flto=8"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live cgroup compress-build-logs config-protect-if-modified distcc distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms sign split-elog split-log strict strict-keepdir test unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe -frecord-gcc-switches -march=icelake-client -mabm -ftree-vectorize -flto=8"
GENTOO_MIRRORS="http://ftp.belnet.be/pub/rsync.gentoo.org/gentoo/ http://ftp.fau.de/gentoo https://ftp.fau.de/gentoo https://ftp.belnet.be/pub/rsync.gentoo.org/gentoo/"
LANG="it_IT.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu -Wl,--sort-common -ftree-vectorize -flto=8"
LINGUAS="it it_IT"
MAKEOPTS="-j15 -l8"
NM="/usr/bin/gcc-nm"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
RANLIB="/usr/bin/gcc-ranlib"
SHELL="/bin/bash"
USE="X a52 aac aalib acl acpi activities adns alsa amd64 ao audiofile bash-completion bluetooth branding brotli bzip2 cairo caps cdda cddb cdparanoia cdr cli crypt css cups curl dbus declarative dga djvu dri dts dvd dvdr encode exif expat fbcon ffmpeg fftw flac fontconfig foomaticdb fortran ftp gd gdbm geoip gif gimp gmp gnutls gphoto2 gpm graphviz gtk gui guile handbook iconv icu idn imagemagick imlib introspection ipv6 java javascript jbig jemalloc jpeg jpeg2k kde kwallet lame lcms libass libglvnd libnotify libsamplerate libtirpc lm-sensors lua lzma lzo mad magic mmap mng mp3 mp4 mpeg mplayer multilib musicbrainz ncurses nls nptl offensive ogg openal opengl openmp pam pango pcre pdf plasma png policykit postscript ppds pulseaudio qml qt5 rdesktop readline recode samba sctp sdl seccomp sndfile sockets speex spell split-usr sqlite ssl startup-notification svg symlink syslog systemd sysvipc taglib telemetry test theora threads tidy tiff truetype udev udisks unicode upower usb v4l vaapi vala verify-sig vim-syntax vnc vorbis wavpack wayland webp widgets win32codecs wmf wxwidgets x264 xattr xcb xine xinerama xml xpm xscreensaver xv xvid yahoo zip zlib zstd" ABI_X86="64" ADA_TARGET="gnat_2020" ALSA_CARDS="hda-intel virmidi" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 avx512f avx512dq avx512cd avx512bw avx512vl avx512vbmi f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 ssse3" CURL_SSL="gnutls" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput" KERNEL="linux" L10N="it en" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-4 php8-0" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_9" PYTHON_TARGETS="python3_9" RUBY_TARGETS="ruby27" USERLAND="GNU" VIDEO_CARDS="intel i965 iris" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LEX, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS

# emerge -1pqv =app-crypt/libsecret-0.20.5
[ebuild     U ] app-crypt/libsecret-0.20.5 [0.20.4-r1] USE="crypt introspection test tpm%* vala -gtk-doc" ABI_X86="(64) -32 (-x32)"

Comment 1 Paolo Pedroni 2022-03-09 12:46:58 UTC

Created attachment 766634 [details]
tstlog.txr

Comment 2 Paolo Pedroni 2022-03-09 12:47:46 UTC

Created attachment 766635 [details]
testlog.txt

Comment 3 Christopher Byrne 2022-03-12 05:33:38 UTC

The libsecret tpm2 tests not only require tpm2-abrmd, but expect the system has a TPM2 or the emulator (swtpm) is started beforehand. It does not setup the emulator environment itself. Test shouldn't be run against a "live" TPM2 because it may not exist, the storage hierarchy has a password on it.

It's possible to create such an environment in the ebuild, with something like this:

tpm2_run_with_emulator() {
        eval `dbus-launch --sh-syntax`
        export XDG_CONFIG_HOME=${WORKDIR}/.config/swtpm
        /usr/share/swtpm/swtpm-create-user-config-files
        mkdir -p ${XDG_CONFIG_HOME}/mytpm1
        swtpm_setup --tpm2 --tpmstate ${XDG_CONFIG_HOME}/mytpm1 --createek --allow-signing --decryption --create-ek-cert --create-platform-cert --lock-nvram --overwrite --display
        swtpm socket --tpm2 --tpmstate dir=${XDG_CONFIG_HOME}/mytpm1 --flags startup-clear --ctrl type=unixio,path=${XDG_CONFIG_HOME}/mytpm1/swtpm.socket.ctrl  --server type=unixio,path=${XDG_CONFIG_HOME}/mytpm1/swtpm.socket --pid file=${XDG_CONFIG_HOME}/mytpm1/swtpm.pid --daemon
        tpm2-abrmd --logger=stdout --tcti=swtpm:path=${XDG_CONFIG_HOME}/mytpm1/swtpm.socket --session --flush-all &
	export TCTI=tabrmd:bus_type=session

	$1 $@

        kill $(< ${XDG_CONFIG_HOME}/mytpm1/swtpm.pid)
}

multilib_src_test() {
	tpm2_run_with_emulator virtx meson_src_test
}

Its ugly though, but this is not the first program I've seen that that assumes the emulation environment hasn't already been setup prior. 

By the way, the swtpm TCTI only gained ability to connect via UNIX domain sockets as of tpm-tss-3.2.0. Prior to that, it had to connect to a TCP port. It could be done that way for better compatibility, the problem with that is the default port numbers may clash with a existing instance of swtpm. A different port could be picked, making that less likely, but it might clash with something else.

Comment 4 Matt Turner gentoo-dev

2022-03-12 06:59:10 UTC

Thank you. Would you like to submit a pull request on GitHub or attach a git-formatted patch here?

Comment 5 Larry the Git Cow gentoo-dev

2022-03-16 02:08:33 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d365c45e634a03d664b17037fdc7843beadf8193

commit d365c45e634a03d664b17037fdc7843beadf8193
Author:     Christopher Byrne <salah.coronya@gmail.com>
AuthorDate: 2022-03-14 03:19:35 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2022-03-16 02:07:26 +0000

    app-crypt/libsecret: Create an emulated TPM2 for tests
    
    Libsecret runs tests against the TPM2 already in the machine and require
    tpm2-abrmd. Hence the tests will fail if the user does not have tpm2-abrmd
    installed or does not have a TPM2 in the machine. It shouldn't do this
    - it should provision a virtual TPM2 spawn an emulator (swtpm) and the use
    the swtpm TCTI with tpm2-abrmd.
    
    However its not too difficult to setup the TPM2 simulator for the test,
    which is what this patch does.
    
    Bug: https://bugs.gentoo.org/834830
    Closes: https://github.com/gentoo/gentoo/pull/24509
    Signed-off-by: Christopher Byrne <salah.coronya@gmail.com>
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 app-crypt/libsecret/libsecret-0.20.5-r1.ebuild | 155 +++++++++++++++++++++++++
 1 file changed, 155 insertions(+)