> Well, the preferred thing would be to just generate new sha256 certs to > bundle with the test suite, so that the tests pass. I didn't see a > script to auto-generate all the needed certs, but there is a file > ./test/basicserver/testfiles/key-creation.txt that has instructions for > at least some of them.
I agree and that is what I meant for potentially patching the tests. I edited the rules file to ignore test errors and added your OpenSSL 3.0 patch to be used in the next debian version (0.13~~git20220405.g7703ac8-2) which will include newer upstream than what is currently in Ubuntu. I just pushed to the salsa repo at https://salsa.debian.org/debian/boxbackup. Bastian, would you be able to sponsor the upload to unstable? Ileana On Wed, Aug 17, 2022 at 6:21 PM Ian Goldberg <i...@uwaterloo.ca> wrote: > On Wed, Aug 17, 2022 at 05:54:53PM +0300, Ileana Dumitrescu wrote: > > > I made the attached patch, which causes the package to build and run on > > both openssl 3.x and pre-3.x systems. > > > > Thank you for the patch! I will add it to the next debian upload. > > > > > Note, however, that on openssl 3.x systems, a number of the tests run > at > > > build time still fail with: > > > > > FAILED: Exception caught: TLSServerWeakCertificate: Failed to load > certificates from testfiles/clientCerts.pem: hash too weak for current > security level > > > > > but that is for a different reason: the pre-built certificates bundled > > > with the source package for running the tests use the > > > now-deemed-insecure SHA1 hash. > > > > > Nonetheless, the package builds, and works fine at runtime, assuming > > > you've upgraded your certs to sha256 as recommended here: > > > > I am also still seeing this error during the tests, which fails the build > > overall. If the package still works fine at runtime, I will look into > > patching the failed tests so that this can make it into the stable > > repository. > > Well, the preferred thing would be to just generate new sha256 certs to > bundle with the test suite, so that the tests pass. I didn't see a > script to auto-generate all the needed certs, but there is a file > ./test/basicserver/testfiles/key-creation.txt that has instructions for > at least some of them. > > But the ubuntu version of the package does successfully build the deb > files, even if some of the tests fail. The changelog says: > > boxbackup (0.13~~git20200326.g8e8b63c-1ubuntu1) groovy; urgency=medium > > * Merge from Debian unstable. Remaining changes: > - Ignore test suite results, always fails, not run on most arches > anyway. > > -- Gianfranco Costamagna <locutusofb...@debian.org> Mon, 11 May 2020 > 16:11:17 +0200 > > -- Ileana Dumitrescu GPG Public Key: FA26 CA78 4BE1 8892 7F22 B99F 6570 EA01 146F 7354
