Your message dated Fri, 21 Mar 2025 23:23:48 +0000
with message-id <e1tvlio-002wav...@fasolo.debian.org>
and subject line Bug#1098553: fixed in golang-github-digitorus-pkcs7
0.0~git20230818.3a137a8-3
has caused the Debian Bug report #1098553,
regarding golang-github-digitorus-pkcs7: FTBFS: verify_test.go:576: Verify
failed with error: pkcs7: failed to verify certificate chain
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1098553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098553
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:golang-github-digitorus-pkcs7
Version: 0.0~git20230818.3a137a8-2
Severity: serious
Tags: ftbfs trixie sid
Dear maintainer:
During a rebuild of all packages in unstable, your package failed to build:
--------------------------------------------------------------------------------
[...]
debian/rules clean
dh clean --builddirectory=_build --buildsystem=golang
dh_auto_clean -O--builddirectory=_build -O--buildsystem=golang
dh_autoreconf_clean -O--builddirectory=_build -O--buildsystem=golang
dh_clean -O--builddirectory=_build -O--buildsystem=golang
debian/rules binary
dh binary --builddirectory=_build --buildsystem=golang
dh_update_autotools_config -O--builddirectory=_build -O--buildsystem=golang
dh_autoreconf -O--builddirectory=_build -O--buildsystem=golang
dh_auto_configure -O--builddirectory=_build -O--buildsystem=golang
dh_auto_build -O--builddirectory=_build -O--buildsystem=golang
cd _build && go install -trimpath -v -p 2 github.com/digitorus/pkcs7
internal/unsafeheader
internal/goarch
internal/cpu
internal/abi
internal/bytealg
internal/byteorder
internal/coverage/rtcov
internal/chacha8rand
internal/godebugs
internal/goexperiment
internal/goos
internal/profilerecord
internal/runtime/atomic
internal/asan
internal/msan
internal/race
internal/runtime/exithook
internal/runtime/math
internal/runtime/sys
internal/runtime/syscall
internal/runtime/maps
internal/stringslite
sync/atomic
internal/sync
math/bits
unicode
runtime
unicode/utf8
math
crypto/internal/fips140/alias
crypto/internal/fips140deps/byteorder
crypto/internal/fips140deps/cpu
crypto/internal/fips140/subtle
internal/itoa
cmp
crypto/internal/boring/sig
unicode/utf16
vendor/golang.org/x/crypto/cryptobyte/asn1
internal/nettrace
encoding
internal/reflectlite
sync
errors
iter
internal/bisect
io
strconv
bytes
hash
internal/godebug
crypto
strings
crypto/internal/fips140deps/godebug
crypto/internal/impl
crypto/internal/fips140
internal/oserror
syscall
crypto/internal/fips140/sha256
crypto/internal/fips140/sha3
crypto/internal/fips140/sha512
crypto/internal/fips140/hmac
crypto/internal/fips140/check
crypto/internal/fips140/aes
internal/syscall/unix
path
slices
time
internal/syscall/execenv
internal/testlog
math/rand/v2
crypto/internal/randutil
crypto/subtle
reflect
io/fs
internal/filepathlite
internal/poll
os
crypto/internal/sysrand
crypto/internal/entropy
crypto/internal/fips140/drbg
crypto/internal/fips140/aes/gcm
crypto/internal/fips140only
internal/fmtsort
fmt
crypto/cipher
crypto/internal/boring
crypto/aes
crypto/des
math/rand
crypto/internal/fips140/nistec/fiat
math/big
crypto/internal/fips140/nistec
crypto/dsa
crypto/internal/fips140/edwards25519/field
crypto/internal/boring/bbig
crypto/internal/fips140/bigmod
crypto/sha3
crypto/internal/fips140/ecdh
crypto/elliptic
crypto/ecdh
crypto/internal/fips140/ecdsa
crypto/internal/fips140hash
crypto/sha512
encoding/asn1
crypto/internal/fips140/edwards25519
vendor/golang.org/x/crypto/cryptobyte
crypto/internal/fips140/ed25519
crypto/rand
crypto/ed25519
crypto/ecdsa
crypto/internal/fips140/rsa
crypto/rsa
crypto/sha1
crypto/md5
crypto/sha256
encoding/hex
encoding/binary
crypto/x509/pkix
maps
context
vendor/golang.org/x/net/dns/dnsmessage
encoding/base64
encoding/pem
internal/singleflight
weak
unique
runtime/cgo
net/netip
net/url
path/filepath
io/ioutil
os/exec
net
sort
flag
bufio
internal/sysinfo
runtime/debug
runtime/trace
testing
crypto/x509
github.com/digitorus/pkcs7
debian/rules override_dh_auto_test
make[1]: Entering directory '/<<PKGBUILDDIR>>'
env GODEBUG=x509sha1=1 dh_auto_test
cd _build && go test -vet=off -v -p 2 github.com/digitorus/pkcs7
=== RUN TestBer2Der
--- PASS: TestBer2Der (0.00s)
=== RUN TestBer2Der_Negatives
--- PASS: TestBer2Der_Negatives (0.00s)
=== RUN TestBer2Der_NestedMultipleIndefinite
--- PASS: TestBer2Der_NestedMultipleIndefinite (0.00s)
=== RUN TestVerifyIndefiniteLengthBer
--- PASS: TestVerifyIndefiniteLengthBer (0.00s)
=== RUN TestDecrypt
--- PASS: TestDecrypt (0.00s)
=== RUN TestEncrypt
--- PASS: TestEncrypt (0.11s)
=== RUN TestEncryptUsingPSK
--- PASS: TestEncryptUsingPSK (0.00s)
=== RUN TestPad
--- PASS: TestPad (0.00s)
=== RUN TestSign
sign_test.go:60: test SHA1-RSA/SHA1-RSA/SHA1-RSA: cannot add signer: pkcs7:
certificate signature from parent is invalid: x509: cannot verify signature:
insecure algorithm SHA1-RSA
--- FAIL: TestSign (0.00s)
=== RUN TestDSASignAndVerifyWithOpenSSL
--- PASS: TestDSASignAndVerifyWithOpenSSL (0.00s)
=== RUN TestSignWithoutAttributes
sign_test.go:213: test SHA1-RSA/SHA1-RSA: cannot verify signed data: pkcs7:
failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm SHA1-RSA" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test SHA1-RSA/SHA1-RSA: cannot verify signed data: pkcs7:
failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm SHA1-RSA" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test SHA1-RSA/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm SHA1-RSA" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test SHA1-RSA/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm SHA1-RSA" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test SHA256-RSA/SHA1-RSA: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm SHA1-RSA" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test SHA256-RSA/SHA1-RSA: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm SHA1-RSA" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test SHA256-RSA/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm SHA1-RSA" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test SHA256-RSA/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm SHA1-RSA" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test SHA512-RSA/SHA1-RSA: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm SHA1-RSA" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test SHA512-RSA/SHA1-RSA: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm SHA1-RSA" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test SHA512-RSA/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm SHA1-RSA" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test SHA512-RSA/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm SHA1-RSA" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA1/SHA1-RSA: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA1/SHA1-RSA: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA1/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA1/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA256/SHA1-RSA: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA256/SHA1-RSA: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA256/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA256/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA384/SHA1-RSA: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA384/SHA1-RSA: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA384/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA384/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA512/SHA1-RSA: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA512/SHA1-RSA: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA512/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
sign_test.go:213: test ECDSA-SHA512/ECDSA-SHA1: cannot verify signed data:
pkcs7: failed to verify certificate chain: x509: certificate signed by unknown
authority (possibly because of "x509: cannot verify signature: insecure
algorithm ECDSA-SHA1" while trying to verify candidate authority certificate
"PKCS7 Test Root CA")
--- FAIL: TestSignWithoutAttributes (0.37s)
=== RUN TestSetContentType
--- PASS: TestSetContentType (0.00s)
=== RUN TestUnmarshalSignedAttribute
--- PASS: TestUnmarshalSignedAttribute (0.02s)
=== RUN TestDegenerateCertificate
--- PASS: TestDegenerateCertificate (0.00s)
=== RUN TestSkipCertificates
--- PASS: TestSkipCertificates (0.02s)
=== RUN TestVerify
--- PASS: TestVerify (0.00s)
=== RUN TestVerifyAppStore
--- PASS: TestVerifyAppStore (0.00s)
=== RUN TestVerifyApkEcdsa
--- PASS: TestVerifyApkEcdsa (0.00s)
=== RUN TestVerifyFirefoxAddon
--- PASS: TestVerifyFirefoxAddon (0.00s)
=== RUN TestSignWithOpenSSLAndVerify
verify_test.go:576: Verify failed with error: pkcs7: failed to verify
certificate chain: x509: certificate signed by unknown authority (possibly
because of "x509: cannot verify signature: insecure algorithm SHA1-RSA" while
trying to verify candidate authority certificate "PKCS7 Test Intermediate Cert")
--- FAIL: TestSignWithOpenSSLAndVerify (0.01s)
FAIL
FAIL github.com/digitorus/pkcs7 0.550s
FAIL
dh_auto_test: error: cd _build && go test -vet=off -v -p 2
github.com/digitorus/pkcs7 returned exit code 1
make[1]: *** [debian/rules:7: override_dh_auto_test] Error 25
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
make: *** [debian/rules:4: binary] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2
--------------------------------------------------------------------------------
The above is just how the build ends and not necessarily the most relevant part.
If required, the full build log is available here:
https://people.debian.org/~sanvila/build-logs/202502/
About the archive rebuild: The build was made on virtual machines from AWS,
using sbuild and a reduced chroot with only build-essential packages.
If you could not reproduce the bug please contact me privately, as I
am willing to provide ssh access to a virtual machine where the bug is
fully reproducible.
If this is really a bug in one of the build-depends, please use
reassign and add an affects on src:golang-github-digitorus-pkcs7, so that this
is still
visible in the BTS web page for this package.
Thanks.
--- End Message ---
--- Begin Message ---
Source: golang-github-digitorus-pkcs7
Source-Version: 0.0~git20230818.3a137a8-3
Done: Simon Josefsson <si...@josefsson.org>
We believe that the bug you reported is fixed in the latest version of
golang-github-digitorus-pkcs7, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1098...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon Josefsson <si...@josefsson.org> (supplier of updated
golang-github-digitorus-pkcs7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 21 Mar 2025 23:45:23 +0100
Source: golang-github-digitorus-pkcs7
Architecture: source
Version: 0.0~git20230818.3a137a8-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Simon Josefsson <si...@josefsson.org>
Closes: 1098553
Changes:
golang-github-digitorus-pkcs7 (0.0~git20230818.3a137a8-3) unstable;
urgency=medium
.
* Standards-Version: 4.7.2.
* Bump debian/* copyright years.
* Disable RSA-SHA1 tests. Closes: #1098553.
* Drop now ignored GODEBUG=x509sha1=1.
Checksums-Sha1:
80f8061de1611f579ff67a6398312c7dec65780e 2976
golang-github-digitorus-pkcs7_0.0~git20230818.3a137a8-3.dsc
e25869a1dbbb992439e988c75405de7298ceeb4e 3676
golang-github-digitorus-pkcs7_0.0~git20230818.3a137a8-3.debian.tar.xz
Checksums-Sha256:
b57e70fb0dff70590c4fc0300310e4cea07ca6765ee53cca75c70145f9ecb8d6 2976
golang-github-digitorus-pkcs7_0.0~git20230818.3a137a8-3.dsc
e1ef2bd5793eea67afceba8eaae67573bc7016127cc4b379753c1c9715c30cc4 3676
golang-github-digitorus-pkcs7_0.0~git20230818.3a137a8-3.debian.tar.xz
Files:
660f4893181888565239dbdf89d777a3 2976 golang optional
golang-github-digitorus-pkcs7_0.0~git20230818.3a137a8-3.dsc
55e3acc09798b80e1d2f2f848da56a6b 3676 golang optional
golang-github-digitorus-pkcs7_0.0~git20230818.3a137a8-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQNoBAEWCgMQFiEEo8ychwudMQq61M8vUXIrCP5HRaIFAmfd75wUHHNpbW9uQGpv
c2Vmc3Nvbi5vcmfCHCYAmDMEXJLOtBYJKwYBBAHaRw8BAQdACIcrZIvhrxDBkK9f
V+QlTmXxo2naObDuGtw58YaxlOu0JVNpbW9uIEpvc2Vmc3NvbiA8c2ltb25Aam9z
ZWZzc29uLm9yZz6IlgQTFggAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYh
BLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XQkBQkNZGbwAAoJENc89jjFPAa+BtIA
/iR73CfBurG9y8pASh3cbGOMHpDZfMAtosu6jbpO69GHAP4p7l57d+iVty2VQMsx
+3TCSAvZkpr4P/FuTzZ8JZe8BrgzBFySz4EWCSsGAQQB2kcPAQEHQOxTCIOaeXAx
I2hIX4HK9bQTpNVei708oNr1Klm8qCGKiPUEGBYIACYCGwIWIQSx0r0Tdb7LeEz0
+MTXPPY4xTwGvgUCZ9F0SgUJDWRmSQCBdiAEGRYIAB0WIQSjzJyHC50xCrrUzy9R
cisI/kdFogUCXJLPgQAKCRBRcisI/kdFoqdMAQCgH45aseZgIrwKOvUOA9QfsmeE
8GZHYNuFHmM9FEQS6AD6A4x5aYvoY6lo98pgtw2HPDhmcCXFItjXCrV4A0GmJA4J
ENc89jjFPAa+wUUBAO64fbZek6FPlRK0DrlWsrjCXuLi6PUxyzCAY6lG2nhUAQC6
qobB9mkZlZ0qihy1x4JRtflqFcqqT9n7iUZkCDIiDbg4BFySz2oSCisGAQQBl1UB
BQEBB0AxlRumDW6nZY7A+VCfek9VpEx6PJmdJyYPt3lNHMd6HAMBCAeIfgQYFggA
JgIbDBYhBLHSvRN1vst4TPT4xNc89jjFPAa+BQJn0XTSBQkNZGboAAoJENc89jjF
PAa+0M0BAPPRq73kLnHYNDMniVBOzUdi2XeF32idjEWWfjvyIJUOAP4wZ+ALxIeh
is3Uw2BzGZE6ttXQ2Q+DeCJO3TPpIqaXDAAKCRBRcisI/kdFogBhAQCdoAdzLQSV
2vpadqA3fArD9Kxk8ZDDqfIdHpFShCOrdwD9EUBaFJdKR7jGRqINq3miH2EayH8J
+Qp0lqP/9bUECAs=
=fF5q
-----END PGP SIGNATURE-----
pgpOq1ORQEzpA.pgp
Description: PGP signature
--- End Message ---
