filter/qa/pdf.cxx | 10 -----
include/unotest/macros_test.hxx | 6 ++-
unotest/source/cpp/macros_test.cxx | 46 ++++++++++++++++++--------
vcl/qa/cppunit/filter/ipdf/ipdf.cxx | 10 -----
xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx | 9 -----
xmlsecurity/qa/unit/signing/signing.cxx | 5 +-
xmlsecurity/qa/unit/signing/signing2.cxx | 5 +-
7 files changed, 46 insertions(+), 45 deletions(-)
New commits:
commit 2048db4dc8ee6edb231a9109257846975a6f7834
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Mon Jan 29 15:24:05 2024 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Tue Jan 30 10:23:32 2024 +0100
tdf#105844 unotest,xmlsecurity: fix tests on MacOSX
The new tests fail with:
> core/xmlsecurity/qa/unit/signing/signing2.cxx:
> 252: Assertion
> Test name: testPasswordPreserveMacroSignatureODFWholesomeLO242::TestBody
> equality assertion failed
> - Expected: 1
> - Actual : 4
This is because only the first test that runs sees the testing CA
certificates that are copied in MacrosTest::setUpNssGpg(); when the
second test runs, they have somehow vanished.
This is because apparently SQLite on MacOSX, unlike on Linux, monitors
the file descriptors of its database files, and then invalidates itself
when setUpNssGpg() via osl::File::copy() renames and unlinks the
existing database files:
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib:
database integrity compromised by API violation: vnode renamed while in use:
core/workdir/CppunitTest/xmlsecurity_signing2.test.user/cert9.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 5 (0x20)
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib:
database integrity compromised by API violation: vnode unlinked while in use:
core/workdir/CppunitTest/xmlsecurity_signing2.test.user/cert9.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 5 (0x11)
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib:
database integrity compromised by API violation: vnode renamed while in use:
core/workdir/CppunitTest/xmlsecurity_signing2.test.user/key4.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 6 (0x20)
> cppunittester[29873:5483181] [logging] BUG IN CLIENT OF libsqlite3.dylib:
database integrity compromised by API violation: vnode unlinked while in use:
core/workdir/CppunitTest/xmlsecurity_signing2.test.user/key4.db.osl-tmp
> cppunittester[29873:5483181] [logging] invalidated open fd: 6 (0x11)
Split MacrosTest::setUpNssGpg()/tearDownNssGpg() into functions
setUpX509() which only does something on the 1st invocation, and
setUpGpg()/tearDownGpg() which may be invoked per-test (they could also
be run once for the whole test suite, but not obvious how to do that);
PDF related tests don't need GPG.
Presumably this is (along with the WNT-specific problem fixed in commit
3e9a700091872480dd085f0928d1d30b7d74cfd7) the reason why most of the
tests not only accept the expected result of SignatureState::OK but also
SignatureState::NOTVALIDATED.
Change-Id: I59b85ca651cecaccfdea729ed1e645c53079c8bf
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162693
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
diff --git a/filter/qa/pdf.cxx b/filter/qa/pdf.cxx
index 4b0ef3fa1af7..9ab11cd36d71 100644
--- a/filter/qa/pdf.cxx
+++ b/filter/qa/pdf.cxx
@@ -36,7 +36,6 @@ public:
}
void setUp() override;
- void tearDown() override;
void doTestCommentsInMargin(bool commentsInMarginEnabled);
};
@@ -44,14 +43,7 @@ void Test::setUp()
{
UnoApiTest::setUp();
- MacrosTest::setUpNssGpg(m_directories, "filter_pdf");
-}
-
-void Test::tearDown()
-{
- MacrosTest::tearDownNssGpg();
-
- UnoApiTest::tearDown();
+ MacrosTest::setUpX509(m_directories, "filter_pdf");
}
CPPUNIT_TEST_FIXTURE(Test, testSignCertificateSubjectName)
diff --git a/include/unotest/macros_test.hxx b/include/unotest/macros_test.hxx
index c960ff76ea26..cf667125e8f0 100644
--- a/include/unotest/macros_test.hxx
+++ b/include/unotest/macros_test.hxx
@@ -96,8 +96,10 @@ public:
static std::unique_ptr<SvStream> parseExportStream(const OUString& url,
const OUString&
rStreamName);
- void setUpNssGpg(const test::Directories& rDirectories, const OUString&
rTestName);
- void tearDownNssGpg();
+ // note: there is no tearDownX509
+ void setUpX509(const test::Directories& rDirectories, const OUString&
rTestName);
+ void setUpGpg(const test::Directories& rDirectories, const OUString&
rTestName);
+ void tearDownGpg();
static bool IsValid(const
css::uno::Reference<css::security::XCertificate>& cert,
const
css::uno::Reference<css::xml::crypto::XSecurityEnvironment>& env);
diff --git a/unotest/source/cpp/macros_test.cxx
b/unotest/source/cpp/macros_test.cxx
index 3bb2a22a5da4..3d5bc326f7f7 100644
--- a/unotest/source/cpp/macros_test.cxx
+++ b/unotest/source/cpp/macros_test.cxx
@@ -110,23 +110,19 @@ std::unique_ptr<SvStream>
MacrosTest::parseExportStream(const OUString& url,
return pStream;
}
-void MacrosTest::setUpNssGpg(const test::Directories& rDirectories, const
OUString& rTestName)
+void MacrosTest::setUpX509(const test::Directories& rDirectories, const
OUString& rTestName)
{
+ static bool isDone{ false };
+ if (isDone) // must only be done once on MacOSX - see below!
+ {
+ return;
+ }
+ isDone = true;
+
OUString aSourceDir = rDirectories.getURLFromSrc(u"/test/signing-keys/");
OUString aTargetDir
= rDirectories.getURLFromWorkdir(Concat2View("CppunitTest/" +
rTestName + ".test.user"));
- // Set up NSS database in workdir/CppunitTest/
- osl::File::copy(aSourceDir + "cert9.db", aTargetDir + "/cert9.db");
- osl::File::copy(aSourceDir + "key4.db", aTargetDir + "/key4.db");
- osl::File::copy(aSourceDir + "pkcs11.txt", aTargetDir + "/pkcs11.txt");
-
- // Make gpg use our own defined setup & keys
- osl::File::copy(aSourceDir + "pubring.gpg", aTargetDir + "/pubring.gpg");
- osl::File::copy(aSourceDir + "random_seed", aTargetDir + "/random_seed");
- osl::File::copy(aSourceDir + "secring.gpg", aTargetDir + "/secring.gpg");
- osl::File::copy(aSourceDir + "trustdb.gpg", aTargetDir + "/trustdb.gpg");
-
OUString aTargetPath;
osl::FileBase::getSystemPathFromFileURL(aTargetDir, aTargetPath);
@@ -136,10 +132,34 @@ void MacrosTest::setUpNssGpg(const test::Directories&
rDirectories, const OUStri
OUString caVar("LIBO_TEST_CRYPTOAPI_PKCS7");
osl_setEnvironment(caVar.pData, aTargetPath.pData);
#else
+ // Set up NSS database in workdir/CppunitTest/
+ // WARNING: on MacOSX, this *must only be done once* - once NSS has opened
+ // the files, SQLite will *stop using them* if they are overwritten or
renamed!
+ osl::File::copy(aSourceDir + "cert9.db", aTargetDir + "/cert9.db");
+ osl::File::copy(aSourceDir + "key4.db", aTargetDir + "/key4.db");
+ osl::File::copy(aSourceDir + "pkcs11.txt", aTargetDir + "/pkcs11.txt");
+
OUString mozCertVar("MOZILLA_CERTIFICATE_FOLDER");
// explicit prefix with "sql:" needed for CentOS7 system NSS 3.67
osl_setEnvironment(mozCertVar.pData, OUString("sql:" + aTargetPath).pData);
#endif
+}
+
+void MacrosTest::setUpGpg(const test::Directories& rDirectories, const
OUString& rTestName)
+{
+ OUString aSourceDir = rDirectories.getURLFromSrc(u"/test/signing-keys/");
+ OUString aTargetDir
+ = rDirectories.getURLFromWorkdir(Concat2View("CppunitTest/" +
rTestName + ".test.user"));
+
+ OUString aTargetPath;
+ osl::FileBase::getSystemPathFromFileURL(aTargetDir, aTargetPath);
+
+ // Make gpg use our own defined setup & keys
+ osl::File::copy(aSourceDir + "pubring.gpg", aTargetDir + "/pubring.gpg");
+ osl::File::copy(aSourceDir + "random_seed", aTargetDir + "/random_seed");
+ osl::File::copy(aSourceDir + "secring.gpg", aTargetDir + "/secring.gpg");
+ osl::File::copy(aSourceDir + "trustdb.gpg", aTargetDir + "/trustdb.gpg");
+
OUString gpgHomeVar("GNUPGHOME");
osl_setEnvironment(gpgHomeVar.pData, aTargetPath.pData);
@@ -166,7 +186,7 @@ void MacrosTest::setUpNssGpg(const test::Directories&
rDirectories, const OUStri
#endif
}
-void MacrosTest::tearDownNssGpg()
+void MacrosTest::tearDownGpg()
{
#if HAVE_GPGCONF_SOCKETDIR
// HAVE_GPGCONF_SOCKETDIR is only defined in configure.ac for Linux for
now, so (a) std::system
diff --git a/vcl/qa/cppunit/filter/ipdf/ipdf.cxx
b/vcl/qa/cppunit/filter/ipdf/ipdf.cxx
index dbe7ada758e7..ad2354b00eb8 100644
--- a/vcl/qa/cppunit/filter/ipdf/ipdf.cxx
+++ b/vcl/qa/cppunit/filter/ipdf/ipdf.cxx
@@ -40,7 +40,6 @@ public:
}
void setUp() override;
- void tearDown() override;
uno::Reference<xml::crypto::XXMLSecurityContext>& getSecurityContext()
{
return mxSecurityContext;
@@ -50,19 +49,12 @@ public:
void VclFilterIpdfTest::setUp()
{
UnoApiTest::setUp();
- MacrosTest::setUpNssGpg(m_directories, "vcl_filter_ipdf");
+ MacrosTest::setUpX509(m_directories, "vcl_filter_ipdf");
mxSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
mxSecurityContext = mxSEInitializer->createSecurityContext(OUString());
}
-void VclFilterIpdfTest::tearDown()
-{
- MacrosTest::tearDownNssGpg();
-
- UnoApiTest::tearDown();
-}
-
CPPUNIT_TEST_FIXTURE(VclFilterIpdfTest, testPDFAddVisibleSignatureLastPage)
{
// FIXME: the DPI check should be removed when either (1) the test is
fixed to work with
diff --git a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
index 0196a4707b92..46981b250a6f 100644
--- a/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
+++ b/xmlsecurity/qa/unit/pdfsigning/pdfsigning.cxx
@@ -63,7 +63,6 @@ protected:
public:
PDFSigningTest();
void setUp() override;
- void tearDown() override;
};
PDFSigningTest::PDFSigningTest() {}
@@ -71,7 +70,7 @@ PDFSigningTest::PDFSigningTest() {}
void PDFSigningTest::setUp()
{
test::BootstrapFixture::setUp();
- MacrosTest::setUpNssGpg(m_directories, "xmlsecurity_pdfsigning");
+ MacrosTest::setUpX509(m_directories, "xmlsecurity_pdfsigning");
uno::Reference<xml::crypto::XSEInitializer> xSEInitializer
= xml::crypto::SEInitializer::create(mxComponentContext);
@@ -86,12 +85,6 @@ void PDFSigningTest::setUp()
#endif
}
-void PDFSigningTest::tearDown()
-{
- MacrosTest::tearDownNssGpg();
- test::BootstrapFixture::tearDown();
-}
-
std::vector<SignatureInformation> PDFSigningTest::verify(const OUString& rURL,
size_t nCount)
{
uno::Reference<xml::crypto::XSEInitializer> xSEInitializer
diff --git a/xmlsecurity/qa/unit/signing/signing.cxx
b/xmlsecurity/qa/unit/signing/signing.cxx
index 9f449d26d6bd..316eaf22f5b7 100644
--- a/xmlsecurity/qa/unit/signing/signing.cxx
+++ b/xmlsecurity/qa/unit/signing/signing.cxx
@@ -92,7 +92,8 @@ void SigningTest::setUp()
{
UnoApiXmlTest::setUp();
- MacrosTest::setUpNssGpg(m_directories, "xmlsecurity_signing");
+ MacrosTest::setUpX509(m_directories, "xmlsecurity_signing");
+ MacrosTest::setUpGpg(m_directories, "xmlsecurity_signing");
// Initialize crypto after setting up the environment variables.
mxSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
@@ -108,7 +109,7 @@ void SigningTest::setUp()
void SigningTest::tearDown()
{
- MacrosTest::tearDownNssGpg();
+ MacrosTest::tearDownGpg();
UnoApiXmlTest::tearDown();
}
diff --git a/xmlsecurity/qa/unit/signing/signing2.cxx
b/xmlsecurity/qa/unit/signing/signing2.cxx
index dd6f9e09a83d..cb7922d19918 100644
--- a/xmlsecurity/qa/unit/signing/signing2.cxx
+++ b/xmlsecurity/qa/unit/signing/signing2.cxx
@@ -63,7 +63,8 @@ void SigningTest2::setUp()
{
UnoApiXmlTest::setUp();
- MacrosTest::setUpNssGpg(m_directories, "xmlsecurity_signing2");
+ MacrosTest::setUpX509(m_directories, "xmlsecurity_signing2");
+ MacrosTest::setUpGpg(m_directories, "xmlsecurity_signing2");
// Initialize crypto after setting up the environment variables.
mxSEInitializer = xml::crypto::SEInitializer::create(mxComponentContext);
@@ -79,7 +80,7 @@ void SigningTest2::setUp()
void SigningTest2::tearDown()
{
- MacrosTest::tearDownNssGpg();
+ MacrosTest::tearDownGpg();
UnoApiXmlTest::tearDown();
}
