FYI: https://github.com/secure-systems-lab/securesystemslib/pull/264 fixes the issue upstream.
On 04.08.2020 3:11 PM, Lukas Puehringer wrote: > Thanks for the report! > > It looks like a recent update to pyca/cryptography v3.0 causes our test code > (only) to break. I just filed an issue upstream, because I am not fully sure > if > the change was made intentionally: > https://github.com/pyca/cryptography/issues/5373 > > If it was, I will update our test code. > > Cheers, > Lukas > > On 03.08.2020 10:32 AM, Lucas Nussbaum wrote: >> Source: in-toto >> Version: 0.4.0-2 >> Severity: serious >> Justification: FTBFS on amd64 >> Tags: bullseye sid ftbfs >> Usertags: ftbfs-20200802 ftbfs-bullseye >> >> Hi, >> >> During a rebuild of all packages in sid, your package failed to build >> on amd64. >> >> Relevant part (hopefully): >>> make[1]: Entering directory '/<<PKGBUILDDIR>>' >>> python3 tests/runtests.py >>> gpg (GnuPG) 2.2.20 >>> libgcrypt 1.8.6 >>> Copyright (C) 2020 Free Software Foundation, Inc. >>> License GPLv3+: GNU GPL version 3 or later >>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__gnu.org_licenses_gpl.html&d=DwIBaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=2YMLsMLCML1EOEAeVc1Mhx6J99vqRVHSnZUnatehIDg&m=DoOD8xFlVZmGKyAn9JKxzjiYHsiCPqe7GspXlCQo8OU&s=fSBJ8hIVCyfPpuKZwDWediuo_2vUHe7w3rKvCfdZQL0&e= >>> > >>> This is free software: you are free to change and redistribute it. >>> There is NO WARRANTY, to the extent permitted by law. >>> >>> Home: /sbuild-nonexistent/.gnupg >>> Supported algorithms: >>> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA >>> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, >>> CAMELLIA128, CAMELLIA192, CAMELLIA256 >>> Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 >>> Compression: Uncompressed, ZIP, ZLIB, BZIP2 >>> /<<PKGBUILDDIR>>/in_toto/gpg/functions.py:101: SyntaxWarning: "is not" with >>> a literal. Did you mean "!="? >>> if process.returncode is not 0: >>> test_load_repr_string_as_json (tests.models.test_common.TestSignable) >>> Test load string returned by `Signable.repr` as JSON ... ok >>> test_set_run_from_string >>> (tests.models.test_inspection.TestInspectionValidator) >>> Test shelx parse command string to list. ... ok >>> test_wrong_run (tests.models.test_inspection.TestInspectionValidator) >>> Test that the run validators catch malformed values. ... ok >>> test_wrong_type (tests.models.test_inspection.TestInspectionValidator) >>> Test the type field within Validate(). ... ok >>> test_functionary_keys (tests.models.test_layout.TestLayoutMethods) >>> Test adding and listing functionary keys (securesystemslib and gpg). ... ok >>> test_get_inspection_by_name (tests.models.test_layout.TestLayoutMethods) >>> Test getting inspection by name. ... ok >>> test_get_inspection_name_list (tests.models.test_layout.TestLayoutMethods) >>> Test getting list of inspection names. ... ok >>> test_get_step_by_name (tests.models.test_layout.TestLayoutMethods) >>> Test getting step by name. ... ok >>> test_get_step_name_list (tests.models.test_layout.TestLayoutMethods) >>> Test getting list of step names. ... ok >>> test_remove_inspection_by_name (tests.models.test_layout.TestLayoutMethods) >>> Test removing inspection by name. ... ok >>> test_remove_step_by_name (tests.models.test_layout.TestLayoutMethods) >>> Test removing step by name. ... ok >>> test_set_relative_expiration (tests.models.test_layout.TestLayoutMethods) >>> Test adding expiration date relative from today. ... ok >>> test_import_step_metadata_wrong_type >>> (tests.models.test_layout.TestLayoutValidator) ... ok >>> test_repeated_step_names (tests.models.test_layout.TestLayoutValidator) >>> Check that only unique names exist in the steps and inspect lists ... ok >>> test_validate_readme_field (tests.models.test_layout.TestLayoutValidator) >>> Tests the readme field data type validator. ... ok >>> test_wrong_expires (tests.models.test_layout.TestLayoutValidator) >>> Test the expires field is properly populated. ... ok >>> test_wrong_inspect_list (tests.models.test_layout.TestLayoutValidator) >>> Check that the validate method checks the inspections' correctness. ... ok >>> test_wrong_key_dictionary (tests.models.test_layout.TestLayoutValidator) >>> Test that the keys dictionary is properly populated. ... ok >>> test_wrong_pubkeys (tests.models.test_layout.TestLayoutValidator) >>> Check validate pubkeys fails with wrong keys. ... ok >>> test_wrong_steps_list (tests.models.test_layout.TestLayoutValidator) >>> Check that the validate method checks the steps' correctness. ... ok >>> test_wrong_type (tests.models.test_layout.TestLayoutValidator) >>> Test that the type field is validated properly. ... ok >>> test_validate_byproducts (tests.models.test_link.TestLinkValidator) >>> Test `byproducts` field. Must be a `dict` ... ok >>> test_validate_command (tests.models.test_link.TestLinkValidator) >>> Test `command` field. Must be either a `list` ... ok >>> test_validate_environment (tests.models.test_link.TestLinkValidator) >>> Test `environment` field. Must be a `dict` ... ok >>> test_validate_materials (tests.models.test_link.TestLinkValidator) >>> Test `materials` field. Must be a `dict` of HASH_DICTs ... ok >>> test_validate_products (tests.models.test_link.TestLinkValidator) >>> Test `products` field. Must be a `dict` of HASH_DICTs ... ok >>> test_validate_type (tests.models.test_link.TestLinkValidator) >>> Test `_type` field. Must be "link" ... ok >>> test_validate_signatures (tests.models.test_metadata.TestMetablockValidator) >>> Test validate Metablock's 'signatures' property. ... ok >>> test_validate_signed (tests.models.test_metadata.TestMetablockValidator) >>> Test validate Metablock's 'signed' property. ... ok >>> test_set_expected_command_from_string >>> (tests.models.test_step.TestStepValidator) >>> Test shelx parse command string to list. ... ok >>> test_wrong_expected_command (tests.models.test_step.TestStepValidator) >>> Test that the expected command validator catches malformed ones. ... ok >>> test_wrong_pubkeys (tests.models.test_step.TestStepValidator) ... ok >>> test_wrong_threshold (tests.models.test_step.TestStepValidator) >>> Test that the threshold value is correctly checked. ... ok >>> test_wrong_type (tests.models.test_step.TestStepValidator) >>> Test the type field within Validate(). ... ok >>> test_add_rule_from_string >>> (tests.models.test_supply_chain_item.TestSupplyChainItem) >>> Test that add_rule_from string methods set property correctly. ... ok >>> test_repr (tests.models.test_supply_chain_item.TestSupplyChainItem) >>> Test repr returns a JSON parseable string. ... ok >>> test_wrong_expected_materials >>> (tests.models.test_supply_chain_item.TestSupplyChainItem) >>> Test that the material rule validators catch malformed ones. ... ok >>> test_wrong_expected_products >>> (tests.models.test_supply_chain_item.TestSupplyChainItem) >>> Test that the product rule validators catch malformed values. ... ok >>> test_assign_certified_key_info_errors (tests.test_gpg.TestCommon) >>> Test _assign_certified_key_info errors with manually crafted data ... ok >>> test_assign_certified_key_info_expiration (tests.test_gpg.TestCommon) >>> Test assignment of key expiration date in ... ok >>> test_get_pubkey_bundle_errors (tests.test_gpg.TestCommon) >>> Pass wrong keyid with valid gpg data to trigger KeyNotFoundError. ... ok >>> test_get_verified_subkeys (tests.test_gpg.TestCommon) >>> Test correct assignment of subkey expiration date in ... ok >>> test_get_verified_subkeys_errors (tests.test_gpg.TestCommon) >>> Test _get_verified_subkeys errors with manually crafted data based on ... ok >>> test_parse_pubkey_bundle (tests.test_gpg.TestCommon) >>> Assert presence of packets expected returned from `parse_pubkey_bundle` ... >>> ok >>> test_parse_pubkey_bundle_errors (tests.test_gpg.TestCommon) >>> Test parse_pubkey_bundle errors with manually crafted data partially ... ok >>> test_parse_pubkey_payload_errors (tests.test_gpg.TestCommon) >>> Test parse_pubkey_payload errors with manually crafted data. ... ok >>> test_parse_signature_packet_errors (tests.test_gpg.TestCommon) >>> Test parse_signature_packet errors with manually crafted data. ... ok >>> test_gpg_export_pubkey (tests.test_gpg.TestGPGDSA) >>> export a public key and make sure the parameters are the right ones: ... >>> ERROR >>> test_gpg_sign_and_verify_object (tests.test_gpg.TestGPGDSA) >>> Create a signature using a specific key on the keyring ... ok >>> test_gpg_sign_and_verify_object_with_default_key (tests.test_gpg.TestGPGDSA) >>> Create a signature using the default key on the keyring ... ok >>> test_gpg_export_pubkey (tests.test_gpg.TestGPGRSA) >>> export a public key and make sure the parameters are the right ones: ... ok >>> test_gpg_sign_and_verify_object (tests.test_gpg.TestGPGRSA) >>> Create a signature using a specific key on the keyring ... ok >>> test_gpg_sign_and_verify_object_default_keyring (tests.test_gpg.TestGPGRSA) >>> Sign/verify using keyring from envvar. ... ok >>> test_gpg_sign_and_verify_object_with_default_key (tests.test_gpg.TestGPGRSA) >>> Create a signature using the default key on the keyring ... ok >>> test_gpg_sign_object_with_expired_key (tests.test_gpg.TestGPGRSA) >>> Test signing with expired key raises gpg CommandError. ... ok >>> test_gpg_verify_signature_with_expired_key (tests.test_gpg.TestGPGRSA) >>> Test sig verification with expired key raises KeyExpirationError. ... ok >>> test_get_hashing_class (tests.test_gpg.TestUtil) ... ok >>> test_parse_packet_header (tests.test_gpg.TestUtil) >>> Test parse_packet_header with manually crafted data. ... ok >>> test_parse_subpacket_header (tests.test_gpg.TestUtil) >>> Test parse_subpacket_header with manually crafted data. ... ok >>> test_version_utils_return_types (tests.test_gpg.TestUtil) >>> Run dummy tests for coverage. ... ok >>> test_create_and_import_encrypted_rsa >>> (tests.test_in_toto_keygen.TestInTotoKeyGenTool) >>> Create ecrypted RSA key and import private and public key separately. ... ok >>> test_create_and_import_encrypted_rsa_nondefault_length >>> (tests.test_in_toto_keygen.TestInTotoKeyGenTool) ... ok >>> test_in_toto_keygen_generate_and_write_ed25519_keypair >>> (tests.test_in_toto_keygen.TestInTotoKeyGenTool) >>> in_toto_keygen_generate_and_write_ed25519_keypair run through. ... ok >>> test_in_toto_keygen_generate_and_write_rsa_keypair >>> (tests.test_in_toto_keygen.TestInTotoKeyGenTool) >>> in_toto_keygen_generate_and_write_rsa_keypair run through. ... ok >>> test_in_toto_keygen_prompt_generate_and_write_ed25519_keypair >>> (tests.test_in_toto_keygen.TestInTotoKeyGenTool) >>> in_toto_keygen_prompt_generate_and_write_ed25519_keypair run through. ... ok >>> test_in_toto_keygen_prompt_generate_and_write_rsa_keypair >>> (tests.test_in_toto_keygen.TestInTotoKeyGenTool) >>> in_toto_keygen_prompt_generate_and_write_rsa_keypair run through. ... ok >>> test_main_optional_args (tests.test_in_toto_keygen.TestInTotoKeyGenTool) >>> Test CLI command keygen with optional arguments. ... ok >>> test_main_required_args (tests.test_in_toto_keygen.TestInTotoKeyGenTool) >>> Test in-toto-keygen CLI tool with required arguments. ... ok >>> test_main_wrong_args (tests.test_in_toto_keygen.TestInTotoKeyGenTool) >>> Test CLI command with missing arguments. ... ok >>> test_prompt_password (tests.test_in_toto_keygen.TestInTotoKeyGenTool) >>> Call password prompt. ... ok >>> test_main_bad_cmd (tests.test_in_toto_mock.TestInTotoMockTool) >>> Test CLI command with non-existing command. ... ok >>> test_main_required_args (tests.test_in_toto_mock.TestInTotoMockTool) >>> Test CLI command with required arguments. ... ok >>> test_main_wrong_args (tests.test_in_toto_mock.TestInTotoMockTool) >>> Test CLI command with missing arguments. ... ok >>> test_glob_no_unfinished_files >>> (tests.test_in_toto_record.TestInTotoRecordTool) >>> Test record stop with missing unfinished files when globbing (gpg). ... ok >>> test_glob_to_many_unfinished_files >>> (tests.test_in_toto_record.TestInTotoRecordTool) >>> Test record stop with to many unfinished files when globbing (gpg). ... ok >>> test_missing_unfinished_link >>> (tests.test_in_toto_record.TestInTotoRecordTool) >>> Error exit with missing unfinished link file. ... ok >>> test_no_key (tests.test_in_toto_record.TestInTotoRecordTool) >>> Test if no key is specified, argparse error exists with 2 ... ok >>> test_start_stop (tests.test_in_toto_record.TestInTotoRecordTool) >>> Test CLI command record start/stop with various arguments. ... ok >>> test_wrong_key (tests.test_in_toto_record.TestInTotoRecordTool) >>> Test CLI command record with wrong key exits 1 ... ok >>> test_main_no_command_arg (tests.test_in_toto_run.TestInTotoRunTool) >>> Test CLI command with --no-command argument. ... ok >>> test_main_optional_args (tests.test_in_toto_run.TestInTotoRunTool) >>> Test CLI command with optional arguments. ... ok >>> test_main_required_args (tests.test_in_toto_run.TestInTotoRunTool) >>> Test CLI command with required arguments. ... ok >>> test_main_with_default_gpg_key (tests.test_in_toto_run.TestInTotoRunTool) >>> Test CLI command with default gpg key. ... ok >>> test_main_with_encrypted_ed25519_key >>> (tests.test_in_toto_run.TestInTotoRunTool) >>> Test CLI command with encrypted ed25519 key. ... ok >>> test_main_with_specified_gpg_key (tests.test_in_toto_run.TestInTotoRunTool) >>> Test CLI command with specified gpg key. ... ok >>> test_main_with_unencrypted_ed25519_key >>> (tests.test_in_toto_run.TestInTotoRunTool) >>> Test CLI command with ed25519 key. ... ok >>> test_main_wrong_args (tests.test_in_toto_run.TestInTotoRunTool) >>> Test CLI command with missing arguments. ... ok >>> test_main_wrong_key_exits (tests.test_in_toto_run.TestInTotoRunTool) >>> Test CLI command with wrong key argument, exits and logs error ... ok >>> test_bad_args (tests.test_in_toto_sign.TestInTotoSignTool) >>> Fail with wrong combination of arguments. ... ok >>> test_bad_metadata (tests.test_in_toto_sign.TestInTotoSignTool) >>> Fail with wrong metadata. ... ok >>> test_fail_signing (tests.test_in_toto_sign.TestInTotoSignTool) >>> Fail signing with an invalid key. ... ok >>> test_fail_verification (tests.test_in_toto_sign.TestInTotoSignTool) >>> Fail signature verification. ... ok >>> test_sign_and_verify (tests.test_in_toto_sign.TestInTotoSignTool) >>> Test signing and verifying Layout and Link metadata with ... ok >>> test_main_failing_bad_layout_path >>> (tests.test_in_toto_verify.TestInTotoVerifyTool) >>> Test in-toto-verify CLI tool with bad layout path. ... ok >>> test_main_link_dir (tests.test_in_toto_verify.TestInTotoVerifyTool) >>> Test in-toto-verify CLI tool with explicit link dir. ... ok >>> test_main_multiple_keys (tests.test_in_toto_verify.TestInTotoVerifyTool) >>> Test in-toto-verify CLI tool with multiple keys. ... ok >>> test_main_required_args (tests.test_in_toto_verify.TestInTotoVerifyTool) >>> Test in-toto-verify CLI tool with required arguments. ... ok >>> test_main_wrong_args (tests.test_in_toto_verify.TestInTotoVerifyTool) >>> Test in-toto-verify CLI tool with wrong arguments. ... ok >>> test_gpg_signed_layout_with_gpg_functionary_keys >>> (tests.test_in_toto_verify.TestInTotoVerifyToolGPG) >>> Successfully test demo supply chain where the layout lists gpg keys ... ok >>> test_main_multiple_keys >>> (tests.test_in_toto_verify.TestInTotoVerifyToolMixedKeys) >>> Test in-toto-verify CLI tool with multiple keys. ... ok >>> test_set_level_verbose_or_quiet (tests.test_log.TestInTotoLogger) >>> Test set level convenience method. ... ok >>> test_substitute (tests.test_param_substitution.Test_SubstituteArtifacts) >>> Do a simple substitution on the expected_command field ... ok >>> test_substitute_no_var >>> (tests.test_param_substitution.Test_SubstituteArtifacts) >>> Raise an error if the parameter is not filled-in ... ok >>> test_substitute >>> (tests.test_param_substitution.Test_SubstituteExpectedCommand) >>> Do a simple substitution on the expected_command field ... ok >>> test_substitute_no_var >>> (tests.test_param_substitution.Test_SubstituteExpectedCommand) >>> Raise an error if the parameter is not filled-in ... ok >>> test_substitute (tests.test_param_substitution.Test_SubstituteOnVerify) >>> Do a simple substitution on the expected_command field ... ok >>> test_inspection_fail_with_non_zero_retval >>> (tests.test_param_substitution.Test_SubstituteRunField) >>> Check that the substitution raises TypeError if the key is missing ... ok >>> test_substitute (tests.test_param_substitution.Test_SubstituteRunField) >>> Check that the substitution is performed on the run field. ... ok >>> test_run_duplicate_streams (tests.test_process.Test_Process) >>> Test output as streams and as returned. ... ok >>> test_run_duplicate_streams_arg_return_code (tests.test_process.Test_Process) >>> Test command arg as string and list and return code. ... ok >>> test_run_duplicate_streams_timeout (tests.test_process.Test_Process) >>> Test raise TimeoutExpired. ... ok >>> test_run_input_vs_stdin (tests.test_process.Test_Process) >>> Test that stdin kwarg is only used if input kwarg is not supplied. ... ok >>> test_pack_rule_wrong_types (tests.test_rulelib.TestArtifactRuleUnpack) >>> Test argument validation for pack_rule. ... ok >>> test_unpack_and_pack_generic_rule >>> (tests.test_rulelib.TestArtifactRuleUnpack) >>> Test generic rule proper packing and unpacking. ... ok >>> test_unpack_and_pack_match_rule (tests.test_rulelib.TestArtifactRuleUnpack) >>> Check match rule proper packing and unpacking. ... ok >>> test_unpack_generic_rule_too_long >>> (tests.test_rulelib.TestArtifactRuleUnpack) >>> Test generic rule syntax error, too many arguments. ... ok >>> test_unpack_match_rule_wrong_destination_type >>> (tests.test_rulelib.TestArtifactRuleUnpack) >>> Check match rule syntax error, wrong destination type. ... ok >>> test_unpack_match_rule_wrong_length >>> (tests.test_rulelib.TestArtifactRuleUnpack) >>> Check match rule syntax error, too few or many arguments. ... ok >>> test_unpack_match_rule_wrong_types >>> (tests.test_rulelib.TestArtifactRuleUnpack) >>> Check match rule syntax error, wrong data type in variable arguments. ... ok >>> test_unpack_rule_not_enough_keywords >>> (tests.test_rulelib.TestArtifactRuleUnpack) >>> Test rule syntax error, too little arguments. ... ok >>> test_unpack_rule_not_list (tests.test_rulelib.TestArtifactRuleUnpack) >>> Test rule syntax error, not a list. ... ok >>> test_unpack_rule_pattern_not_string >>> (tests.test_rulelib.TestArtifactRuleUnpack) >>> Test rule syntax error, pattern not a string. ... ok >>> test_unpack_rule_unknown_rule_type >>> (tests.test_rulelib.TestArtifactRuleUnpack) >>> Test generic rule syntax error, too many arguments. ... ok >>> test_UNFINISHED_FILENAME_FORMAT (tests.test_runlib.TestInTotoRecordStart) >>> Test if the unfinished filname format. ... ok >>> test_create_unfininished_metadata_verify_signature >>> (tests.test_runlib.TestInTotoRecordStart) >>> Test record start creates metadata with expected signature. ... ok >>> test_create_unfinished_metadata_with_expected_material >>> (tests.test_runlib.TestInTotoRecordStart) >>> Test record start creates metadata with expected material. ... ok >>> test_no_key_arguments (tests.test_runlib.TestInTotoRecordStart) >>> Test record start without passing one required key argument. ... ok >>> test_create_metadata_verify_signature >>> (tests.test_runlib.TestInTotoRecordStop) >>> Test record start creates metadata with expected signature. ... ok >>> test_create_metadata_with_expected_cwd >>> (tests.test_runlib.TestInTotoRecordStop) >>> Test record start/stop run, verify cwd. ... ok >>> test_create_metadata_with_expected_product >>> (tests.test_runlib.TestInTotoRecordStop) >>> Test record stop records expected product. ... ok >>> test_missing_unfinished_file (tests.test_runlib.TestInTotoRecordStop) >>> Test record stop exits on missing unfinished file, no link recorded. ... ok >>> test_no_key_arguments (tests.test_runlib.TestInTotoRecordStop) >>> Test record stop without passing one required key argument. ... ok >>> test_normalize_line_endings (tests.test_runlib.TestInTotoRecordStop) >>> Test cross-platform line ending normalization. ... ok >>> test_replace_unfinished_metadata (tests.test_runlib.TestInTotoRecordStop) >>> Test record stop removes unfinished file and creates link file. ... ok >>> test_wrong_signature_in_unfinished_metadata >>> (tests.test_runlib.TestInTotoRecordStop) >>> Test record stop exits on wrong signature, no link recorded. ... ok >>> test_in_toto_bad_signing_key_format (tests.test_runlib.TestInTotoRun) >>> Fail run, passed key is not properly formatted. ... ok >>> test_in_toto_run_compare_dumped_with_returned_link >>> (tests.test_runlib.TestInTotoRun) >>> Successfully run, compare dumped link is equal to returned link. ... ok >>> test_in_toto_run_no_signature (tests.test_runlib.TestInTotoRun) >>> Successfully run, verify empty signature field. ... ok >>> test_in_toto_run_verify_recorded_artifacts (tests.test_runlib.TestInTotoRun) >>> Successfully run, verify properly recorded artifacts. ... ok >>> test_in_toto_run_verify_signature (tests.test_runlib.TestInTotoRun) >>> Successfully run, verify signed metadata. ... ok >>> test_in_toto_run_verify_workdir (tests.test_runlib.TestInTotoRun) >>> Successfully run, verify cwd. ... ok >>> test_in_toto_run_with_byproduct (tests.test_runlib.TestInTotoRun) >>> Successfully run, verify recorded byproduct. ... ok >>> test_in_toto_run_without_byproduct (tests.test_runlib.TestInTotoRun) >>> Successfully run, verify byproduct is not recorded. ... ok >>> test_in_toto_wrong_key (tests.test_runlib.TestInTotoRun) >>> Fail run, passed key is a public key. ... ok >>> test_normalize_line_endings (tests.test_runlib.TestInTotoRun) >>> Test cross-platform line ending normalization. ... ok >>> test_bad_artifact_exclude_patterns_setting >>> (tests.test_runlib.TestRecordArtifactsAsDict) >>> Raise exception with bogus artifact exclude patterns settings. ... ok >>> test_bad_base_path_setting (tests.test_runlib.TestRecordArtifactsAsDict) >>> Raise exception with bogus base path settings. ... ok >>> test_base_path_is_child_dir (tests.test_runlib.TestRecordArtifactsAsDict) >>> Test path of recorded artifacts and cd back with child as base. ... ok >>> test_base_path_is_parent_dir (tests.test_runlib.TestRecordArtifactsAsDict) >>> Test path of recorded artifacts and cd back with parent as base. ... ok >>> test_empty_artifacts_list_record_nothing >>> (tests.test_runlib.TestRecordArtifactsAsDict) >>> Empty list passed. Return empty dict. ... ok >>> test_exclude_patterns (tests.test_runlib.TestRecordArtifactsAsDict) >>> Test excluding artifacts using passed pattern or setting. ... ok >>> test_hash_artifact_passing_algorithm >>> (tests.test_runlib.TestRecordArtifactsAsDict) >>> Test _hash_artifact passing hash algorithm. ... ok >>> test_lstrip_paths_invalid_prefix_directory >>> (tests.test_runlib.TestRecordArtifactsAsDict) ... ok >>> test_lstrip_paths_non_unique_key >>> (tests.test_runlib.TestRecordArtifactsAsDict) ... ok >>> test_lstrip_paths_non_unique_key_file >>> (tests.test_runlib.TestRecordArtifactsAsDict) ... ok >>> test_lstrip_paths_substring_prefix_directory >>> (tests.test_runlib.TestRecordArtifactsAsDict) ... ok >>> test_lstrip_paths_valid_prefix_directory >>> (tests.test_runlib.TestRecordArtifactsAsDict) ... ok >>> test_lstrip_paths_valid_prefix_file >>> (tests.test_runlib.TestRecordArtifactsAsDict) ... ok >>> test_lstrip_paths_valid_unicode_prefix_file >>> (tests.test_runlib.TestRecordArtifactsAsDict) ... ok >>> test_not_existing_artifacts_in_list_record_nothing >>> (tests.test_runlib.TestRecordArtifactsAsDict) >>> List with not existing artifact passed. Return empty dict. ... ok >>> test_record_dot_check_files_hash_dict_schema >>> (tests.test_runlib.TestRecordArtifactsAsDict) >>> Traverse dir and subdirs. Record three files. ... ok >>> test_record_files_and_subdirs (tests.test_runlib.TestRecordArtifactsAsDict) >>> Explicitly record files and subdirs. ... ok >>> test_record_follow_symlinked_directories >>> (tests.test_runlib.TestRecordArtifactsAsDict) >>> Record files in symlinked dirs if follow_symlink_dirs is True. ... ok >>> test_record_symlinked_files (tests.test_runlib.TestRecordArtifactsAsDict) >>> Symlinked files are always recorded. ... ok >>> test_record_without_dead_symlinks >>> (tests.test_runlib.TestRecordArtifactsAsDict) >>> Dead symlinks are never recorded. ... ok >>> test_apply_exclude_all (tests.test_runlib.Test_ApplyExcludePatterns) ... ok >>> test_apply_exclude_explict (tests.test_runlib.Test_ApplyExcludePatterns) >>> ... ok >>> test_apply_exclude_multiple_star >>> (tests.test_runlib.Test_ApplyExcludePatterns) ... ok >>> test_apply_exclude_neg_seq (tests.test_runlib.Test_ApplyExcludePatterns) >>> ... ok >>> test_apply_exclude_question_mark >>> (tests.test_runlib.Test_ApplyExcludePatterns) ... ok >>> test_apply_exclude_seq (tests.test_runlib.Test_ApplyExcludePatterns) ... ok >>> test_debug_not_true (tests.test_settings.TestSettings) >>> in_toto.settings.DEBUG should not be commited with True. ... ok >>> test_get_env (tests.test_user_settings.TestUserSettings) >>> Test environment variables parsing, prefix and colon splitting. ... ok >>> test_get_rc (tests.test_user_settings.TestUserSettings) >>> Test rcfile parsing in CWD. ... ok >>> test_set_settings (tests.test_user_settings.TestUserSettings) >>> Test precedence of rc over env and whitelisting. ... ok >>> test_create_and_import_ed25519 (tests.test_util.TestUtil) >>> Create ed25519 key and import private and public key separately. ... ok >>> test_create_and_import_encrypted_ed25519 (tests.test_util.TestUtil) >>> Create encrypted ed25519 key and import private and public key ... ok >>> test_create_and_import_encrypted_ed25519_no_password >>> (tests.test_util.TestUtil) >>> Try import encrypted ed25519 key without or wrong pw, raises ... ok >>> test_create_and_import_encrypted_rsa (tests.test_util.TestUtil) >>> Create ecrypted RSA key and import private and public key separately. ... ok >>> test_create_and_import_encrypted_rsa_no_password (tests.test_util.TestUtil) >>> Try import encrypted RSA key without or wrong pw, raises exception. ... ok >>> test_create_and_import_rsa (tests.test_util.TestUtil) >>> Create RS key and import private and public key separately. ... ok >>> test_import_ed25519_public_keys_from_files_as_dict >>> (tests.test_util.TestUtil) >>> Create and import multiple Ed25519 public keys and return KEYDICT. ... ok >>> test_import_gpg_public_keys_from_keyring_as_dict (tests.test_util.TestUtil) >>> Import gpg public keys from keyring and return KEYDICT. ... ok >>> test_import_non_existing_rsa (tests.test_util.TestUtil) >>> Try import non-existing RSA key, raises exception. ... ok >>> test_import_rsa_public_keys_from_files_as_dict (tests.test_util.TestUtil) >>> Create and import multiple rsa public keys and return KEYDICT. ... ok >>> test_import_rsa_wrong_format (tests.test_util.TestUtil) >>> Try import wrongly formatted RSA key, raises exception. ... ok >>> test_prompt_create_and_import_encrypted_rsa (tests.test_util.TestUtil) >>> Create and import password encrypted RSA using prompt input. ... ok >>> test_prompt_password (tests.test_util.TestUtil) >>> Call password prompt. ... ok >>> test_unrecognized_key_type (tests.test_util.TestUtil) >>> Trigger UnsupportedKeyTypeError. ... ok >>> test_get_summary_link_from_demo_layout >>> (tests.test_verifylib.TestGetSummaryLink) >>> Create summary link from demo link files and compare properties. ... ok >>> test_verify_failing_bad_signature (tests.test_verifylib.TestInTotoVerify) >>> Test fail verification with bad layout signature. ... ok >>> test_verify_failing_inspection_exits_non_zero >>> (tests.test_verifylib.TestInTotoVerify) >>> Test fail verification with inspection returning non-zero. ... ok >>> test_verify_failing_inspection_rules (tests.test_verifylib.TestInTotoVerify) >>> Test fail verification with failing inspection artifact rule. ... ok >>> test_verify_failing_layout_expired (tests.test_verifylib.TestInTotoVerify) >>> Test fail verification with expired layout. ... ok >>> test_verify_failing_link_metadata_files >>> (tests.test_verifylib.TestInTotoVerify) >>> Test fail verification with link metadata files not found. ... ok >>> test_verify_failing_step_rules (tests.test_verifylib.TestInTotoVerify) >>> Test fail verification with failing step artifact rule. ... ok >>> test_verify_failing_wrong_key (tests.test_verifylib.TestInTotoVerify) >>> Test fail verification with wrong layout key. ... ok >>> test_verify_layout_signatures_fail_with_malformed_signature >>> (tests.test_verifylib.TestInTotoVerify) >>> Layout signature verification fails with malformed signatures. ... ok >>> test_verify_layout_signatures_fail_with_no_keys >>> (tests.test_verifylib.TestInTotoVerify) >>> Layout signature verification fails when no keys are passed. ... ok >>> test_verify_passing (tests.test_verifylib.TestInTotoVerify) >>> Test pass verification of single-signed layout. ... ok >>> test_verify_passing_double_signed_layout >>> (tests.test_verifylib.TestInTotoVerify) >>> Test pass verification of double-signed layout. ... ok >>> test_verify_passing_empty_layout (tests.test_verifylib.TestInTotoVerify) >>> Test pass verification of layout without steps or inspections. ... ok >>> test_verify_multi_level_sublayout >>> (tests.test_verifylib.TestInTotoVerifyMultiLevelSublayouts) ... ok >>> test_threshold_constraints_fail_with_not_enough_links >>> (tests.test_verifylib.TestInTotoVerifyThresholds) >>> Fail with not enough links. ... ok >>> test_threshold_constraints_fail_with_unequal_links >>> (tests.test_verifylib.TestInTotoVerifyThresholds) >>> Test that the links for a step recorded the same artifacts. ... ok >>> test_threshold_constraints_pas_with_equal_links >>> (tests.test_verifylib.TestInTotoVerifyThresholds) >>> Pass threshold constraint verification with equal links. ... ok >>> test_thresholds_fail_with_not_enough_valid_links >>> (tests.test_verifylib.TestInTotoVerifyThresholds) >>> Fail with not enough authorized links. ... ok >>> test_thresholds_skip_links_with_failing_signature >>> (tests.test_verifylib.TestInTotoVerifyThresholds) >>> Ignore links with failing signatures. ... ok >>> test_thresholds_skip_unauthorized_links >>> (tests.test_verifylib.TestInTotoVerifyThresholds) >>> Ignore links with unauthorized signatures. ... ok >>> test_verify_link_signature_thresholds__M_M_M >>> (tests.test_verifylib.TestInTotoVerifyThresholdsGpgSubkeys) >>> Normal scenario. ... ok >>> test_verify_link_signature_thresholds__M_M_S__M_S_M__M_S_S >>> (tests.test_verifylib.TestInTotoVerifyThresholdsGpgSubkeys) >>> Cannot sign with master key if subkey is present. ... ok >>> test_verify_link_signature_thresholds__S_M_M >>> (tests.test_verifylib.TestInTotoVerifyThresholdsGpgSubkeys) >>> Allowed trust delegation. ... ok >>> test_verify_link_signature_thresholds__S_M_S >>> (tests.test_verifylib.TestInTotoVerifyThresholdsGpgSubkeys) >>> Cannot associate keys. ... ok >>> test_verify_link_signature_thresholds__S_S_M >>> (tests.test_verifylib.TestInTotoVerifyThresholdsGpgSubkeys) >>> No trust delegation and can find key in key store. ... ok >>> test_verify_link_signature_thresholds__S_S_S >>> (tests.test_verifylib.TestInTotoVerifyThresholdsGpgSubkeys) >>> Generalizes to normal scenario. ... ok >>> test_verify_subkey_thresholds >>> (tests.test_verifylib.TestInTotoVerifyThresholdsGpgSubkeys) >>> Subkeys of same main key count only once towards threshold. ... ok >>> test_verify_thresholds_skip_expired_key >>> (tests.test_verifylib.TestInTotoVerifyThresholdsGpgSubkeys) >>> Verify that a link signed with an expired key is skipped. ... ok >>> test_inpsection_artifacts_with_base_path_ignored >>> (tests.test_verifylib.TestRunAllInspections) >>> Create new dummy test dir and set as base path, must ignore. ... ok >>> test_inspection_fail_with_non_zero_retval >>> (tests.test_verifylib.TestRunAllInspections) >>> Test fail run inspections with non-zero return value. ... ok >>> test_verify_sublayout_match_rule >>> (tests.test_verifylib.TestSublayoutVerificationMatchRule) ... ok >>> test_pass_verify_all_inspection_rules >>> (tests.test_verifylib.TestVerifyAllItemRules) >>> Pass rule verification for dummy supply chain Inspections. ... ok >>> test_pass_verify_all_step_rules >>> (tests.test_verifylib.TestVerifyAllItemRules) >>> Pass rule verification for dummy supply chain Steps. ... ok >>> test_commands_align (tests.test_verifylib.TestVerifyCommandAlignment) >>> Cmd and expected cmd are equal, passes. ... ok >>> test_commands_do_not_align_at_all_log_warning >>> (tests.test_verifylib.TestVerifyCommandAlignment) >>> Cmd and expected cmd differ completely. ... ok >>> test_commands_do_not_fully_align_log_warning >>> (tests.test_verifylib.TestVerifyCommandAlignment) >>> Cmd and expected cmd differ slightly. ... ok >>> test_fail_disallow_not_consumed_artifacts >>> (tests.test_verifylib.TestVerifyItemRules) >>> Fail with not consumed artifacts and terminal DISALLOW. ... ok >>> test_fail_wrong_source_type (tests.test_verifylib.TestVerifyItemRules) >>> Fail with wrong source_type. ... ok >>> test_pass_not_consumed_artifacts (tests.test_verifylib.TestVerifyItemRules) >>> Pass with not consumed artifacts and implicit terminal ALLOW * ... ok >>> test_pass_rules_with_each_rule_type >>> (tests.test_verifylib.TestVerifyItemRules) >>> Pass with list of rules of each rule type. ... ok >>> test_verify_match_rule (tests.test_verifylib.TestVerifyMatchRule) ... ok >>> test_verify_allow_rule (tests.test_verifylib.TestVerifyRule) >>> Test verifylib.verify_allow_rule. ... ok >>> test_verify_create_rule (tests.test_verifylib.TestVerifyRule) >>> Test verifylib.verify_create_rule. ... ok >>> test_verify_delete_rule (tests.test_verifylib.TestVerifyRule) >>> Test verifylib.verify_delete_rule. ... ok >>> test_verify_disallow_rule (tests.test_verifylib.TestVerifyRule) >>> Test verifylib.verify_disallow_rule. ... ok >>> test_verify_modify_rule (tests.test_verifylib.TestVerifyRule) >>> Test verifylib.verify_modify_rule. ... ok >>> test_verify_require_rule (tests.test_verifylib.TestVerifyRule) >>> Test verifylib.verify_require_rule. ... ok >>> test_verify_demo_as_sublayout (tests.test_verifylib.TestVerifySublayouts) >>> Test super layout's passing sublayout verification. ... ok >>> test_non_int_return_value (tests.test_verifylib.Test_RaiseOnBadRetval) >>> Raise exception on non-int return value. ... ok >>> test_non_zero_return_value (tests.test_verifylib.Test_RaiseOnBadRetval) >>> Raise exception on non-zero return value. ... ok >>> test_zero_return_value (tests.test_verifylib.Test_RaiseOnBadRetval) >>> Don't raise exception on zero return value. ... ok >>> >>> ====================================================================== >>> ERROR: test_gpg_export_pubkey (tests.test_gpg.TestGPGDSA) >>> export a public key and make sure the parameters are the right ones: >>> ---------------------------------------------------------------------- >>> Traceback (most recent call last): >>> File "/<<PKGBUILDDIR>>/tests/test_gpg.py", line 663, in >>> test_gpg_export_pubkey >>> ssh_key = serialization.load_ssh_public_key(keydata, >>> File >>> "/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/serialization/ssh.py", >>> line 655, in load_ssh_public_key >>> public_key, data = kformat.load_public(key_type, data, backend) >>> File >>> "/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/serialization/ssh.py", >>> line 296, in load_public >>> self._validate(public_numbers) >>> File >>> "/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/serialization/ssh.py", >>> line 333, in _validate >>> raise ValueError("SSH supports only 1024 bit DSA keys") >>> ValueError: SSH supports only 1024 bit DSA keys >>> >>> ---------------------------------------------------------------------- >>> Ran 240 tests in 9.805s >>> >>> FAILED (errors=1) >>> make[1]: *** [debian/rules:12: override_dh_auto_test] Error 1 >> >> The full build log is available from: >> >> https://urldefense.proofpoint.com/v2/url?u=http-3A__qa-2Dlogs.debian.net_2020_08_02_in-2Dtoto-5F0.4.0-2D2-5Funstable.log&d=DwIBaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=2YMLsMLCML1EOEAeVc1Mhx6J99vqRVHSnZUnatehIDg&m=DoOD8xFlVZmGKyAn9JKxzjiYHsiCPqe7GspXlCQo8OU&s=4SlRooRpLorYtFgAKTxF5bWZhQTX6yzM6wJ2WbqAsIo&e= >> >> >> A list of current common problems and possible solutions is available at >> https://urldefense.proofpoint.com/v2/url?u=http-3A__wiki.debian.org_qa.debian.org_FTBFS&d=DwIBaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=2YMLsMLCML1EOEAeVc1Mhx6J99vqRVHSnZUnatehIDg&m=DoOD8xFlVZmGKyAn9JKxzjiYHsiCPqe7GspXlCQo8OU&s=pVWIYuGY2AwrijwLcIBu4YEGpSwPkN8s3xq6B5cD2UY&e= >> . You're welcome to contribute! >> >> About the archive rebuild: The rebuild was done on EC2 VM instances from >> Amazon Web Services, using a clean, minimal and up-to-date chroot. Every >> failed build was retried once to eliminate random failures. >> > -- lukas.puehrin...@nyu.edu PGP fingerprint: 8BA6 9B87 D43B E294 F23E 8120 89A2 AD3C 07D9 62E8
signature.asc
Description: OpenPGP digital signature
