| Message ID | 20230214210035.585395-1-pvorel@suse.cz (mailing list archive) |
|---|---|
| Headers | show |
| Series | CI: Tumbleweed openSSL fix | expand |
> Tested: > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359/jobs/7236222413 NOTE: I cannot test this on Travis. Kind regards, Petr > Petr Vorel (3): > tests/install-swtpm.sh: Update ibmswtpm2 to 1682 > github: travis: Remove COMPILE_SSL from tumbleweed > github: Put openSSL build into own section > .github/workflows/ci.yml | 8 ++++++-- > .travis.yml | 2 +- > tests/install-swtpm.sh | 2 +- > 3 files changed, 8 insertions(+), 4 deletions(-)
Hi Mimi, > Tested: > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359/jobs/7236222413 Thanks for merging this. My test was working: https://github.com/pevik/ima-evm-utils/actions/runs/4177976359 But the same code now fails for Fedora. I wonder what exactly is wrong now: https://github.com/mimizohar/ima-evm-utils/actions/runs/4188686859/jobs/7260231106 https://github.com/pevik/ima-evm-utils/actions/runs/4188761663/jobs/7260289846 FAIL: fsverity ============== which: no fsverity in (../src:../fsverity-utils:/github/home/ima-evm-utils-install/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin) dd is /usr/bin/dd mkfs is /usr/sbin/mkfs blkid is /usr/sbin/blkid e2fsck is /usr/sbin/e2fsck tune2fs is /usr/sbin/tune2fs evmctl is ../src/evmctl setfattr is /usr/bin/setfattr ./functions.sh: line 90: ../linux: No such file or directory ================================= Run with FAILEARLY=1 ./fsverity.test _cleanup_env cleanup To stop after first failure ================================= PASS: 0 SKIP: 0 FAIL: 1 FAIL fsverity.test (exit status: 1) FAIL: portable_signatures ========================= evmctl is /__w/ima-evm-utils/ima-evm-utils/tests/../src/evmctl ./functions.sh: line 90: ../linux: No such file or directory ./functions.sh: line 90: ../linux: No such file or directory Kind regards, Petr > Petr Vorel (3): > tests/install-swtpm.sh: Update ibmswtpm2 to 1682 > github: travis: Remove COMPILE_SSL from tumbleweed > github: Put openSSL build into own section > .github/workflows/ci.yml | 8 ++++++-- > .travis.yml | 2 +- > tests/install-swtpm.sh | 2 +- > 3 files changed, 8 insertions(+), 4 deletions(-)
Hi Petr, On Tue, 2023-02-14 at 22:01 +0100, Petr Vorel wrote: > > Tested: > > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359/jobs/7236222413 > > NOTE: I cannot test this on Travis. Thanks, it works on Travis.
Hi Petr, On Wed, 2023-02-15 at 23:44 +0100, Petr Vorel wrote: > Hi Mimi, > > > Tested: > > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359/jobs/7236222413 > > Thanks for merging this. I actually pushed out the patches to "next-testing" to make sure it works. In doing so, I dropped a couple of Roberto's patches, which aren't quite ready and one of mine as well. In general, I'm not sure pushing patches out to "next-integrity" should be considered "merging" quite yet. In this case, your patches are fine. (Perhaps there needs to be a better work flow.) > > My test was working: > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359 Yes, I saw. > > But the same code now fails for Fedora. > I wonder what exactly is wrong now: > https://github.com/mimizohar/ima-evm-utils/actions/runs/4188686859/jobs/7260231106 > https://github.com/pevik/ima-evm-utils/actions/runs/4188761663/jobs/7260289846 The UML kernel built properly, but for some reason the fsverity and portable_signature tests aren't finding it. > > FAIL: fsverity > ============== > > which: no fsverity in (../src:../fsverity-utils:/github/home/ima-evm-utils-install/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin) > dd is /usr/bin/dd > mkfs is /usr/sbin/mkfs > blkid is /usr/sbin/blkid > e2fsck is /usr/sbin/e2fsck > tune2fs is /usr/sbin/tune2fs > evmctl is ../src/evmctl > setfattr is /usr/bin/setfattr > ./functions.sh: line 90: ../linux: No such file or directory > ================================= > Run with FAILEARLY=1 ./fsverity.test _cleanup_env cleanup > To stop after first failure > ================================= > PASS: 0 SKIP: 0 FAIL: 1 > > FAIL fsverity.test (exit status: 1) > > FAIL: portable_signatures > ========================= > > evmctl is /__w/ima-evm-utils/ima-evm-utils/tests/../src/evmctl > ./functions.sh: line 90: ../linux: No such file or directory > ./functions.sh: line 90: ../linux: No such file or directory
On Wed, 2023-02-15 at 18:19 -0500, Mimi Zohar wrote: > Hi Petr, > > On Wed, 2023-02-15 at 23:44 +0100, Petr Vorel wrote: > > Hi Mimi, > > > > > Tested: > > > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359/jobs/7236222413 > > > > Thanks for merging this. > > I actually pushed out the patches to "next-testing" to make sure it > works. In doing so, I dropped a couple of Roberto's patches, which > aren't quite ready and one of mine as well. In general, I'm not sure > pushing patches out to "next-integrity" should be considered "merging" > quite yet. In this case, your patches are fine. (Perhaps there needs > to be a better work flow.) > > > My test was working: > > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359 > > Yes, I saw. > > > But the same code now fails for Fedora. > > I wonder what exactly is wrong now: > > https://github.com/mimizohar/ima-evm-utils/actions/runs/4188686859/jobs/7260231106 > > https://github.com/pevik/ima-evm-utils/actions/runs/4188761663/jobs/7260289846 > > The UML kernel built properly, but for some reason the fsverity and > portable_signature tests aren't finding it. It could be this (in the logs): There exist one or more cache(s) with similar key but they have different version or scope. I would try: enableCrossOsArchive: true after: uses: actions/cache@v3 with: path: key: for every step using the cache. Cache version is a hash generated for a combination of compression tool used (Gzip, Zstd, etc. based on the runner OS) and the path of directories being cached. Maybe there was some change from the time the kernel and signing key were cached. Roberto > > FAIL: fsverity > > ============== > > > > which: no fsverity in (../src:../fsverity-utils:/github/home/ima-evm-utils-install/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin) > > dd is /usr/bin/dd > > mkfs is /usr/sbin/mkfs > > blkid is /usr/sbin/blkid > > e2fsck is /usr/sbin/e2fsck > > tune2fs is /usr/sbin/tune2fs > > evmctl is ../src/evmctl > > setfattr is /usr/bin/setfattr > > ./functions.sh: line 90: ../linux: No such file or directory > > ================================= > > Run with FAILEARLY=1 ./fsverity.test _cleanup_env cleanup > > To stop after first failure > > ================================= > > PASS: 0 SKIP: 0 FAIL: 1 > > > > FAIL fsverity.test (exit status: 1) > > > > FAIL: portable_signatures > > ========================= > > > > evmctl is /__w/ima-evm-utils/ima-evm-utils/tests/../src/evmctl > > ./functions.sh: line 90: ../linux: No such file or directory > > ./functions.sh: line 90: ../linux: No such file or directory
On Thu, 2023-02-16 at 09:16 +0100, Roberto Sassu wrote: > On Wed, 2023-02-15 at 18:19 -0500, Mimi Zohar wrote: > > Hi Petr, > > > > On Wed, 2023-02-15 at 23:44 +0100, Petr Vorel wrote: > > > Hi Mimi, > > > > > > > Tested: > > > > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359/jobs/7236222413 > > > > > > Thanks for merging this. > > > > I actually pushed out the patches to "next-testing" to make sure it > > works. In doing so, I dropped a couple of Roberto's patches, which > > aren't quite ready and one of mine as well. In general, I'm not sure > > pushing patches out to "next-integrity" should be considered "merging" > > quite yet. In this case, your patches are fine. (Perhaps there needs > > to be a better work flow.) > > > > > My test was working: > > > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359 > > > > Yes, I saw. > > > > > But the same code now fails for Fedora. > > > I wonder what exactly is wrong now: > > > https://github.com/mimizohar/ima-evm-utils/actions/runs/4188686859/jobs/7260231106 > > > https://github.com/pevik/ima-evm-utils/actions/runs/4188761663/jobs/7260289846 > > > > The UML kernel built properly, but for some reason the fsverity and > > portable_signature tests aren't finding it. > > It could be this (in the logs): > > There exist one or more cache(s) with similar key but they have > different version or scope. > > I would try: > > enableCrossOsArchive: true > > after: > > uses: actions/cache@v3 > with: > path: > key: > > for every step using the cache. > > Cache version is a hash generated for a combination of compression tool > used (Gzip, Zstd, etc. based on the runner OS) and the path of > directories being cached. > > Maybe there was some change from the time the kernel and signing key > were cached. Adding "enableCrossOsArchive: true" didn't help, nor did clearing the cache. Mimi > > > > FAIL: fsverity > > > ============== > > > > > > which: no fsverity in (../src:../fsverity-utils:/github/home/ima-evm-utils-install/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin) > > > dd is /usr/bin/dd > > > mkfs is /usr/sbin/mkfs > > > blkid is /usr/sbin/blkid > > > e2fsck is /usr/sbin/e2fsck > > > tune2fs is /usr/sbin/tune2fs > > > evmctl is ../src/evmctl > > > setfattr is /usr/bin/setfattr > > > ./functions.sh: line 90: ../linux: No such file or directory > > > ================================= > > > Run with FAILEARLY=1 ./fsverity.test _cleanup_env cleanup > > > To stop after first failure > > > ================================= > > > PASS: 0 SKIP: 0 FAIL: 1 > > > > > > FAIL fsverity.test (exit status: 1) > > > > > > FAIL: portable_signatures > > > ========================= > > > > > > evmctl is /__w/ima-evm-utils/ima-evm-utils/tests/../src/evmctl > > > ./functions.sh: line 90: ../linux: No such file or directory > > > ./functions.sh: line 90: ../linux: No such file or directory >
On Thu, 2023-02-16 at 10:29 -0500, Mimi Zohar wrote: > On Thu, 2023-02-16 at 09:16 +0100, Roberto Sassu wrote: > > On Wed, 2023-02-15 at 18:19 -0500, Mimi Zohar wrote: > > > Hi Petr, > > > > > > On Wed, 2023-02-15 at 23:44 +0100, Petr Vorel wrote: > > > > Hi Mimi, > > > > > > > > > Tested: > > > > > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359/jobs/7236222413 > > > > > > > > Thanks for merging this. > > > > > > I actually pushed out the patches to "next-testing" to make sure it > > > works. In doing so, I dropped a couple of Roberto's patches, which > > > aren't quite ready and one of mine as well. In general, I'm not sure > > > pushing patches out to "next-integrity" should be considered "merging" > > > quite yet. In this case, your patches are fine. (Perhaps there needs > > > to be a better work flow.) > > > > > > > My test was working: > > > > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359 > > > > > > Yes, I saw. > > > > > > > But the same code now fails for Fedora. > > > > I wonder what exactly is wrong now: > > > > https://github.com/mimizohar/ima-evm-utils/actions/runs/4188686859/jobs/7260231106 > > > > https://github.com/pevik/ima-evm-utils/actions/runs/4188761663/jobs/7260289846 > > > > > > The UML kernel built properly, but for some reason the fsverity and > > > portable_signature tests aren't finding it. > > > > It could be this (in the logs): > > > > There exist one or more cache(s) with similar key but they have > > different version or scope. > > > > I would try: > > > > enableCrossOsArchive: true > > > > after: > > > > uses: actions/cache@v3 > > with: > > path: > > key: > > > > for every step using the cache. > > > > Cache version is a hash generated for a combination of compression tool > > used (Gzip, Zstd, etc. based on the runner OS) and the path of > > directories being cached. > > > > Maybe there was some change from the time the kernel and signing key > > were cached. > > Adding "enableCrossOsArchive: true" didn't help, nor did clearing the > cache. FYI, with a clean cache, but without any changes, this seems to be working now. > > > > > > > > FAIL: fsverity > > > > ============== > > > > > > > > which: no fsverity in (../src:../fsverity-utils:/github/home/ima-evm-utils-install/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin) > > > > dd is /usr/bin/dd > > > > mkfs is /usr/sbin/mkfs > > > > blkid is /usr/sbin/blkid > > > > e2fsck is /usr/sbin/e2fsck > > > > tune2fs is /usr/sbin/tune2fs > > > > evmctl is ../src/evmctl > > > > setfattr is /usr/bin/setfattr > > > > ./functions.sh: line 90: ../linux: No such file or directory > > > > ================================= > > > > Run with FAILEARLY=1 ./fsverity.test _cleanup_env cleanup > > > > To stop after first failure > > > > ================================= > > > > PASS: 0 SKIP: 0 FAIL: 1 > > > > > > > > FAIL fsverity.test (exit status: 1) > > > > > > > > FAIL: portable_signatures > > > > ========================= > > > > > > > > evmctl is /__w/ima-evm-utils/ima-evm-utils/tests/../src/evmctl > > > > ./functions.sh: line 90: ../linux: No such file or directory > > > > ./functions.sh: line 90: ../linux: No such file or directory > > > >
On Mon, 2023-02-20 at 08:17 -0500, Mimi Zohar wrote: > On Thu, 2023-02-16 at 10:29 -0500, Mimi Zohar wrote: > > On Thu, 2023-02-16 at 09:16 +0100, Roberto Sassu wrote: > > > On Wed, 2023-02-15 at 18:19 -0500, Mimi Zohar wrote: > > > > Hi Petr, > > > > > > > > On Wed, 2023-02-15 at 23:44 +0100, Petr Vorel wrote: > > > > > Hi Mimi, > > > > > > > > > > > Tested: > > > > > > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359/jobs/7236222413 > > > > > > > > > > Thanks for merging this. > > > > > > > > I actually pushed out the patches to "next-testing" to make sure it > > > > works. In doing so, I dropped a couple of Roberto's patches, which > > > > aren't quite ready and one of mine as well. In general, I'm not sure > > > > pushing patches out to "next-integrity" should be considered "merging" > > > > quite yet. In this case, your patches are fine. (Perhaps there needs > > > > to be a better work flow.) > > > > > > > > > My test was working: > > > > > https://github.com/pevik/ima-evm-utils/actions/runs/4177976359 > > > > > > > > Yes, I saw. > > > > > > > > > But the same code now fails for Fedora. > > > > > I wonder what exactly is wrong now: > > > > > https://github.com/mimizohar/ima-evm-utils/actions/runs/4188686859/jobs/7260231106 > > > > > https://github.com/pevik/ima-evm-utils/actions/runs/4188761663/jobs/7260289846 > > > > > > > > The UML kernel built properly, but for some reason the fsverity and > > > > portable_signature tests aren't finding it. > > > > > > It could be this (in the logs): > > > > > > There exist one or more cache(s) with similar key but they have > > > different version or scope. > > > > > > I would try: > > > > > > enableCrossOsArchive: true > > > > > > after: > > > > > > uses: actions/cache@v3 > > > with: > > > path: > > > key: > > > > > > for every step using the cache. > > > > > > Cache version is a hash generated for a combination of compression tool > > > used (Gzip, Zstd, etc. based on the runner OS) and the path of > > > directories being cached. > > > > > > Maybe there was some change from the time the kernel and signing key > > > were cached. > > > > Adding "enableCrossOsArchive: true" didn't help, nor did clearing the > > cache. > > FYI, with a clean cache, but without any changes, this seems to be > working now. Thanks. I expected that. However, we would need to fix it (once I get some time). Roberto > > > > > > > FAIL: fsverity > > > > > ============== > > > > > > > > > > which: no fsverity in (../src:../fsverity-utils:/github/home/ima-evm-utils-install/bin:/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin) > > > > > dd is /usr/bin/dd > > > > > mkfs is /usr/sbin/mkfs > > > > > blkid is /usr/sbin/blkid > > > > > e2fsck is /usr/sbin/e2fsck > > > > > tune2fs is /usr/sbin/tune2fs > > > > > evmctl is ../src/evmctl > > > > > setfattr is /usr/bin/setfattr > > > > > ./functions.sh: line 90: ../linux: No such file or directory > > > > > ================================= > > > > > Run with FAILEARLY=1 ./fsverity.test _cleanup_env cleanup > > > > > To stop after first failure > > > > > ================================= > > > > > PASS: 0 SKIP: 0 FAIL: 1 > > > > > > > > > > FAIL fsverity.test (exit status: 1) > > > > > > > > > > FAIL: portable_signatures > > > > > ========================= > > > > > > > > > > evmctl is /__w/ima-evm-utils/ima-evm-utils/tests/../src/evmctl > > > > > ./functions.sh: line 90: ../linux: No such file or directory > > > > > ./functions.sh: line 90: ../linux: No such file or directory