Good news/Bad News
The test race in RHEL 3.4 seems to be gone ... but another ec.h failure ...
Using http://www.mindrot.org/openssh_snap/openssh-SNAP-20140827.tar.gz
OS Build_Target CC
OpenSSL BUILD TEST
============== =========================== ============================ ======
================*RHEL 3.4 i386-redhat-linux gcc 3.2.3-47
1.0.1i**a OK*1 all tests passed*
*AIX 5300-12-04 powerpc-ibm-aix5.3.0.0 gcc 4.2.0-3 0.9.8k
FAIL*1 *
*FAIL*1 missing e.h in test_sshbuf_getput_crypto*
gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare
-Wformat-security -Wno-pointer-sign -fno-strict-aliasing
-D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -I. -I.
-DSSHDIR=\"/usr/local/etc\"
-D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"
-D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\"
-D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\"
-D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\"
-D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\"
-D_PATH_SSH_PIDDIR=\"/var/run\"
-D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"
-DHAVE_CONFIG_H -c regress/unittests/sshbuf/test_sshbuf_getput_crypto.c -o
regress/unittests/sshbuf/test_sshbuf_getput_crypto.o
regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:20:24: error:
openssl/ec.h: No such file or directory
regress/unittests/sshbuf/test_sshbuf_getput_crypto.c: In function
'sshbuf_getput_crypto_tests':
regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:35: warning: unused
variable 'bn_y'
regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:35: warning: unused
variable 'bn_x'
regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:34: warning: unused
variable 's'
regress/unittests/sshbuf/test_sshbuf_getput_crypto.c:33: warning: unused
variable 'd'
make: The error code from the last command is 1.
On Mon, Aug 25, 2014 at 4:45 PM, Damien Miller <djm at mindrot.org> wrote:
> On Mon, 25 Aug 2014, Kevin Brott wrote:
>
> > > ...
> > >
> > > > *3 --without-pie # otherwise will not load openssl - which
doesn't
> use
> > > PIE
> > > > during compile on 64-bit systems
> > >
> > > We should probably find a way to delay the PIE checks until after
we
> have
> > > most dependency libraries located to catch this.
> > >
> >
> > Per IAN's comment - I tried building openssl on another x64 system
> > using ./config
> > shared instead of just ./config (builds static library) so that it
would
> > try to use -fPIC. After installing and creating an
> > /etc/ld.so.conf.d/openssl-101.conf pointing to /usr/local/ssl/lib
> > (configure pukes without this - it can't find libssl.so.1.0.0 even
with
> an
> > explicit --with-ssl-dir) ... configure works as advertised without
> telling
> > it --without-pie, and make test is 'all tests passed'.
Perhaps a quick
> > check to see if libssl is a static or shared library would be in order
> > before asking for a slice of pie? ;p
>
> Yes, the only impediment to doing it before this release are 1) making it
> work cross-platform (simply delaying the PIE checks until after OpenSSL
> has been located might be sufficient for this) and 2) not breaking
> anything else in the process (unfortunately, delaying the OpenSSL checks
> would almost certainly break something)
>
> > > any clues in regress/failed-*?
> > >
> > >
> > Brought that VM back up (admittedly I didn't look too deep at this
one -
> > was trying to get through the test suite first), looking at those
files I
> > see this:
> >
> > # ls -alrt failed-*
> > -rw-r--r-- 1 root root 308 Aug 25 09:05 failed-ssh.log
> > -rw-r--r-- 1 root root 236 Aug 25 09:05
failed-sshd.log
> > -rw-r--r-- 1 root root 89 Aug 25 09:05
> failed-regress.log
> > [root at buildhost regress]# cat failed-regress.log
> > trace: wait for sshd
> > FAIL: ssh connect after login grace timeout failed without privsep
> >
> > [root at buildhost regress]# cat failed-sshd.log
> > trace: wait for sshd
> > Received signal 15; terminating.
> > debug2: channel 0: rcvd close
> > Received disconnect from 127.0.0.1: 11: disconnected by user
> > debug1: do_cleanup
> > FAIL: ssh connect after login grace timeout failed without privsep
> >
> > [root at buildhost regress]# cat failed-ssh.log
> > trace: wait for sshd
> > debug2: ssh_connect: needpriv 0
> > debug1: Connecting to 127.0.0.1 [127.0.0.1] port 4242.
> > debug1: connect to address 127.0.0.1 port 4242: Connection refused
> > ssh: connect to host 127.0.0.1 port 4242: Connection refused
> > FAIL: ssh connect after login grace timeout failed without privsep
> >
> > Need to dig through my email archives - I would swear this is a
> > (previously fixed) race in the test suite where it wasn't waiting
> properly.
>
> Yes, this was supposed to "fix" it
>
> - djm at cvs.openbsd.org 2014/03/13 20:44:49
> [login-timeout.sh]
> this test is a sorry mess of race conditions; add another sleep
> to avoid a failure on slow machines (at least until I find a
> better way)
>
> Guess I'll have to look for that "better way" soon...
>
> -d
>
--
# include <stddisclaimer.h>
/* Kevin Brott <Kevin.Brott at gmail.com> */