Bug #3338
closed
macOS Keychain tests are executed even with --without-osx-keychain
100%
Description
ndn-cxx:commit:bd2cedbefd37be734f8cbd692e6c72c5d2f31122
Steps to reproduce:
./waf configure --with-tests --debug --without-pch --without-osx-keychain --enable-static --disable-shared./wafbuild/unit-tests -l test_suite
Expected: no test failure
Actual: test failures in Security/Tpm/TestBackEnd, Security/V1/TestKeyChain/ConstructorEmptyConfig, Security/V1/TestSecTpmOsx/Delete, Security/V1/TestSecTpmOsx/SignVerify
Updated by Junxiao Shi almost 9 years ago
Root cause:
In ndn-cxx-config.hpp, NDN_CXX_HAVE_OSX_SECURITY denotes whether OSX Security Framework is available which depends on a feature detection, and NDN_CXX_WITH_OSX_KEYCHAIN denotes whether OSX Keychain is enabled which depends on --without-osx-keychain option.
The compilation of src/**/*-osx.cpp and their test suites depends on NDN_CXX_HAVE_OSX_SECURITY.
KeyChain class picks a TPM based on NDN_CXX_WITH_OSX_KEYCHAIN, but its test suite incorrectly uses NDN_CXX_HAVE_OSX_SECURITY to compute the expected value, failing SecurityKeyChain/ConstructorEmptyConfig test case.
I'm unsure what's causing failures in SecuritySecTpmOsx test suite. Failures persist even after build/bin/ndnsec unlock-tpm.
Recommended solution:
If --without-osx-keychain is specified, don't compile **/*-osx.cpp and their test suites, and have all code path depend on NDN_CXX_WITH_OSX_KEYCHAIN only.
Updated by Alex Afanasyev almost 9 years ago
without-osx-keychain configure flag does not disable OS KeyChain, it removes it from being a default TPM.
The failures could be because of something is wrong with PIB database (e.g., leftover from a library compiled with OSX KeyChain by default).
Updated by Junxiao Shi almost 9 years ago
without-osx-keychainconfigure flag does not disable OS KeyChain, it removes it from being a default TPM.
This is confusing. --without means "don't build" in most other projects, not "build but don't set as default".
The failures could be because of something is wrong with PIB database (e.g., leftover from a library compiled with OSX KeyChain by default).
The same machine does have an installation of ndn-cxx with OSX Keychain as default, but the ndn-cxx repository where unit tests are executed on is a fresh clone.
Shouldn't unit testing use TEST_HOME within the repository directory? It shouldn't affect anything in my regular HOME directory.
Updated by Davide Pesavento almost 9 years ago
Junxiao Shi wrote:
without-osx-keychainconfigure flag does not disable OS KeyChain, it removes it from being a default TPM.This is confusing.
--withoutmeans "don't build" in most other projects, not "build but don't set as default".
Agreed.
Shouldn't unit testing use TEST_HOME within the repository directory? It shouldn't affect anything in my regular HOME directory.
I strongly agree. Touching, or even looking at, the content of the home directory of the current user is a very bad idea. I don't know how these tests are structured, but if they're using the $HOME environment variable, we should at least tell people to override it before running the unit tests. (btw this affects Linux too)
Updated by Junxiao Shi over 7 years ago
- Description updated (diff)
- Target version changed from v0.5 to v0.6
unknown location:0: fatal error: in "Security/Tpm/TestBackEnd/KeyManagement<ndn__security__tpm__tests__BackEndWrapperOsx>": signal: SIGABRT (application abort requested)
unknown location:0: fatal error: in "Security/Tpm/TestBackEnd/RsaSigning<ndn__security__tpm__tests__BackEndWrapperOsx>": signal: SIGABRT (application abort requested)
unknown location:0: fatal error: in "Security/Tpm/TestBackEnd/RsaDecryption<ndn__security__tpm__tests__BackEndWrapperOsx>": signal: SIGABRT (application abort requested)
unknown location:0: fatal error: in "Security/Tpm/TestBackEnd/EcdsaSigning<ndn__security__tpm__tests__BackEndWrapperOsx>": signal: SIGABRT (application abort requested)
../tests/unit-tests/security/tpm/back-end.t.cpp:227: fatal error: in "Security/Tpm/TestBackEnd/ImportExport<ndn__security__tpm__tests__BackEndWrapperOsx>": unexpected exception thrown by tpm.importKey(keyName, privateKeyBuffer->buf(), privateKeyBuffer->size(), password.c_str(), password.size())
../tests/unit-tests/security/v1/key-chain.t.cpp:104: error: in "Security/V1/TestKeyChain/ConstructorEmptyConfig": check keyChain.getPib().getTpmLocator() == "tpm-osxkeychain:" has failed [tpm-file: != tpm-osxkeychain:]
../tests/unit-tests/security/v1/key-chain.t.cpp:105: error: in "Security/V1/TestKeyChain/ConstructorEmptyConfig": check keyChain.getTpm().getTpmLocator() == "tpm-osxkeychain:" has failed [tpm-file: != tpm-osxkeychain:]
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:78: error: in "Security/V1/TestSecTpmOsx/Delete": unexpected exception thrown by tpm.generateKeyPairInTpm(keyName, params)
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:80: fatal error: in "Security/V1/TestSecTpmOsx/Delete": critical check tpm.doesKeyExistInTpm(keyName, KeyClass::PUBLIC) == true has failed [false != true]
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:97: error: in "Security/V1/TestSecTpmOsx/SignVerify": unexpected exception thrown by tpm.generateKeyPairInTpm(keyName, params)
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:104: error: in "Security/V1/TestSecTpmOsx/SignVerify": unexpected exception thrown by sigBlock = tpm.signInTpm(content, sizeof(content), keyName, DigestAlgorithm::SHA256)
../tests/unit-tests/security/v1/sec-tpm-osx.t.cpp:107: error: in "Security/V1/TestSecTpmOsx/SignVerify": unexpected exception thrown by publicKey = tpm.getPublicKeyFromTpm(keyName)
unknown location:0: fatal error: in "Security/V1/TestSecTpmOsx/SignVerify": memory access violation at address: 0x00000008: no mapping at fault address
Updated by Davide Pesavento over 6 years ago
- Subject changed from OSX Keychain tests are executed with --without-osx-keychain to OSX Keychain tests are executed even with --without-osx-keychain
- Target version changed from v0.6 to v0.7
- Start date deleted (
11/13/2015)
Updated by Davide Pesavento over 5 years ago
- Subject changed from OSX Keychain tests are executed even with --without-osx-keychain to macOS Keychain tests are executed even with --without-osx-keychain
- Target version deleted (
v0.7)
Updated by Davide Pesavento over 4 years ago
- Tags changed from unit-tests to unit-tests, macOS
Updated by Davide Pesavento over 2 years ago
- Status changed from New to In Progress
- Assignee set to Davide Pesavento
- Target version set to 0.8.1
Updated by Davide Pesavento over 2 years ago
- Status changed from In Progress to Code review
- % Done changed from 0 to 100
Updated by Davide Pesavento about 2 years ago
- Status changed from Code review to Closed
This fixes the immediate issue of the test failures when configured with --without-osx-keychain. Renaming the option and/or adding a separate option to disable compilation of the OSX backend altogether can be considered a separate issue (personally I'm not sure if there's much value, but I'm not opposed to the idea).