Ubuntu
php-dapphp-radius package

FTBFS - test failures due to disabled openssl 3 legacy providers

Bug #1964514 reported by Athos Ribeiro
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php-dapphp-radius (Debian)
Fix Released
Unknown
php-dapphp-radius (Ubuntu)
Fix Released
Undecided
Simon Chopin

Bug Description

php-dapphp-radius currently FTBFS [1].

The attached patch fixes the build and dep8 tests by enabling the OpenSSL 3 legacy provider through the OPENSSL_CONFIG environment variable.

The package does not FTBFS in Debian since debian have not shifted to OpenSSL 3 yet. Therefore, I´d like to include this delta for jammy.

Also note that there are no new features being introduced here. Hence, there should be no need for a FFe for this one.

[1]: as per https://launchpadlibrarian.net/589175357/buildlog_ubuntu-jammy-amd64.php-dapphp-radius_2.5.8-1_BUILDING.txt.gz

phpunit --include-path lib
PHPUnit 9.5.10 by Sebastian Bergmann and contributors.

....F.F...F.S 13 / 13 (100%)

Time: 00:00.006, Memory: 6.00 MB

There were 3 failures:

1) ClientTest::testCryptCHAPMSv1
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'5f169b7d8176516f8092bce99008e097febfed2f043ec04e'
+''

/<<PKGBUILDDIR>>/tests/ClientTest.php:107

2) ClientTest::testCryptCHAPMSv2
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'a3d12ce2f52d13fe04421205a2ce17b0e559ea8a9e594c1c'
+''

/<<PKGBUILDDIR>>/tests/ClientTest.php:145

3) ClientTest::testMsChapV1Packet
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'01870082093e4ad125399f8ac4ba6b00ab69a04001066e656d6f04067f000001050600000014501248a3704ac91e8191497a1f3f213eb3381a10000001370b0a740c7921e45e91391a3a00000137013400010000000000000000000000000000000000000000000000004521bd46aebfd2ab3ec21dd6e6bbfa2e4ff325eab720fe37'
+'0187006a093e4ad125399f8ac4ba6b00ab69a04001066e656d6f04067f0000010506000000145012467e2ad6e452c8bfbb8ca80ff167196e1a10000001370b0a740c7921e45e91391a2200000137011c0001000000000000000000000000000000000000000000000000'

/<<PKGBUILDDIR>>/tests/ClientTest.php:246

FAILURES!
Tests: 13, Assertions: 28, Failures: 3, Skipped: 1.
make[1]: *** [debian/rules:21: override_dh_auto_test] Error 1

See original description
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :
description: updated
Simon Chopin (schopin)
Changed in php-dapphp-radius (Ubuntu):
assignee: nobody → Simon Chopin (schopin)
status: New → In Progress
Revision history for this message
Simon Chopin (schopin) wrote :

Hi there :)

The attached debdiff doesn't seem to fix things, as I get the exact same failures when building with a -proposed enabled sbuild.

However, you were well inspired by asking me to sponsor this one, since it seems the failure is actually OpenSSL-3 related. MSCHAP is an old protocol that relies on DES, which has mostly been relegated to the legacy provider in OpenSSL 3.

Sadly, it seems PHP 8.1 doesn't have builtin support for loading third-party providers in the code, but I'm guessing we can work around that by exporting the right environment variables, in this case
OPENSSL_CONFIG, along with a properly crafted config file looking like this:

openssl_conf = openssl_init

[openssl_init]
providers = provider_sect

[provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1

[legacy_sect]
activate = 1

Simon Chopin (schopin)
Changed in php-dapphp-radius (Ubuntu):
status: In Progress → Incomplete
assignee: Simon Chopin (schopin) → nobody
assignee: nobody → Athos Ribeiro (athos-ribeiro)
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Thanks, Simon.

It is an unfortunate combination going on here:

Debian has php 8.1 in unstable, but no openssl 3. Ubuntu has openssl 3 in jammy, but no php 8.1 (it is still in -proposed).

Nice catch on that one, and yes, it was a good coincidence to have you reviewing this one :)

I will address the issue and update this bug accordingly. Thank you!

Simon Chopin (schopin)
tags: added: transition-openssl3-jj
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Hi Simon,

I updated the patch (attached) to reflect your findings on the FTBFS issue. I also built the package with the changes in a PPA at

https://launchpad.net/~athos-ribeiro/+archive/ubuntu/lp1964514-php-dapphp-radius-openssl3/+packages

I will proceed to update this bug description to better reflect what has been discussed here and I will also go on and forward this patch to Debian.

Note that I created a debian/NEWS entry to describe the issue so users know what to do to use the legacy providers.

I did run the dep8 test suite locally, here is the test summary:

autopkgtest [14:27:09]: @@@@@@@@@@@@@@@@@@@@ summary
command1 PASS

summary: - FTBFS - test failures due to php 8 support missing
+ FTBFS - test failures due to disabled openssl 3 legacy providers
Athos Ribeiro (athos-ribeiro)
description: updated
Changed in php-dapphp-radius (Ubuntu):
status: Incomplete → In Progress
status: In Progress → Confirmed
assignee: Athos Ribeiro (athos-ribeiro) → Simon Chopin (schopin)
Bug Watch Updater (bug-watch-updater)
Changed in php-dapphp-radius (Debian):
status: Unknown → New
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Salsa MR (merged): https://salsa.debian.org/php-team/pear/php-dapphp-radius/-/merge_requests/2

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Hi Simon,

As discussed offline, I had been investigating the issue with the install vs cp change introduced in the autopkgtest tests here.

I can no longer reproduce the issue locally, but I suspect this may have todo with the "rw-build-tree" restriction (I am using autopkgtest 5.20 in jammy).

Therefore, I am removing that specific change, since I just added it to reduce that test command chain.

Revision history for this message
Simon Chopin (schopin) wrote :

Uploaded, thanks!

Athos Ribeiro (athos-ribeiro)
Changed in php-dapphp-radius (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php-dapphp-radius - 2.5.8-1ubuntu1

---------------
php-dapphp-radius (2.5.8-1ubuntu1) jammy; urgency=medium

  * Enable OpenSSL legacy providers during tests. (LP: #1964514)
    - d/rules: enable legacy providers in dh_auto_test.
    - d/t/control: enable legacy providers for dep8 tests.
    - d/t/openssl.conf: add configuration to enable legacy providers.

 -- Athos Ribeiro <email address hidden> Fri, 11 Mar 2022 11:29:07 -0300

Changed in php-dapphp-radius (Ubuntu):
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in php-dapphp-radius (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.