Problems with test scripts

[dengert]

Problem Description

Proposed Resolution

Steps to reproduce

Logs

[dengert]

It looks like -github/test-oseid.sh should use restart-pcscd.sh as this appears to affect test-openpgp.sh

I will leave this up to @Jakuje

Something like:

@@ -28,7 +28,9 @@ sudo mv tmp/reader.conf /etc/reader.conf.d/reader.conf
 cat /etc/reader.conf.d/reader.conf
 popd
 
-sudo /etc/init.d/pcscd restart
+# prepare pcscd
+. .github/restart-pcscd.sh
+
 
 # Needed for tput to not report warnings
 export TERM=xterm-256color
@@ -65,7 +67,5 @@ $VALGRIND ./p11test -s 0 -p 11111111 -o oseid.json
 diff -u3 oseid_ref.json oseid.json
 popd
 
-# cleanup -- this would break later uses of pcscd
-kill -9 $PID
 rm oseid/src/card_mem
 sudo rm /etc/reader.conf.d/reader.conf

[Jakuje]

@dengert Can you clarify what is the issue? We could update the oseid test to use the script as in the other tests. The https://github.com/OpenSC/OpenSC/blob/master/.github/restart-pcscd.sh does slightly more than is done in the oseid test, but it is mostly maintained by @popovec so I would keep it up to him if he uses the script for some local testing where using the above script would interfere.

[popovec]

I noticed that sometimes test-openpgp fails. However, I can't say why it happens like that. If this can be prevented by restarting pcscd in test-oseid.sh script, I have no problem with it. Is the following solution suitable?

popovec@2747fcf

[dengert]

I have noticed it too.
Are some of these tests running in parallel on the same machine?
And if one test kills pcscd it could affect another test?

Since test-oseid.sh is the only test not using restart-pcscd.sh and it does a kill that looked like a problem.

[popovec]

that KILL is not on pcscd but on socat ..

socat -d -d pty,link=tmp/OsEIDsim.socket,raw,echo=0 "exec:build/console/console ...,pty,raw,echo=0" &
PID=$

It is also strange that the problem appears repeatedly only with test-openpgp.sh

[Jakuje]

Do you have example of such failed run?

I do not think this should be running on a same machine. I think these are some containers that should have separation and one test should not affect the others at runtime.

[Jakuje]

OK, I have a failure right now in
https://github.com/OpenSC/OpenSC/actions/runs/8006014593/job/21867160530?pr=3045 (not sure if it is the same issue you saw). It failed with

+ pkcs15-init --verify --auth-id 3 --pin 12345678 --delete-objects privkey,pubkey --id 2 --generate-key rsa/2048
Using reader with a card: Virtual PCD 00 00
Processing cardinfo 
Processing label
Processing manufacturer
Processing min-pin-length
Processing max-pin-length
Processing pkcs15 
Processing direct-certificates
Processing encode-df-length
Processing do-last-update
Processing pkcs15-id-style
Processing option default
Processing macros 
Defining protected
Defining unprotected
Defining so-pin-flags
Defining so-min-pin-length
Defining so-pin-attempts
Defining so-auth-id
Defining so-puk-attempts
Defining so-min-puk-length
Defining unusedspace-size
Defining odf-size
Defining aodf-size
Defining cdf-size
Defining prkdf-size
Defining pukdf-size
Defining dodf-size
Processing option onepin
Processing option small
Processing option direct-cert
Processing PIN user-pin
Processing attempts
Processing flags
Processing PIN user-puk
Processing attempts
Processing PIN so-pin
Processing auth-id
Expanding macro so-auth-id: FF
Processing attempts
Expanding macro so-pin-attempts: 2
Processing min-length
Expanding macro so-min-pin-length: 6
Processing flags
Expanding macro so-pin-flags: local initialized needs-padding soPin
Processing PIN so-puk
Processing attempts
Expanding macro so-puk-attempts: 4
Processing min-length
Expanding macro so-min-puk-length: 6
Processing filesystem 
Processing DF MF
Processing path
Processing type
Processing EF DIR
Processing type
Processing file-id
Processing size
Processing acl
Processing DF PKCS15-AppDF
Processing type
Processing file-id
Processing aid
Processing acl
Processing size
Processing EF PKCS15-ODF
Processing file-id
Processing size
Expanding macro odf-size: 256
Processing ACL
Expanding macro unprotected: *=NONE
Processing EF PKCS15-TokenInfo
Processing file-id
Processing ACL
Expanding macro unprotected: *=NONE
Processing EF PKCS15-UnusedSpace
Processing file-id
Processing size
Expanding macro unusedspace-size: 128
Processing ACL
Expanding macro unprotected: *=NONE
Processing EF PKCS15-AODF
Processing file-id
Processing size
Expanding macro aodf-size: 256
Processing ACL
Expanding macro protected: *=$SOPIN READ=NONE
Processing EF PKCS15-PrKDF
Processing file-id
Processing size
Expanding macro prkdf-size: 256
Processing acl
Expanding macro protected: *=$SOPIN READ=NONE
Processing EF PKCS15-PuKDF
Processing file-id
Processing size
Expanding macro pukdf-size: 256
Processing acl
Expanding macro protected: *=$SOPIN READ=NONE
Processing EF PKCS15-CDF
Processing file-id
Processing size
Expanding macro cdf-size: 512
Processing acl
Expanding macro protected: *=$SOPIN READ=NONE
Processing EF PKCS15-DODF
Processing file-id
Processing size
Expanding macro dodf-size: 256
Processing ACL
Expanding macro protected: *=$SOPIN READ=NONE
Processing cardinfo 
Processing min-pin-length
Processing max-pin-length
Processing option default
Processing macros 
Defining protected
Defining unprotected
Defining so-pin-flags
Defining so-min-pin-length
Defining so-pin-attempts
Defining so-auth-id
Defining odf-size
Defining aodf-size
Defining cdf-size
Defining prkdf-size
Defining pukdf-size
Defining dodf-size
Processing PIN user-pin
Processing attempts
Processing flags
Processing PIN so-pin
Processing auth-id
Expanding macro so-auth-id: 3
Processing attempts
Expanding macro so-pin-attempts: 3
Processing min-length
Expanding macro so-min-pin-length: 8
Processing flags
Expanding macro so-pin-flags: local initialized soPin
Processing filesystem 
Processing DF MF
Processing path
Processing type
Processing EF DIR
Processing type
Processing file-id
Processing acl
Processing DF PKCS15-AppDF
Processing type
Processing aid
Processing acl
Processing EF PKCS15-TokenInfo
Processing ACL
Expanding macro unprotected: *=NONE
Processing EF PKCS15-PrKDF
Processing size
Expanding macro prkdf-size: 256
Processing acl
Expanding macro protected: *=$SOPIN READ=NONE
Processing EF PKCS15-PuKDF
Processing size
Expanding macro pukdf-size: 256
Processing acl
Expanding macro protected: *=$SOPIN READ=NONE
Processing EF PKCS15-CDF
Processing acl
Expanding macro unprotected: *=NONE
Processing template key-domain
Process template:key-domain; block:template
Processing EF private-key
Processing file-id
Processing ACL
Template key-domain processed; returns 0
Deleted 2 objects
Instantiate private-key in template key-domain
Template instantiated
Failed to generate key: Card command failed

(command returning non-zero exit code and cleanup starts

+ pcscd_cleanup
[...cleanup...]

I do not think this is an issue with the test script, but the issue with the openpgp applet od openpgp driver randomly failing. The debug logs are from the profile objects so they are not much helpful. But we can try to run either this command or all the commands in this test with the debug mode to see what is going on there under the hood.

[dengert]

I have seen: "Failed to generate key: Card command failed"

The https://github.com/Yubico/ykneo-openpgp has not been updated in 8 years and applet has a security bug. Is there a better applets to use?
Are we trying to do operations that are newer?

Turning on opensc debugging and getting the log would help

[dengert]

https://github.com/OpenSC/OpenSC/actions/runs/8007038458/job/21870535578?pr=3042 ran OK
Thu, 22 Feb 2024 15:44:52 GMT to Thu, 22 Feb 2024 15:44:52 GMT about an hour ago.