New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
testshell_markdown_tutorial_crypto: fail #3283
Comments
@markus2330 this succeeds on the buildserver. Is this a showstopper for you? It would be reflected in the logs of the release ( EDIT: I can try to do this part on a7/v2 as it maybe only fails in my scenario with fedora as host (and debian only in docker). |
No, it is definitely not a showstopper. Most likely it is simply because some temporary file is still there from a previous run or #2957 is not completely fixed after all. Hopefully, @petermax2 has time to fix it before 0.9.2 😉 @mpranj do you need help with release notes or something else? |
I can not reproduce the issue when building 2bc994a from scratch using your cmake command from above.
Maybe your build directory is broken somehow. Could you please try to compile and test with a new (empty) build directory? |
@petermax2 thank you for checking it so quickly. I tried several times on my host system (fedora) and also on a debian buster docker container. I also cleaned the build directory many times. It's always possible that it's just a problem at my end. I'll check it again later! |
Hm strange! I think I used a Debian:stable container yesterday for building and testing. I can try again with Fedora in the evening. At the moment I don't have so much time for troubleshooting but I will have a quick look. |
The issue is reproducable under Fedora.
Maybe this is not a crypto-tutorial specific issue. I have to investigate. |
EDIT: The analysis is only valid for |
Thank you for taking a look at this issue! I haven't seen the other tests fail tbh. Are you sure this is the same problem? I did not even work with the installed kdb, I just ran ctest with make run_all. In the long run we'll add some fedora docker images too (#3227), to catch something like this earlier. |
No, probably several different problems.
Very good idea! I edited my post from before to clarify what I meant with my analysis. |
The problem is not isolated to my machine. The test fails because the following rename() call fails: libelektra/src/plugins/fcrypt/fcrypt.c Line 231 in 263cbe6
The reason is that /tmp is a separate mountpoint on Fedora by default, which was not the case for Debian. Thus the file can not be renamed across different mountpoints. I have verified that this is the problem by applying a (very dirty) patch. I would propose to keep it consistent with the resolver implementation and place the temp file in the same directory as the original file. @petermax2 what do you think and would you have time to fix it with a proper patch? |
The tmp directory used by fcrypt can be set via the plugin configuration.
(Source: Plugin Documentation) The most easiest way to mitigate on Fedora-like build jobs would be to use another directory. On the build server the local build directory can be used. What do you think?
I can allocate some spare time over the weekends but what do you have in mind as a proper solution? |
No need to over-engineer anything. As I suggested I would put the temp file in the same directory as the target file. This is the way I am also fine with just configuring a different TMPDIR for the builds. I can implement that change myself. We'll go with whatever you suggest here. |
From rename docu:
Edit: fails with sudo with the same error:
|
A simplistic solution would be to replace the |
I will simply configure a different TMPDIR explicitly for the builds. If the issue reoccurs on target systems we can reopen and find a better solution. |
This problem might occur more often, I think. We even recommend in the fcrypt documentation to remount I will try to provide a proper fix.
This is also fine as a work-around for the build servers. |
Thank you so much for looking into it!
Not to replace the code but to do that if rename failed. (And to also shred the source file in that case.) Then people without RAM disc on /tmp have speed and people with RAM disc on /tmp have more security. |
rename () accross file systems is not supported and causes failures. If rename () fails, fcrypt tries to perform a manual copy. See ElektraInitiative#3283 for full discussion.
cirrus: enable fcrypt on fedora again #3283
Steps to Reproduce the Problem
Build libelektra while having gpgme development files. (
gpgme-devel
on fedora)I used
but not everything is relevant to the problem.
Expected Result
Actual Result
Seems that there is a problem with /tmp on tmpfs or similar? I get the problem on fedora and also on debian buster (in docker).
System Information
Further Log Files and Output
The text was updated successfully, but these errors were encountered: