[zeus][PATCH] openssh: backport patch to fix "cert not yet valid" test

[zeus][PATCH] openssh: backport patch to fix "cert not yet valid" test

[Anuj Mittal]

Fixes [YOCTO #13796]

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
 ...at-bozo-decided-to-use-2020-as-a-future-d.patch | 46 ++++++++++++++++++++++
 meta/recipes-connectivity/openssh/openssh_8.0p1.bb |  1 +
 2 files changed, 47 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch

diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
new file mode 100644
index 0000000..e2930c3
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
@@ -0,0 +1,46 @@
+From 3cccc0a2ab597b8273bddf08e9a3cc5551d7e530 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 3 Jan 2020 03:02:26 +0000
+Subject: [PATCH] upstream: what bozo decided to use 2020 as a future date in a
+ regress
+
+test?
+
+OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381]
+
+[Dropped the script version and copyright year change at the top]
+
+Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
+---
+ regress/cert-hostkey.sh | 2 +-
+ regress/cert-userkey.sh | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
+index 3ce7779..74d5a53 100644
+--- a/regress/cert-hostkey.sh
++++ b/regress/cert-hostkey.sh
+@@ -248,7 +248,7 @@ test_one() {
+ test_one "user-certificate"	failure "-n $HOSTS"
+ test_one "empty principals"	success "-h"
+ test_one "wrong principals"	failure "-h -n foo"
+-test_one "cert not yet valid"	failure "-h -V20200101:20300101"
++test_one "cert not yet valid"	failure "-h -V20300101:20320101"
+ test_one "cert expired"		failure "-h -V19800101:19900101"
+ test_one "cert valid interval"	success "-h -V-1w:+2w"
+ test_one "cert has constraints"	failure "-h -Oforce-command=false"
+diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
+index 6849e99..de455b8 100644
+--- a/regress/cert-userkey.sh
++++ b/regress/cert-userkey.sh
+@@ -327,7 +327,7 @@ test_one() {
+ test_one "correct principal"	success "-n ${USER}"
+ test_one "host-certificate"	failure "-n ${USER} -h"
+ test_one "wrong principals"	failure "-n foo"
+-test_one "cert not yet valid"	failure "-n ${USER} -V20200101:20300101"
++test_one "cert not yet valid"	failure "-n ${USER} -V20300101:20320101"
+ test_one "cert expired"		failure "-n ${USER} -V19800101:19900101"
+ test_one "cert valid interval"	success "-n ${USER} -V-1w:+2w"
+ test_one "wrong source-address"	failure "-n ${USER} -Osource-address=10.0.0.0/8"
diff --git a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
index 2ffbc9a..3d16f9d 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
@@ -25,6 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://sshd_check_keys \
            file://add-test-support-for-busybox.patch \
            file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \
+           file://0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch \
            "
 SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d"
 SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68"
-- 
2.7.4

Re: [zeus][PATCH] openssh: backport patch to fix "cert not yet valid" test

[Richard Purdie]

On Fri, 2020-02-21 at 11:29 +0800, Anuj Mittal wrote:
> Fixes [YOCTO #13796]
> 
> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

Is this issue already addressed in master (maybe through upgrade)?

Cheers,

Richard

Re: [zeus][PATCH] openssh: backport patch to fix "cert not yet valid" test

[Alex Kiernan]

On Fri, Feb 21, 2020 at 11:28 AM Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
>
> On Fri, 2020-02-21 at 11:29 +0800, Anuj Mittal wrote:
> > Fixes [YOCTO #13796]
> >
> > Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
>
> Is this issue already addressed in master (maybe through upgrade)?
>

We already had that patch in master which I dropped that patch as part
of the move to 8.2p1 (was
0001-Manually-applied-upstream-fix-for-openssh-test.patch)

-- 
Alex Kiernan

Re: [zeus][PATCH] openssh: backport patch to fix "cert not yet valid" test

[akuster808]

On 2/20/20 7:29 PM, Anuj Mittal wrote:
> Fixes [YOCTO #13796]
Could you please take ownership of the bug. Its weird we both worked on
the same issue and had a fix done about the same time.

Ill replace my version in stable/zeus-nut with this patch.

- Armin
>
> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
> ---
>  ...at-bozo-decided-to-use-2020-as-a-future-d.patch | 46 ++++++++++++++++++++++
>  meta/recipes-connectivity/openssh/openssh_8.0p1.bb |  1 +
>  2 files changed, 47 insertions(+)
>  create mode 100644 meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
>
> diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
> new file mode 100644
> index 0000000..e2930c3
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
> @@ -0,0 +1,46 @@
> +From 3cccc0a2ab597b8273bddf08e9a3cc5551d7e530 Mon Sep 17 00:00:00 2001
> +From: "djm@openbsd.org" <djm@openbsd.org>
> +Date: Fri, 3 Jan 2020 03:02:26 +0000
> +Subject: [PATCH] upstream: what bozo decided to use 2020 as a future date in a
> + regress
> +
> +test?
> +
> +OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
> +
> +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381]
> +
> +[Dropped the script version and copyright year change at the top]
> +
> +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
> +---
> + regress/cert-hostkey.sh | 2 +-
> + regress/cert-userkey.sh | 2 +-
> + 2 files changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
> +index 3ce7779..74d5a53 100644
> +--- a/regress/cert-hostkey.sh
> ++++ b/regress/cert-hostkey.sh
> +@@ -248,7 +248,7 @@ test_one() {
> + test_one "user-certificate"	failure "-n $HOSTS"
> + test_one "empty principals"	success "-h"
> + test_one "wrong principals"	failure "-h -n foo"
> +-test_one "cert not yet valid"	failure "-h -V20200101:20300101"
> ++test_one "cert not yet valid"	failure "-h -V20300101:20320101"
> + test_one "cert expired"		failure "-h -V19800101:19900101"
> + test_one "cert valid interval"	success "-h -V-1w:+2w"
> + test_one "cert has constraints"	failure "-h -Oforce-command=false"
> +diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
> +index 6849e99..de455b8 100644
> +--- a/regress/cert-userkey.sh
> ++++ b/regress/cert-userkey.sh
> +@@ -327,7 +327,7 @@ test_one() {
> + test_one "correct principal"	success "-n ${USER}"
> + test_one "host-certificate"	failure "-n ${USER} -h"
> + test_one "wrong principals"	failure "-n foo"
> +-test_one "cert not yet valid"	failure "-n ${USER} -V20200101:20300101"
> ++test_one "cert not yet valid"	failure "-n ${USER} -V20300101:20320101"
> + test_one "cert expired"		failure "-n ${USER} -V19800101:19900101"
> + test_one "cert valid interval"	success "-n ${USER} -V-1w:+2w"
> + test_one "wrong source-address"	failure "-n ${USER} -Osource-address=10.0.0.0/8"
> diff --git a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
> index 2ffbc9a..3d16f9d 100644
> --- a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
> @@ -25,6 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
>             file://sshd_check_keys \
>             file://add-test-support-for-busybox.patch \
>             file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \
> +           file://0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch \
>             "
>  SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d"
>  SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68"

Re: [zeus][PATCH] openssh: backport patch to fix "cert not yet valid" test

[Mingde (Matthew) Zeng]

>> Fixes [YOCTO #13796]
> Could you please take ownership of the bug. Its weird we both worked on
> the same issue and had a fix done about the same time.

What's weirder is that we three worked on this same issue, and it was merged to master last month.

https://git.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/openssh?id=f0a949fe33da47fd0a587abb942ff60f0a56ed0d

>
> Ill replace my version in stable/zeus-nut with this patch.
>
> - Armin

I think it's reasonable to simply port this commit from master into zeus.

Regards,
Matthew

>>
>> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
>> ---
>>  ...at-bozo-decided-to-use-2020-as-a-future-d.patch | 46 ++++++++++++++++++++++
>>  meta/recipes-connectivity/openssh/openssh_8.0p1.bb |  1 +
>>  2 files changed, 47 insertions(+)
>>  create mode 100644 meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
>>
>> diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
>> new file mode 100644
>> index 0000000..e2930c3
>> --- /dev/null
>> +++ b/meta/recipes-connectivity/openssh/openssh/0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch
>> @@ -0,0 +1,46 @@
>> +From 3cccc0a2ab597b8273bddf08e9a3cc5551d7e530 Mon Sep 17 00:00:00 2001
>> +From: "djm@openbsd.org" <djm@openbsd.org>
>> +Date: Fri, 3 Jan 2020 03:02:26 +0000
>> +Subject: [PATCH] upstream: what bozo decided to use 2020 as a future date in a
>> + regress
>> +
>> +test?
>> +
>> +OpenBSD-Regress-ID: 3b953df5a7e14081ff6cf495d4e8d40e153cbc3a
>> +
>> +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/ff31f15773ee173502eec4d7861ec56f26bba381]
>> +
>> +[Dropped the script version and copyright year change at the top]
>> +
>> +Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
>> +---
>> + regress/cert-hostkey.sh | 2 +-
>> + regress/cert-userkey.sh | 2 +-
>> + 2 files changed, 2 insertions(+), 2 deletions(-)
>> +
>> +diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
>> +index 3ce7779..74d5a53 100644
>> +--- a/regress/cert-hostkey.sh
>> ++++ b/regress/cert-hostkey.sh
>> +@@ -248,7 +248,7 @@ test_one() {
>> + test_one "user-certificate"	failure "-n $HOSTS"
>> + test_one "empty principals"	success "-h"
>> + test_one "wrong principals"	failure "-h -n foo"
>> +-test_one "cert not yet valid"	failure "-h -V20200101:20300101"
>> ++test_one "cert not yet valid"	failure "-h -V20300101:20320101"
>> + test_one "cert expired"		failure "-h -V19800101:19900101"
>> + test_one "cert valid interval"	success "-h -V-1w:+2w"
>> + test_one "cert has constraints"	failure "-h -Oforce-command=false"
>> +diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
>> +index 6849e99..de455b8 100644
>> +--- a/regress/cert-userkey.sh
>> ++++ b/regress/cert-userkey.sh
>> +@@ -327,7 +327,7 @@ test_one() {
>> + test_one "correct principal"	success "-n ${USER}"
>> + test_one "host-certificate"	failure "-n ${USER} -h"
>> + test_one "wrong principals"	failure "-n foo"
>> +-test_one "cert not yet valid"	failure "-n ${USER} -V20200101:20300101"
>> ++test_one "cert not yet valid"	failure "-n ${USER} -V20300101:20320101"
>> + test_one "cert expired"		failure "-n ${USER} -V19800101:19900101"
>> + test_one "cert valid interval"	success "-n ${USER} -V-1w:+2w"
>> + test_one "wrong source-address"	failure "-n ${USER} -Osource-address=10.0.0.0/8"
>> diff --git a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
>> index 2ffbc9a..3d16f9d 100644
>> --- a/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
>> +++ b/meta/recipes-connectivity/openssh/openssh_8.0p1.bb
>> @@ -25,6 +25,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
>>             file://sshd_check_keys \
>>             file://add-test-support-for-busybox.patch \
>>             file://0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch \
>> +           file://0001-upstream-what-bozo-decided-to-use-2020-as-a-future-d.patch \
>>             "
>>  SRC_URI[md5sum] = "bf050f002fe510e1daecd39044e1122d"
>>  SRC_URI[sha256sum] = "bd943879e69498e8031eb6b7f44d08cdc37d59a7ab689aa0b437320c3481fd68"


--
Mingde (Matthew) Zeng

Re: [zeus][PATCH] openssh: backport patch to fix "cert not yet valid" test

[Mingde (Matthew) Zeng]

Alex Kiernan <alex.kiernan@gmail.com> writes:

> On Fri, Feb 21, 2020 at 11:28 AM Richard Purdie
> <richard.purdie@linuxfoundation.org> wrote:
>>
>> On Fri, 2020-02-21 at 11:29 +0800, Anuj Mittal wrote:
>> > Fixes [YOCTO #13796]
>> >
>> > Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
>>
>> Is this issue already addressed in master (maybe through upgrade)?
>>
>
> We already had that patch in master which I dropped that patch as part
> of the move to 8.2p1 (was
> 0001-Manually-applied-upstream-fix-for-openssh-test.patch)

Right, there was an upgrade to 8.2p1. We can do the same for zeus.

>
> --
> Alex Kiernan


--
Mingde (Matthew) Zeng