Thread: [mod-security-packagers] ModSecurity 3.x (almost) enters Debian
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-packagers
|
From: Alberto G. I. <ag...@in...> - 2018-10-19 08:57:14
|
Hi, I'm happy to announce that the package for (lib)mod-security 3.x entered Debian unstable this week. But some issues arose in the testing suite with some/all of the architectures: - In most of them this test fails: ./regression_tests .././test/test-cases/regression/variable-ENV.json:1 :test-result: FAIL variable-ENV.json:Testing Variables :: ENV (2/3) - In some (i.e. s390) a bunch of ip matching rules tests fail [1] You may see all the build logs here: https://buildd.debian.org/status/package.php?p=modsecurity&suite=sid Some help with these issues would be really apreciated. Regards, Alberto [1] ./regression_tests .././test/test-cases/regression/operator-ipMatchFromFile.json:1 :test-result: PASS operator-ipMatchFromFile.json:Testing Operator :: @ipMatchFromFile - file not found ./regression_tests .././test/test-cases/regression/operator-ipMatchFromFile.json:2 :test-result: FAIL operator-ipMatchFromFile.json:Testing Operator :: @ipMatchFromFile - https RUN: test/test-cases/secrules-language-tests/operators/ipMatch.json =================================================================== :test-result: FAIL ipMatch 10.10.10.10 :test-result: PASS ipMatch 10.10.10.11 :test-result: FAIL ipMatch 10.10.10.11 :test-result: PASS ipMatch 10.10.7.254 :test-result: FAIL ipMatch 10.10.8.1 :test-result: PASS ipMatch 10.10.16.1 :test-result: FAIL ipMatch 10.10.15.254 :test-result: FAIL ipMatch 192.168.1.254 :test-result: PASS ipMatch 10.10.10.11 :test-result: FAIL ipMatch 156.149.152.152 :test-result: PASS ipMatch 10.10.10.11 :test-result: FAIL ipMatch 10.0.0.11 :test-result: FAIL ipMatch 10.10.10.11 :test-result: FAIL ipMatch 10.10.10.11 -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico mailto/sip: ag...@in... | en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 |
|
From: Ervin H. <ai...@gm...> - 2018-10-19 13:14:35
|
Hi Alberto, On Fri, Oct 19, 2018 at 10:39:00AM +0200, Alberto Gonzalez Iniesta wrote: > Hi, > > I'm happy to announce that the package for (lib)mod-security 3.x entered > Debian unstable this week. But some issues arose in the testing suite > with some/all of the architectures: > > - In most of them this test fails: > > ./regression_tests .././test/test-cases/regression/variable-ENV.json:1 > :test-result: FAIL variable-ENV.json:Testing Variables :: ENV (2/3) > > - In some (i.e. s390) a bunch of ip matching rules tests fail [1] > > > You may see all the build logs here: > https://buildd.debian.org/status/package.php?p=modsecurity&suite=sid > > Some help with these issues would be really apreciated. I've grabbed your source, here are some info: $ cat /etc/debian_version buster/sid Everything is up-to-date (I'm after an apt-get update, apt-get dist-upgrade). apt-get source modsecurity Reading package lists... Done Need to get 2798 kB of source archives. Get:1 http://cdn-fastly.deb.debian.org/debian sid/main modsecurity 3.0.2-1 (dsc) [1967 B] Get:2 http://cdn-fastly.deb.debian.org/debian sid/main modsecurity 3.0.2-1 (tar) [2793 kB] Get:3 http://cdn-fastly.deb.debian.org/debian sid/main modsecurity 3.0.2-1 (diff) [2924 B] Fetched 2798 kB in 1s (2651 kB/s) dpkg-source: info: extracting modsecurity in modsecurity-3.0.2 dpkg-source: info: unpacking modsecurity_3.0.2.orig.tar.gz dpkg-source: info: unpacking modsecurity_3.0.2-1.debian.tar.xz cd modsecurity-3.0.2 debuild -us -uc ... make check-TESTS make[3]: Entering directory '/home/airween/debian/modsecurity-3.0.2' make[4]: Entering directory '/home/airween/debian/modsecurity-3.0.2' ( 3/ 0/ 3): test/test-cases/regression/action-ctl_request_body_access.json ( 3/ 0/ 3): test/test-cases/regression/action-ctl_request_body_processor.json ... ( 3/ 0/ 3): test/test-cases/regression/config-secremoterules.json ============================================================================ Testsuite summary for modsecurity 3.0 ============================================================================ # TOTAL: 4740 # PASS: 4740 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 ... ... Now running lintian modsecurity_3.0.2-1_amd64.changes ... Finished running lintian. And that's it. Check it by hand: cd test/ ./regression_tests .././test/test-cases/regression/variable-ENV.json ModSecurity 3.0.2 - tests (options are not available -- missing GetOpt) # File Name Test Name Passed? --- --------- --------- ------- 1 variable-ENV.json Testing Variables :: ENV (1/3) passed! 2 variable-ENV.json Testing Variables :: ENV (2/3) passed! 3 variable-ENV.json Testing Variables :: ENV (3/3) passed! Ran a total of: 3 regression tests - All tests passed. 0 skipped test(s). 0 disabled test(s). I've tried with pbuilder, here is the relevant part of the log: ( 3/ 0/ 3): test/test-cases/regression/variable-ENV.json ... ... RUN: test/test-cases/regression/variable-ENV.json ================================================= :test-result: PASS variable-ENV.json:Testing Variables :: ENV (1/3) ./regression_tests .././test/test-cases/regression/variable-ENV.json:1 :test-result: PASS variable-ENV.json:Testing Variables :: ENV (2/3) ./regression_tests .././test/test-cases/regression/variable-ENV.json:2 :test-result: PASS variable-ENV.json:Testing Variables :: ENV (3/3) ./regression_tests .././test/test-cases/regression/variable-ENV.json:3 ... (but there are another failed tests with pbuilder: UN: test/test-cases/regression/config-secremoterules.json ========================================================== :test-result: FAIL config-secremoterules.json:Include remote rules ./regression_tests .././test/test-cases/regression/config-secremoterules.json:1 :test-result: FAIL config-secremoterules.json:Include remote rules - failed download (Abort) ./regression_tests .././test/test-cases/regression/config-secremoterules.json:2 :test-result: PASS config-secremoterules.json:Include remote rules - failed download (Warn) this occured I guess that I'm behind proxy, and didn't pass http_proxy env to pbuilder. ./regression_tests .././test/test-cases/regression/operator-ipMatchFromFile.json:2 :test-result: FAIL operator-ipMatchFromFile.json:Testing Operator :: @ipMatchFromFile - https ./regression_tests .././test/test-cases/regression/operator-ipMatchFromFile.json:3 also could occured by network problem) I can't reproduce your issue on amd64 arch. May be this can helps you, here is the output of ldd of compiled shared object which built in regular system (not with pbuilder) https://pastebin.com/svAjTek9 may be some library needs...? regards, a. |
|
From: Felipe Z. <fe...@zi...> - 2018-10-19 13:51:35
|
Hi, Good to hear that we are having those packages :) that should increase even more the adoption of v3 :) Kudos!!!! Same as Ervin here, I am not able to reproduce the regression tests failures. Do you mind to share the configuration/compilation logs? Br., F. On Fri, Oct 19, 2018 at 10:14 AM Ervin Hegedüs <ai...@gm...> wrote: > Hi Alberto, > > On Fri, Oct 19, 2018 at 10:39:00AM +0200, Alberto Gonzalez Iniesta wrote: > > Hi, > > > > I'm happy to announce that the package for (lib)mod-security 3.x entered > > Debian unstable this week. But some issues arose in the testing suite > > with some/all of the architectures: > > > > - In most of them this test fails: > > > > ./regression_tests .././test/test-cases/regression/variable-ENV.json:1 > > :test-result: FAIL variable-ENV.json:Testing Variables :: ENV (2/3) > > > > - In some (i.e. s390) a bunch of ip matching rules tests fail [1] > > > > > > You may see all the build logs here: > > https://buildd.debian.org/status/package.php?p=modsecurity&suite=sid > > > > Some help with these issues would be really apreciated. > > I've grabbed your source, here are some info: > > $ cat /etc/debian_version > buster/sid > > Everything is up-to-date (I'm after an apt-get update, apt-get > dist-upgrade). > > apt-get source modsecurity > Reading package lists... Done > Need to get 2798 kB of source archives. > Get:1 http://cdn-fastly.deb.debian.org/debian sid/main modsecurity > 3.0.2-1 (dsc) [1967 B] > Get:2 http://cdn-fastly.deb.debian.org/debian sid/main modsecurity > 3.0.2-1 (tar) [2793 kB] > Get:3 http://cdn-fastly.deb.debian.org/debian sid/main modsecurity > 3.0.2-1 (diff) [2924 B] > Fetched 2798 kB in 1s (2651 kB/s) > dpkg-source: info: extracting modsecurity in modsecurity-3.0.2 > dpkg-source: info: unpacking modsecurity_3.0.2.orig.tar.gz > dpkg-source: info: unpacking modsecurity_3.0.2-1.debian.tar.xz > > cd modsecurity-3.0.2 > > debuild -us -uc > ... > make check-TESTS > make[3]: Entering directory '/home/airween/debian/modsecurity-3.0.2' > make[4]: Entering directory '/home/airween/debian/modsecurity-3.0.2' > ( 3/ 0/ 3): > test/test-cases/regression/action-ctl_request_body_access.json > ( 3/ 0/ 3): > test/test-cases/regression/action-ctl_request_body_processor.json > ... > ( 3/ 0/ 3): test/test-cases/regression/config-secremoterules.json > > ============================================================================ > Testsuite summary for modsecurity 3.0 > > ============================================================================ > # TOTAL: 4740 > # PASS: 4740 > # SKIP: 0 > # XFAIL: 0 > # FAIL: 0 > # XPASS: 0 > # ERROR: 0 > ... > ... > Now running lintian modsecurity_3.0.2-1_amd64.changes ... > Finished running lintian. > > And that's it. > > > Check it by hand: > > cd test/ > ./regression_tests .././test/test-cases/regression/variable-ENV.json > ModSecurity 3.0.2 - tests > (options are not available -- missing GetOpt) > > # File Name Test Name > Passed? > --- --------- --------- > ------- > 1 variable-ENV.json Testing Variables > :: ENV (1/3) passed! > 2 variable-ENV.json Testing Variables > :: ENV (2/3) passed! > 3 variable-ENV.json Testing Variables > :: ENV (3/3) passed! > > Ran a total of: 3 regression tests - All tests passed. 0 skipped test(s). > 0 disabled test(s). > > > I've tried with pbuilder, here is the relevant part of the log: > > ( 3/ 0/ 3): test/test-cases/regression/variable-ENV.json > ... > ... > RUN: test/test-cases/regression/variable-ENV.json > ================================================= > > :test-result: PASS variable-ENV.json:Testing Variables :: ENV (1/3) > > ./regression_tests .././test/test-cases/regression/variable-ENV.json:1 > :test-result: PASS variable-ENV.json:Testing Variables :: ENV (2/3) > > ./regression_tests .././test/test-cases/regression/variable-ENV.json:2 > :test-result: PASS variable-ENV.json:Testing Variables :: ENV (3/3) > > ./regression_tests .././test/test-cases/regression/variable-ENV.json:3 > ... > > > (but there are another failed tests with pbuilder: > > UN: test/test-cases/regression/config-secremoterules.json > ========================================================== > > :test-result: FAIL config-secremoterules.json:Include remote rules > > ./regression_tests > .././test/test-cases/regression/config-secremoterules.json:1 > :test-result: FAIL config-secremoterules.json:Include remote rules - > failed download (Abort) > > ./regression_tests > .././test/test-cases/regression/config-secremoterules.json:2 > :test-result: PASS config-secremoterules.json:Include remote rules - > failed download (Warn) > > > this occured I guess that I'm behind proxy, and didn't pass > http_proxy env to pbuilder. > > > > ./regression_tests > .././test/test-cases/regression/operator-ipMatchFromFile.json:2 > :test-result: FAIL operator-ipMatchFromFile.json:Testing Operator :: > @ipMatchFromFile - https > > ./regression_tests > .././test/test-cases/regression/operator-ipMatchFromFile.json:3 > > also could occured by network problem) > > > I can't reproduce your issue on amd64 arch. > > > May be this can helps you, here is the output of ldd of compiled shared > object > which built in regular system (not with pbuilder) > > https://pastebin.com/svAjTek9 > > may be some library needs...? > > > regards, > > > a. > > > > _______________________________________________ > mod-security-packagers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-packagers > |
|
From: Ervin H. <ai...@gm...> - 2018-10-19 14:26:14
|
Hi Felipe, On Fri, Oct 19, 2018 at 10:21:14AM -0300, Felipe Zimmerle wrote: > Hi, > > Good to hear that we are having those packages :) that should increase even > more the adoption of v3 :) Kudos!!!! we're just going to have the package, I think it's a little bit far, but even closer :) > Same as Ervin here, I am not able to reproduce the regression tests > failures. Do you mind to share the configuration/compilation logs? which logs do you mean? pbuilder or "native" build logs? I'm afraid that the result misleads us (you and me), because (I think) you also have a build environment with several installed libraries, which aren't mandatory. That's in my build system (which is a simple LXC container) - I've built modsecurity as several times :), with different ways... But the error comes only on Debian's build environment, where the builder flow starts in a "clean" base system, and it installs the necessary packages, what the developer/maintainer listed in d/control.... I don't know yet, I'll check it out at this weekend. Regards, a. |
|
From: Felipe Z. <fe...@zi...> - 2018-10-19 14:56:35
|
Hi,
Regardless of the dependencies, the test should not fail. There are three
different possible result for a test case:
Pass, Fail, Disable.
The Disable is used when an optional resource was disabled. Either because
it was manually disabled or because the build did not managed to find the
need dependency.
In the config.log we may be able to identify the optional libraries. I
would recommend to build with all dependencies. The configure output should
be somewhat similar to this:
ModSecurity - v3.0.2-131-g8d8c8748 for Linux
Mandatory dependencies
+ libInjection ....v3.0.2-131-g8d8c8748
+ SecLang tests ....8d8c8748
Optional dependencies
+ GeoIP/MaxMind ....found
* (MaxMind) v1.3.2
-lmaxminddb , -DWITH_MAXMIND
* (GeoIP) v1.6.12
-lGeoIP , -I/usr/include/
+ LibCURL ....found v7.61.1
-lcurl, -DWITH_CURL_SSLVERSION_TLSv1_2 -DWITH_CURL
+ YAJL ....found v2.1.0
-lyajl , -DWITH_YAJL -I/usr/include/yajl
+ LMDB ....disabled
+ LibXML2 ....found v2.9.8
-lxml2 -lz -llzma -licui18n -licuuc -licudata -lm -ldl,
-I/usr/include/libxml2 -DWITH_LIBXML2
+ SSDEEP ....found
-lfuzzy -L/usr/lib/, -DWITH_SSDEEP -I/usr/include
+ LUA ....found v503
-llua5.3 -L/usr/lib/, -DWITH_LUA -I/usr/include
Other Options
+ Test Utilities ....enabled
+ SecDebugLog ....enabled
+ afl fuzzer ....disabled
+ library examples ....enabled
+ Building parser ....disabled
+ Treating pm operations as critical section ....disabled
I am afraid we may have a problem in our build scripts, due to a missing
header or library. The script is may confuse by the time it educated guess
the platform. Leading to run time issues in structures like the one used to
map ips. But that is just a guess, i have to see the logs to tell for sure.
Optional dependency list: lua, ssdeep, libxml2, yajl, libcurl, maxmind.
Br.,
F.
On Fri, Oct 19, 2018 at 11:26 AM Ervin Hegedüs <ai...@gm...> wrote:
> Hi Felipe,
>
> On Fri, Oct 19, 2018 at 10:21:14AM -0300, Felipe Zimmerle wrote:
> > Hi,
> >
> > Good to hear that we are having those packages :) that should increase
> even
> > more the adoption of v3 :) Kudos!!!!
>
> we're just going to have the package, I think it's a little bit
> far, but even closer :)
>
> > Same as Ervin here, I am not able to reproduce the regression tests
> > failures. Do you mind to share the configuration/compilation logs?
>
> which logs do you mean? pbuilder or "native" build logs?
>
> I'm afraid that the result misleads us (you and me), because (I
> think) you also have a build environment with several installed
> libraries, which aren't mandatory.
>
> That's in my build system (which is a simple LXC container) - I've
> built modsecurity as several times :), with different ways...
>
> But the error comes only on Debian's build environment, where the
> builder flow starts in a "clean" base system, and it installs the
> necessary packages, what the developer/maintainer listed in
> d/control.... I don't know yet, I'll check it out at this
> weekend.
>
>
>
> Regards,
>
>
> a.
>
>
|
|
From: Alberto G. I. <ag...@in...> - 2018-10-19 17:35:03
|
Neither can I, that's why I asked for help :-) Those errors are from build daemons. Logs: > > > https://buildd.debian.org/status/package.php?p=modsecurity&suite=sid Cheers, Alberto On Fri, Oct 19, 2018 at 10:21:14AM -0300, Felipe Zimmerle wrote: > Hi, > > Good to hear that we are having those packages :) that should increase even > more the adoption of v3 :) Kudos!!!! > > Same as Ervin here, I am not able to reproduce the regression tests > failures. Do you mind to share the configuration/compilation logs? > > Br., > F. > > > On Fri, Oct 19, 2018 at 10:14 AM Ervin Hegedüs <ai...@gm...> wrote: > > > Hi Alberto, > > > > On Fri, Oct 19, 2018 at 10:39:00AM +0200, Alberto Gonzalez Iniesta wrote: > > > Hi, > > > > > > I'm happy to announce that the package for (lib)mod-security 3.x entered > > > Debian unstable this week. But some issues arose in the testing suite > > > with some/all of the architectures: > > > > > > - In most of them this test fails: > > > > > > ./regression_tests .././test/test-cases/regression/variable-ENV.json:1 > > > :test-result: FAIL variable-ENV.json:Testing Variables :: ENV (2/3) > > > > > > - In some (i.e. s390) a bunch of ip matching rules tests fail [1] > > > > > > > > > You may see all the build logs here: > > > https://buildd.debian.org/status/package.php?p=modsecurity&suite=sid > > > > > > Some help with these issues would be really apreciated. > > > > I've grabbed your source, here are some info: > > > > $ cat /etc/debian_version > > buster/sid > > > > Everything is up-to-date (I'm after an apt-get update, apt-get > > dist-upgrade). > > > > apt-get source modsecurity > > Reading package lists... Done > > Need to get 2798 kB of source archives. > > Get:1 http://cdn-fastly.deb.debian.org/debian sid/main modsecurity > > 3.0.2-1 (dsc) [1967 B] > > Get:2 http://cdn-fastly.deb.debian.org/debian sid/main modsecurity > > 3.0.2-1 (tar) [2793 kB] > > Get:3 http://cdn-fastly.deb.debian.org/debian sid/main modsecurity > > 3.0.2-1 (diff) [2924 B] > > Fetched 2798 kB in 1s (2651 kB/s) > > dpkg-source: info: extracting modsecurity in modsecurity-3.0.2 > > dpkg-source: info: unpacking modsecurity_3.0.2.orig.tar.gz > > dpkg-source: info: unpacking modsecurity_3.0.2-1.debian.tar.xz > > > > cd modsecurity-3.0.2 > > > > debuild -us -uc > > ... > > make check-TESTS > > make[3]: Entering directory '/home/airween/debian/modsecurity-3.0.2' > > make[4]: Entering directory '/home/airween/debian/modsecurity-3.0.2' > > ( 3/ 0/ 3): > > test/test-cases/regression/action-ctl_request_body_access.json > > ( 3/ 0/ 3): > > test/test-cases/regression/action-ctl_request_body_processor.json > > ... > > ( 3/ 0/ 3): test/test-cases/regression/config-secremoterules.json > > > > ============================================================================ > > Testsuite summary for modsecurity 3.0 > > > > ============================================================================ > > # TOTAL: 4740 > > # PASS: 4740 > > # SKIP: 0 > > # XFAIL: 0 > > # FAIL: 0 > > # XPASS: 0 > > # ERROR: 0 > > ... > > ... > > Now running lintian modsecurity_3.0.2-1_amd64.changes ... > > Finished running lintian. > > > > And that's it. > > > > > > Check it by hand: > > > > cd test/ > > ./regression_tests .././test/test-cases/regression/variable-ENV.json > > ModSecurity 3.0.2 - tests > > (options are not available -- missing GetOpt) > > > > # File Name Test Name > > Passed? > > --- --------- --------- > > ------- > > 1 variable-ENV.json Testing Variables > > :: ENV (1/3) passed! > > 2 variable-ENV.json Testing Variables > > :: ENV (2/3) passed! > > 3 variable-ENV.json Testing Variables > > :: ENV (3/3) passed! > > > > Ran a total of: 3 regression tests - All tests passed. 0 skipped test(s). > > 0 disabled test(s). > > > > > > I've tried with pbuilder, here is the relevant part of the log: > > > > ( 3/ 0/ 3): test/test-cases/regression/variable-ENV.json > > ... > > ... > > RUN: test/test-cases/regression/variable-ENV.json > > ================================================= > > > > :test-result: PASS variable-ENV.json:Testing Variables :: ENV (1/3) > > > > ./regression_tests .././test/test-cases/regression/variable-ENV.json:1 > > :test-result: PASS variable-ENV.json:Testing Variables :: ENV (2/3) > > > > ./regression_tests .././test/test-cases/regression/variable-ENV.json:2 > > :test-result: PASS variable-ENV.json:Testing Variables :: ENV (3/3) > > > > ./regression_tests .././test/test-cases/regression/variable-ENV.json:3 > > ... > > > > > > (but there are another failed tests with pbuilder: > > > > UN: test/test-cases/regression/config-secremoterules.json > > ========================================================== > > > > :test-result: FAIL config-secremoterules.json:Include remote rules > > > > ./regression_tests > > .././test/test-cases/regression/config-secremoterules.json:1 > > :test-result: FAIL config-secremoterules.json:Include remote rules - > > failed download (Abort) > > > > ./regression_tests > > .././test/test-cases/regression/config-secremoterules.json:2 > > :test-result: PASS config-secremoterules.json:Include remote rules - > > failed download (Warn) > > > > > > this occured I guess that I'm behind proxy, and didn't pass > > http_proxy env to pbuilder. > > > > > > > > ./regression_tests > > .././test/test-cases/regression/operator-ipMatchFromFile.json:2 > > :test-result: FAIL operator-ipMatchFromFile.json:Testing Operator :: > > @ipMatchFromFile - https > > > > ./regression_tests > > .././test/test-cases/regression/operator-ipMatchFromFile.json:3 > > > > also could occured by network problem) > > > > > > I can't reproduce your issue on amd64 arch. > > > > > > May be this can helps you, here is the output of ldd of compiled shared > > object > > which built in regular system (not with pbuilder) > > > > https://pastebin.com/svAjTek9 > > > > may be some library needs...? > > > > > > regards, > > > > > > a. > > > > > > > > _______________________________________________ > > mod-security-packagers mailing list > > mod...@li... > > https://lists.sourceforge.net/lists/listinfo/mod-security-packagers > > > _______________________________________________ > mod-security-packagers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-packagers -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico mailto/sip: ag...@in... | en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 |
|
From: Ervin H. <ai...@gm...> - 2018-10-19 20:47:53
|
Hi folks, On Fri, Oct 19, 2018 at 07:34:48PM +0200, Alberto Gonzalez Iniesta wrote: > Neither can I, that's why I asked for help :-) > Those errors are from build daemons. Logs: > > > > > https://buildd.debian.org/status/package.php?p=modsecurity&suite=sid just a quick notice: on this list, I just found logfile for i386: https://buildd.debian.org/status/fetch.php?pkg=modsecurity&arch=i386&ver=3.0.2-1&stamp=1539703808&raw=0 but there isn't logfile for amd64. May be there is an architectural difference, which triggers this error - I still can't reproduce on amd64, but the other 3 FAIL test occures with other method. I think that if I can found the reason for these bugs, we can fix it on i386 too. The 3 failed tests occure only in chroot, but all of them comes always. When I leave the chroot, but it's still mounted, I change dir to, and run test again, then I got also error, but for other test case: Test failed. From: test-cases/regression/operator-detectxss.json. Test name: Testing Operator :: @detectXSS. Reason: Debug log was not matching the expected results. Expecting: Added DetectXSS match TX.0: f\(f\(f Debug log: If I build the package out of chroot, all test has passed. I'll continue at weekend. Regards, a. |
|
From: Ervin H. <ai...@gm...> - 2018-10-21 14:28:45
|
Hi all, On Fri, Oct 19, 2018 at 07:34:48PM +0200, Alberto Gonzalez Iniesta wrote: > Neither can I, that's why I asked for help :-) > Those errors are from build daemons. Logs: > > > > > https://buildd.debian.org/status/package.php?p=modsecurity&suite=sid looks like I have the solution. Here is the build log: https://buildd.debian.org/status/fetch.php?pkg=modsecurity&arch=i386&ver=3.0.2-1&stamp=1539703808&raw=0 and here is the failed test: :test-result: FAIL variable-ENV.json:Testing Variables :: ENV (2/3) ./regression_tests .././test/test-cases/regression/variable-ENV.json:2 here is the 2nd test in that file: 82 "expected":{ 83 "debug_log":"Variable: ENV:TERM" 84 }, 85 "rules":[ 86 "SecRuleEngine On", 87 "SecRule ENV:TERM \"@contains test\" \"id:1,phase:3,pass,t:trim\"" 88 ] so the expected result is that the test shows the TERM environment variable. But looks like sbuild (which is the official build system of Debian) doesn't have ENV variable until the build flow. That's why Felipe any me could build and ran test cases successfully, but the build daemon can't. I've installed the sbuild on my unstable vm, and make this modification: 8,9d7 < export TERM=$(shell if [ -z $TERM ]; then echo "linux"; else echo $TERM; fi) < the new version of d/rules looks like this: ==%== #!/usr/bin/make -f DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) # move modsec-rules-check (lib debugging/testing tool) to libexec to avoid # an extra package while keeping the library package multiarch CONFIGURE_EXTRA_FLAGS += --bindir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH)/libexec export TERM=$(shell if [ -z $TERM ]; then echo "linux"; else echo $TERM; fi) %: dh $@ ... ==%== Note, that we could put a simple export TERM=linux line to rules, but if somebody wants to build the package for its own use, then it overwrites the TERM env, but this solution prevents that. May be there is an other elegant way to pass an ENV to dh (debhelper), but only this worked for me. Hope that it helps you :), regards, a. |
|
From: Ervin H. <ai...@gm...> - 2018-10-31 23:02:10
|
Hi Alberto, On Fri, Oct 19, 2018 at 10:39:00AM +0200, Alberto Gonzalez Iniesta wrote: > Hi, > > I'm happy to announce that the package for (lib)mod-security 3.x entered > Debian unstable this week. But some issues arose in the testing suite > with some/all of the architectures: > > - In most of them this test fails: > > ./regression_tests .././test/test-cases/regression/variable-ENV.json:1 > :test-result: FAIL variable-ENV.json:Testing Variables :: ENV (2/3) > > - In some (i.e. s390) a bunch of ip matching rules tests fail [1] > > > You may see all the build logs here: > https://buildd.debian.org/status/package.php?p=modsecurity&suite=sid > > Some help with these issues would be really apreciated. as we discussed previously, the make check (dh_auto_test) was fixed wth a temporary TERM environment. Meantime I've worked on package, and make a branch for it: https://github.com/airween/ModSecurity/tree/v3/debian I didn't found any modsecurity repository on Salsa, so I thought it would be better first commit only my repository. Please review it - the lintian only gives _one_ warning (nothing else!): P: modsecurity source: debian-watch-does-not-check-gpg-signature See the changelog for full list of modifications: https://github.com/airween/ModSecurity/blob/v3/debian/debian/changelog I think that the package isn't ready, there are several step to do to finish (eg: python library package - but as I see, the Python binding in this format is not so fine. I'll check it soon. Documentation also missing (doc/ directory contains only Makefile and a doxygen.conf). Regards, a. > Regards, > > Alberto > > > [1] > > ./regression_tests .././test/test-cases/regression/operator-ipMatchFromFile.json:1 > :test-result: PASS operator-ipMatchFromFile.json:Testing Operator :: @ipMatchFromFile - file not found > > ./regression_tests .././test/test-cases/regression/operator-ipMatchFromFile.json:2 > :test-result: FAIL operator-ipMatchFromFile.json:Testing Operator :: @ipMatchFromFile - https > > RUN: test/test-cases/secrules-language-tests/operators/ipMatch.json > =================================================================== > > :test-result: FAIL ipMatch 10.10.10.10 > :test-result: PASS ipMatch 10.10.10.11 > :test-result: FAIL ipMatch 10.10.10.11 > :test-result: PASS ipMatch 10.10.7.254 > :test-result: FAIL ipMatch 10.10.8.1 > :test-result: PASS ipMatch 10.10.16.1 > :test-result: FAIL ipMatch 10.10.15.254 > :test-result: FAIL ipMatch 192.168.1.254 > :test-result: PASS ipMatch 10.10.10.11 > :test-result: FAIL ipMatch 156.149.152.152 > :test-result: PASS ipMatch 10.10.10.11 > :test-result: FAIL ipMatch 10.0.0.11 > :test-result: FAIL ipMatch 10.10.10.11 > :test-result: FAIL ipMatch 10.10.10.11 > > > > > -- > Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico > mailto/sip: ag...@in... | en GNU/Linux y software libre > Encrypted mail preferred | http://inittab.com > > Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 > > > _______________________________________________ > mod-security-packagers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-packagers |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X