• Bug#1102965: pkcs11-provider: FTBFS in testing: tests failures (1/12)

    From Lucas Nussbaum@21:1/5 to All on Sun Apr 13 14:50:04 2025
    Source: pkcs11-provider
    Version: 1.0-2
    Severity: serious
    Justification: FTBFS
    Tags: trixie sid ftbfs
    User: lucas@debian.org
    Usertags: ftbfs-20250412 ftbfs-trixie

    Hi,

    During a rebuild of all packages in testing (trixie), your package failed
    to build on amd64.


    Relevant part (hopefully):
    ==================================== 1/92 ====================================
    test: pkcs11-provider:softokn / setup
    start time: 10:06:36
    duration: 0.03s
    result: exit status 0
    command: SHARED_EXT=.so TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so LIBSPATH=/
    build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=77 UBSAN_OPTIONS=halt_on_
    error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MESON_TEST_ITERATION=1 SOFTOKNPATH=/usr/lib/x86_64-linux-gnu /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softokn
    ----------------------------------- stdout -----------------------------------
    ########################################
    ## Setup NSS Softokn

    NSS's certutil command is required
    ----------------------------------- stderr -----------------------------------
    + source /build/reproducible-path/pkcs11-provider-1.0/tests/helpers.sh
    ++ : /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ++ helper_emit=1
    ++ sed --version
    ++ grep -q 'GNU sed'
    ++ sed_inplace=('-i')
    ++ export sed_inplace
    + '[' 1 -ne 1 ']'
    + TOKENTYPE=softokn
    + SUPPORT_ED25519=1
    + SUPPORT_ED448=1
    + SUPPORT_RSA_PKCS1_ENCRYPTION=1
    + SUPPORT_RSA_KEYGEN_PUBLIC_EXPONENT=1
    + SUPPORT_TLSFUZZER=1
    + SUPPORT_ALLOWED_MECHANISMS=0
    ++ opensc-tool -i
    ++ grep OpenSC
    ++ sed -e 's/OpenSC 0\.\([0-9]*\).*/\1/'
    Failed to establish context: Unable to load external module
    + OPENSC_VERSION=26
    + [[ 26 -le 25 ]]
    + [[ '' = \1 ]]
    ++ cat /proc/sys/crypto/fips_enabled
    + [[ 0 = \1 ]]
    + TMPPDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn
    + TOKDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn/tokens
    + '[' -d /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn ']'
    + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn
    + mkdir /build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn/tokens
    + PINVALUE=12345678
    + PINFILE=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softokn/pinfile.txt
    + echo 12345678
    + export GNUTLS_PIN=12345678
    + GNUTLS_PIN=12345678
    + '[' softokn == softhsm ']'
    + '[' softokn == softokn ']'
    + source /build/reproducible-path/pkcs11-provider-1.0/tests/softokn-init.sh ++ title SECTION 'Setup NSS Softokn'
    ++ case "$1" in
    ++ shift 1
    ++ echo '########################################'
    ++ echo '## Setup NSS Softokn'
    ++ echo ''
    ++ command -v certutil
    ++ echo 'NSS'\''s certutil command is required'
    ++ exit 0 ==============================================================================

    ==================================== 2/92 ====================================
    test: pkcs11-provider:softhsm / setup
    start time: 10:06:36
    duration: 2.90s
    result: exit status 0
    command: TESTSSRCDIR=/build/reproducible-path/pkcs11-provider-1.0/tests MSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 P11KITCLIENTPATH=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-client.so LIBSPATH=/build/
    reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/src TESTBLDDIR=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 MALLOC_PERTURB_=73 MESON_TEST_ITERATION=1
    UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 SHARED_EXT=.so SOFTOKNPATH=/usr/lib/x86_64-linux-gnu /build/reproducible-path/pkcs11-provider-1.0/tests/setup.sh softhsm
    ----------------------------------- stdout -----------------------------------
    ########################################
    ## Searching for SoftHSM PKCS#11 library

    Using softhsm path /usr/lib/softhsm/libsofthsm2.so ########################################
    ## Set up testing system

    Slot 0 has a free/uninitialized token.
    The token has been initialized and is reassigned to slot 1294896537
    Creating new Self Sign CA
    Key pair generated:
    Private Key Object; RSA
    label: caCert
    ID: 0000
    Usage: decrypt, sign, signRecover, unwrap
    Access: sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0000;object=caCert;type=private
    Public Key Object; RSA 2048 bits
    label: caCert
    ID: 0000
    Usage: encrypt, verify, verifyRecover, wrap
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0000;object=caCert;type=public
    Generating a self signed certificate...
    X.509 Certificate Information:
    Version: 3
    Serial Number (hex): 02
    Validity:
    Not Before: Sat Apr 12 10:06:36 UTC 2025
    Not After: Sun Apr 12 10:06:36 UTC 2026
    Subject: CN=Issuer
    Subject Public Key Algorithm: RSA
    Algorithm Security Level: Medium (2048 bits)
    Modulus (bits 2048):
    00:97:dd:d0:98:d2:97:f5:e2:e2:b8:42:88:c6:db:66
    17:2b:86:86:4a:aa:67:38:df:c0:49:cb:d2:4c:af:c9
    87:0f:8f:b2:01:45:6d:23:83:67:bc:fc:bc:56:0c:cc
    ff:84:11:4e:eb:25:ce:ad:bd:78:f1:c1:96:75:1b:0b
    86:de:6a:f8:85:17:c4:2e:94:74:2f:59:d2:c8:52:f8
    a1:cf:db:cf:ae:cd:9d:1c:8f:70:61:20:e4:4d:ca:f9
    93:cd:55:a4:6d:26:47:0e:db:98:1b:37:63:2d:1f:21
    ea:05:1e:50:f0:cf:8d:d7:6a:55:90:c1:d2:9c:3e:6e
    92:29:bd:7d:c8:7f:7a:d5:99:c1:73:2e:4d:b9:55:28
    85:36:ae:f1:07:93:2f:ad:fe:de:6d:e5:dd:dc:d4:eb
    3a:50:d2:ef:9f:6e:8b:47:ae:66:80:44:78:81:7a:9e
    29:9f:f1:77:28:3a:64:fd:50:23:f2:68:43:cb:45:c0
    9f:d6:a3:f0:54:7e:bd:94:b5:22:f2:fe:ed:75:e8:3c
    b7:08:91:d5:2b:16:1e:57:45:eb:e7:5c:cc:3f:6e:43
    f4:4e:a7:5d:a3:93:ef:c5:05:e4:d8:a4:f3:ca:48:54
    6a:01:16:e7:d7:97:37:f5:59:21:ad:96:d2:38:21:1a
    53
    Exponent (bits 24):
    01:00:01
    Extensions:
    Basic Constraints (critical):
    Certificate Authority (CA): TRUE
    Subject Alternative Name (not critical):
    RFC822Name: testcert@example.org
    Key Usage (critical):
    Digital signature.
    Certificate signing.
    Subject Key Identifier (not critical):
    2ca0f2260aede7a30019ccc81dbf836bef78a80f
    Other Information:
    Public Key ID:
    sha1:2ca0f2260aede7a30019ccc81dbf836bef78a80f
    sha256:83961662a93ea8af754c29aad083afff485433323225151764a3d7f205a89028
    Public Key PIN:
    pin-sha256:g5YWYqk+qK91TCmq0IOv/0hUMzIyJRUXZKPX8gWokCg=



    Signing certificate...
    Created certificate:
    Certificate Object; type = X.509 cert
    label: caCert
    subject: DN: CN=Issuer
    serial: 02
    ID: 0000
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0000;object=caCert;type=cert
    RSA PKCS11 URIS
    pkcs11:id=%00%00?pin-value=12345678 pkcs11:id=%00%00?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt
    pkcs11:id=%00%00
    pkcs11:type=public;id=%00%00
    pkcs11:type=private;id=%00%00
    pkcs11:type=cert;object=caCert

    Key pair generated:
    Private Key Object; RSA
    label: testCert
    ID: 0001
    Usage: decrypt, sign, signRecover, unwrap
    Access: sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0001;object=testCert;type=private
    Public Key Object; RSA 2048 bits
    label: testCert
    ID: 0001
    Usage: encrypt, verify, verifyRecover, wrap
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0001;object=testCert;type=public
    Created certificate:
    Certificate Object; type = X.509 cert
    label: testCert
    subject: DN: O=PKCS11 Provider, CN=My Test Cert
    serial: 03
    ID: 0001
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert
    RSA PKCS11 URIS
    pkcs11:id=%00%01?pin-value=12345678 pkcs11:id=%00%01?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt
    pkcs11:id=%00%01
    pkcs11:type=public;id=%00%01
    pkcs11:type=private;id=%00%01
    pkcs11:type=cert;object=testCert

    Key pair generated:
    Private Key Object; EC
    label: ecCert
    ID: 0002
    Usage: decrypt, sign, signRecover, unwrap, derive
    Access: sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0002;object=ecCert;type=private
    Public Key Object; EC EC_POINT 256 bits
    EC_POINT: 044104c1842e81b2469ee3cc032172505d1355731de7ef2f745fe90ee52b485c2b8c3c7cb528a5f4d1c5c5e945d41ecce396f4b648cad5650bc97365933a20d38afdbb
    EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
    label: ecCert
    ID: 0002
    Usage: encrypt, verify, verifyRecover, wrap, derive
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0002;object=ecCert;type=public
    Created certificate:
    Certificate Object; type = X.509 cert
    label: ecCert
    subject: DN: O=PKCS11 Provider, CN=My EC Cert
    serial: 04
    ID: 0002
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert
    Key pair generated:
    Private Key Object; EC
    label: ecPeerCert
    ID: 0003
    Usage: decrypt, sign, signRecover, unwrap, derive
    Access: sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private
    Public Key Object; EC EC_POINT 256 bits
    EC_POINT: 044104b1dd6ac3d230be435bdfb42f0f30606b3d08c23d7f754b4f97ecce27f23443579136398c1b4d16e6727de33c2ec2bb3c729c2828ae91fd55b715b3b537b5680b
    EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
    label: ecPeerCert
    ID: 0003
    Usage: encrypt, verify, verifyRecover, wrap, derive
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public
    Generating a self signed certificate...
    X.509 Certificate Information:
    Version: 3
    Serial Number (hex): 05
    Validity:
    Not Before: Sat Apr 12 10:06:36 UTC 2025
    Not After: Sun Apr 12 10:06:36 UTC 2026
    Subject: CN=My Peer EC Cert
    Subject Public Key Algorithm: EC/ECDSA
    Algorithm Security Level: High (256 bits)
    Curve: SECP256R1
    X:
    00:b1:dd:6a:c3:d2:30:be:43:5b:df:b4:2f:0f:30:60
    6b:3d:08:c2:3d:7f:75:4b:4f:97:ec:ce:27:f2:34:43
    57
    Y:
    00:91:36:39:8c:1b:4d:16:e6:72:7d:e3:3c:2e:c2:bb
    3c:72:9c:28:28:ae:91:fd:55:b7:15:b3:b5:37:b5:68
    0b
    Extensions:
    Basic Constraints (critical):
    Certificate Authority (CA): TRUE
    Subject Alternative Name (not critical):
    RFC822Name: testcert@example.org
    Key Usage (critical):
    Digital signature.
    Certificate signing.
    Subject Key Identifier (not critical):
    22193a45d27d2bbbf5cd054260844f7c3b3f6252
    Other Information:
    Public Key ID:
    sha1:22193a45d27d2bbbf5cd054260844f7c3b3f6252
    sha256:7f1d8653aba265791d06af946750031776051cba49d6004b249cf56e27bb1f99
    Public Key PIN:
    pin-sha256:fx2GU6uiZXkdBq+UZ1ADF3YFHLpJ1gBLJJz1bie7H5k=



    Signing certificate...
    Created certificate:
    Certificate Object; type = X.509 cert
    label: ecPeerCert
    subject: DN: CN=My Peer EC Cert
    serial: 05
    ID: 0003
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert
    EC PKCS11 URIS
    pkcs11:id=%00%02?pin-value=12345678 pkcs11:id=%00%02?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt
    pkcs11:id=%00%02
    pkcs11:type=public;id=%00%02
    pkcs11:type=private;id=%00%02
    pkcs11:type=cert;object=ecCert
    pkcs11:id=%00%03?pin-value=12345678 pkcs11:id=%00%03?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt
    pkcs11:id=%00%03
    pkcs11:type=public;id=%00%03
    pkcs11:type=private;id=%00%03
    pkcs11:type=cert;object=ecPeerCert

    Key pair generated:
    Private Key Object; EC_EDWARDS
    label: edCert
    ID: 0004
    Usage: decrypt, sign, signRecover, unwrap, derive
    Access: sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0004;object=edCert;type=private
    Public Key Object; EC_EDWARDS EC_POINT 272 bits
    EC_POINT: 04209d160e5d8797c5146f6f4727d518dd4e4f976bbbb488d7dcd9ab2141f6137cd2
    EC_PARAMS: 130c656477617264733235353139 (PrintableString edwards25519)
    label: edCert
    ID: 0004
    Usage: encrypt, verify, verifyRecover, wrap, derive
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0004;object=edCert;type=public
    Created certificate:
    Certificate Object; type = X.509 cert
    label: edCert
    subject: DN: O=PKCS11 Provider, CN=My ED25519 Cert
    serial: 06
    ID: 0004
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0004;object=edCert;type=cert
    ED25519 PKCS11 URIS
    pkcs11:id=%00%04;pin-value=12345678 pkcs11:id=%00%04;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt
    pkcs11:id=%00%04
    pkcs11:type=public;id=%00%04
    pkcs11:type=private;id=%00%04
    pkcs11:type=cert;object=edCert
    Key pair generated:
    Private Key Object; EC_EDWARDS
    label: ed2Cert
    ID: 0009
    Usage: decrypt, sign, signRecover, unwrap, derive
    Access: sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=private
    Public Key Object; EC_EDWARDS EC_POINT 472 bits
    EC_POINT: 0439063062cb569a5317cd250ad5c7d7af0f4ddb208e4e5ab38ef13674d154836d97b7731a0649c324c996f3c01daa17ed4ed3c64d6e205ca2ad00
    EC_PARAMS: 06032b6571 (OID 1.3.101.113)
    label: ed2Cert
    ID: 0009
    Usage: encrypt, verify, verifyRecover, wrap, derive
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public
    Created certificate:
    Certificate Object; type = X.509 cert
    label: ed2Cert
    subject: DN: O=PKCS11 Provider, CN=My ED448 Cert
    serial: 07
    ID: 0009
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=cert
    ED448 PKCS11 URIS
    pkcs11:id=%00%09;pin-value=12345678 pkcs11:id=%00%09;pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt
    pkcs11:id=%00%09
    pkcs11:type=public;id=%00%09
    pkcs11:type=private;id=%00%09
    pkcs11:type=cert;object=ed2Cert

    ## generate RSA key pair, self-signed certificate, remove public key
    Key pair generated:
    Private Key Object; RSA
    label: testCert2
    ID: 0005
    Usage: decrypt, sign, signRecover, unwrap
    Access: sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private
    Public Key Object; RSA 2048 bits
    label: testCert2
    ID: 0005
    Usage: encrypt, verify, verifyRecover, wrap
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0005;object=testCert2;type=public
    Created certificate:
    Certificate Object; type = X.509 cert
    label: testCert2
    subject: DN: O=PKCS11 Provider, CN=My Test Cert 2
    serial: 08
    ID: 0005
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert
    RSA2 PKCS11 URIS
    pkcs11:id=%00%05?pin-value=12345678 pkcs11:id=%00%05?pin-source=/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt
    pkcs11:id=%00%05
    pkcs11:type=private;id=%00%05
    pkcs11:type=cert;object=testCert2


    ## generate EC key pair, self-signed certificate, remove public key
    Key pair generated:
    Private Key Object; EC
    label: ecCert2
    ID: 0006
    Usage: decrypt, sign, signRecover, unwrap, derive
    Access: sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=private
    Public Key Object; EC EC_POINT 384 bits
    EC_POINT: 0461049313e73cc5387cf0db2cd2b99e578eaac40f917f1c866c86a2207f5ca8badff82dc073a8a09d0b0048d899749ad47920d23c57104ff5e3175e8cdd249f0eba16afe0df4363cc8e724f5b08ffb8e67d3e957243fd4bf01556031cacb48722e2f0
    EC_PARAMS: 06052b81040022 (OID 1.3.132.0.34)
    label: ecCert2
    ID: 0006
    Usage: encrypt, verify, verifyRecover, wrap, derive
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=public
    Created certificate:
    Certificate Object; type = X.509 cert
    label: ecCert2
    subject: DN: O=PKCS11 Provider, CN=My EC Cert 2
    serial: 09
    ID: 0006
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert
    EC2 PKCS11 URIS
    pkcs11:id=%00%06?pin-value=12345678 pkcs11:id=%00%06?pin-source=file/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt
    pkcs11:id=%00%06
    pkcs11:type=private;id=%00%06
    pkcs11:type=cert;object=ecCert2


    ## explicit EC unsupported

    ## generate EC key pair with ALWAYS AUTHENTICATE flag, self-signed certificate
    Key pair generated:
    Private Key Object; EC
    label: ecCert3
    ID: 0008
    Usage: decrypt, sign, signRecover, unwrap, derive
    Access: always authenticate, sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private
    Public Key Object; EC EC_POINT 528 bits
    EC_POINT: 04818504019190ac142bf9254a6a0a3669e0c21a4f972d55bc3128a5844de931bd43370bbc511156aea3e694fc3d382bc87919ee07b9267e38eff4dcbb0a340f20227d6d8e0701427d1509291af9d76b72064fe29990221efd473da46304278c99cabfd1431ee8ce459117bf50b55a5416abdc6289a1ab6
    9c0d05e613d017b3c3de8b8d376508817
    EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35)
    label: ecCert3
    ID: 0008
    Usage: encrypt, verify, verifyRecover, wrap, derive
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public
    Created certificate:
    Certificate Object; type = X.509 cert
    label: ecCert3
    subject: DN: O=PKCS11 Provider, CN=My EC Cert 3
    serial: 0A
    ID: 0008
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=cert
    EC3 PKCS11 URIS
    pkcs11:id=%00%08?pin-value=12345678 pkcs11:id=%00%08?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt
    pkcs11:id=%00%08
    pkcs11:type=public;id=%00%08
    pkcs11:type=private;id=%00%08
    pkcs11:type=cert;object=ecCert3

    Key pair generated:
    Private Key Object; RSA
    label: testRsaPssCert
    ID: 0010
    Usage: decrypt, sign, signRecover, unwrap
    Access: sensitive, always sensitive, never extractable, local
    Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private
    Public Key Object; RSA 2048 bits
    label: testRsaPssCert
    ID: 0010
    Usage: encrypt, verify, verifyRecover, wrap
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public
    Created certificate:
    Certificate Object; type = X.509 cert
    label: testRsaPssCert
    subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert
    serial: 0B
    ID: 0010
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert
    RSA-PSS PKCS11 URIS
    pkcs11:id=%00%10?pin-value=12345678 pkcs11:id=%00%10?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt
    pkcs11:id=%00%10
    pkcs11:type=public;id=%00%10
    pkcs11:type=private;id=%00%10
    pkcs11:type=cert;object=testRsaPssCert

    Key pair generated:
    Private Key Object; RSA
    label: testRsaPss2Cert
    ID: 0011
    Usage: decrypt, sign, signRecover, unwrap
    Access: sensitive, always sensitive, never extractable, local
    Allowed mechanisms: SHA256-RSA-PKCS-PSS
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private
    Public Key Object; RSA 3092 bits
    label: testRsaPss2Cert
    ID: 0011
    Usage: encrypt, verify, verifyRecover, wrap
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public
    Created certificate:
    Certificate Object; type = X.509 cert
    label: testRsaPss2Cert
    subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert
    serial: 0C
    ID: 0011
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert
    RSA-PSS 2 PKCS11 URIS
    pkcs11:id=%00%11?pin-value=12345678 pkcs11:id=%00%11?pin-source=file:/build/reproducible-path/pkcs11-provider-1.0/obj-x86_64-linux-gnu/tests/softhsm/pinfile.txt
    pkcs11:id=%00%11
    pkcs11:type=public;id=%00%11
    pkcs11:type=private;id=%00%11
    pkcs11:type=cert;object=testRsaPss2Cert


    ## Show contents of softhsm token
    ----------------------------------------------------------------------------------------------------
    Certificate Object; type = X.509 cert
    label: testRsaPss2Cert
    subject: DN: O=PKCS11 Provider, CN=My RsaPss2 Cert
    serial: 0C
    ID: 0011
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=cert
    Certificate Object; type = X.509 cert
    label: testCert2
    subject: DN: O=PKCS11 Provider, CN=My Test Cert 2
    serial: 08
    ID: 0005
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0005;object=testCert2;type=cert
    Private Key Object; RSA
    label: testRsaPssCert
    ID: 0010
    Usage: decrypt, sign, signRecover, unwrap
    Access: sensitive, always sensitive, never extractable, local
    Allowed mechanisms: RSA-PKCS-PSS,SHA1-RSA-PKCS-PSS,SHA256-RSA-PKCS-PSS,SHA384-RSA-PKCS-PSS,SHA512-RSA-PKCS-PSS,SHA224-RSA-PKCS-PSS
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=private
    Certificate Object; type = X.509 cert
    label: testRsaPssCert
    subject: DN: O=PKCS11 Provider, CN=My RsaPss Cert
    serial: 0B
    ID: 0010
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=cert
    Private Key Object; RSA
    label: testCert2
    ID: 0005
    Usage: decrypt, sign, signRecover, unwrap
    Access: sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0005;object=testCert2;type=private
    Private Key Object; EC
    label: ecPeerCert
    ID: 0003
    Usage: decrypt, sign, signRecover, unwrap, derive
    Access: sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=private
    Certificate Object; type = X.509 cert
    label: testCert
    subject: DN: O=PKCS11 Provider, CN=My Test Cert
    serial: 03
    ID: 0001
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0001;object=testCert;type=cert
    Certificate Object; type = X.509 cert
    label: ecCert
    subject: DN: O=PKCS11 Provider, CN=My EC Cert
    serial: 04
    ID: 0002
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0002;object=ecCert;type=cert
    Public Key Object; EC_EDWARDS EC_POINT 472 bits
    EC_POINT: 0439063062cb569a5317cd250ad5c7d7af0f4ddb208e4e5ab38ef13674d154836d97b7731a0649c324c996f3c01daa17ed4ed3c64d6e205ca2ad00
    EC_PARAMS: 06032b6571 (OID 1.3.101.113)
    label: ed2Cert
    ID: 0009
    Usage: encrypt, verify, verifyRecover, wrap, derive
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0009;object=ed2Cert;type=public
    Public Key Object; EC EC_POINT 528 bits
    EC_POINT: 04818504019190ac142bf9254a6a0a3669e0c21a4f972d55bc3128a5844de931bd43370bbc511156aea3e694fc3d382bc87919ee07b9267e38eff4dcbb0a340f20227d6d8e0701427d1509291af9d76b72064fe29990221efd473da46304278c99cabfd1431ee8ce459117bf50b55a5416abdc6289a1ab6
    9c0d05e613d017b3c3de8b8d376508817
    EC_PARAMS: 06052b81040023 (OID 1.3.132.0.35)
    label: ecCert3
    ID: 0008
    Usage: encrypt, verify, verifyRecover, wrap, derive
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=public
    Private Key Object; RSA
    label: caCert
    ID: 0000
    Usage: decrypt, sign, signRecover, unwrap
    Access: sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0000;object=caCert;type=private
    Public Key Object; EC EC_POINT 256 bits
    EC_POINT: 044104b1dd6ac3d230be435bdfb42f0f30606b3d08c23d7f754b4f97ecce27f23443579136398c1b4d16e6727de33c2ec2bb3c729c2828ae91fd55b715b3b537b5680b
    EC_PARAMS: 06082a8648ce3d030107 (OID 1.2.840.10045.3.1.7)
    label: ecPeerCert
    ID: 0003
    Usage: encrypt, verify, verifyRecover, wrap, derive
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=public
    Certificate Object; type = X.509 cert
    label: ecCert2
    subject: DN: O=PKCS11 Provider, CN=My EC Cert 2
    serial: 09
    ID: 0006
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0006;object=ecCert2;type=cert
    Public Key Object; RSA 3092 bits
    label: testRsaPss2Cert
    ID: 0011
    Usage: encrypt, verify, verifyRecover, wrap
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=public
    Public Key Object; RSA 2048 bits
    label: testRsaPssCert
    ID: 0010
    Usage: encrypt, verify, verifyRecover, wrap
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0010;object=testRsaPssCert;type=public
    Certificate Object; type = X.509 cert
    label: ecPeerCert
    subject: DN: CN=My Peer EC Cert
    serial: 05
    ID: 0003
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0003;object=ecPeerCert;type=cert
    Public Key Object; RSA 2048 bits
    label: testCert
    ID: 0001
    Usage: encrypt, verify, verifyRecover, wrap
    Access: local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0001;object=testCert;type=public
    Private Key Object; RSA
    label: testRsaPss2Cert
    ID: 0011
    Usage: decrypt, sign, signRecover, unwrap
    Access: sensitive, always sensitive, never extractable, local
    Allowed mechanisms: SHA256-RSA-PKCS-PSS
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0011;object=testRsaPss2Cert;type=private
    Private Key Object; EC_EDWARDS
    label: edCert
    ID: 0004
    Usage: decrypt, sign, signRecover, unwrap, derive
    Access: sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0004;object=edCert;type=private
    Private Key Object; EC
    label: ecCert3
    ID: 0008
    Usage: decrypt, sign, signRecover, unwrap, derive
    Access: always authenticate, sensitive, always sensitive, never extractable, local
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=12ff3650cd2e8d99;token=SoftHSM%20Token;id=%0008;object=ecCert3;type=private

    [continued in next message]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Mon Apr 14 15:40:01 2025
    This is a multi-part message in MIME format...

    Your message dated Mon, 14 Apr 2025 13:34:47 +0000
    with message-id <E1u4JxX-0034S4-6v@fasolo.debian.org>
    and subject line Bug#1102965: fixed in pkcs11-provider 1.0-3
    has caused the Debian Bug report #1102965,
    regarding pkcs11-provider: FTBFS in testing: tests failures
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1102965: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102965
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 13 Apr 2025 12:37:46 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-106.1 required=4.0 tests=BAYES_00,DKIMWL_WL_HIGH,
    DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA,
    FROMDEVELOPER,FVGT_m_MULTI_ODD,MD5_SHA1_SUM,SPF_HELO_NONE,SPF_NONE,
    UNPARSEABLE_RELAY,USER_IN_DKIM_WELCOMELIST,USER_IN_DKIM_WHITELIST
    autolearn=ham autolearn_force=no
    version=3.4.6-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 292; hammy, 150; neutral, 322; spammy,
    0. spammytokens:
    hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin,
    0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311,
    0.000-+--H*RT:311, 0.000-+--H*RT:108
    Return-path: <lucas@debian.org>
    Received: from stravinsky.debia