1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Re: Bug#1095775: [Debian-iot-maintainers] ITP: libjwt14 -- The C JSON W

    From Ben Collins@21:1/5 to Nicolas Mora on Mon Mar 17 03:40:01 2025
    On Sat, Mar 15, 2025 at 02:07:49PM -0500, Nicolas Mora wrote:
    Hello,

    For some reasons, I can't build the package locally using your salsa repo, 3 tests fail on build:

    The following tests FAILED:
    2 - jwt_jwks (Failed)
    8 - jwt_checker (Failed)
    9 - jwt_flipflop (Failed)

    Yet I've tried building and running tests locally, both on a stable and testing machines and both work fine (cmake && make && make test)

    I don't know why I have such errors on sbuild though. Maybe because of a locales configuration? Like en-CA vs UTF8?

    I've attached my sbuild log file if you wish to investigate.

    I would suggest to add a salsa ci script to your repo [1], we may have more data from there.

    2: Gen KID(8/EdDSA): JWT[MbedTLS]: Error parsing private key
    2: Gen KID(10/EdDSA): JWT[MbedTLS]: Error parsing private key

    MbedTLS is known to fail on certain EdDSA curves and rsapss operations.
    This was part of the reason not to enable it by default. The testsuite
    does not differentiate between the compiled in ops, it runs every test
    for each one compiled in.

    I have a fix submitted to mbedtls for the rsapss case, but it's been
    sitting as a pull-request in GitHub for awhile. Haven't looked into the
    one ed curve.

    Might be best if I disable mbedtls for now.

    --
    Ben Collins
    https://libjwt.io
    https://github.com/benmcollins
    --
    3EC9 7598 1672 961A 1139 173A 5D5A 57C7 242B 22CF

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEPsl1mBZylhoRORc6XVpXxyQrIs8FAmfXiIsACgkQXVpXxyQr Is/8BxAAkuQlm9ZJsU43cikiejBUW77xg3rQjtwr/oIgdhhq3NqR3LLEdv8cu1L/ a9an3pbr88B89bOTdi99oB4fJf8lliMf+pkUI2StsHSK4Peil3u2gD3nagnub2hN 6LBUTQdOMdwVt8KiPeCHf6uW3d2wb8R8qVRy2TrtY7Ii9Bf5Gk5rm7m+jhRUe2HU fmwGMA+QuK7lGvzwxUXWR0gRprOyefH1sQfiSQNK4N/RHenYt8k7gzjmi+HlhC0z cbz5t/+ukKZWYQxsXoVxGmn0m8bTqDFBO9QZ5c7l95t88vQEmdBe0WptgM5JwB/t 9ajA9ysLNFSiDrbgwSF2K5iCuKGft63YFnhs90dSHk/wzGVPkqyTvQvNobS/nYVB g0pVHKNwsr2gSHUdK6UyxAqLH+wqOqPgUyNxO2McNlK2EYWiDaSX+cTaN94I0m1Y vJ2v/ERKNB14r4pOlayA1K3MnUAFTl4E4hCP4+3C2pg0CUAm2ZkPnfIzdFo15bOl acC5JGuAZySmgWDY+jyaUCE1QUTpCzYBKBtVoKjAsqBxwuG8CNTAq86xVOTDk+EB JTPsl0QYh5K48g142ArLEEBF3zWHUOp3ZavjzurYbqauXUF+6JShz5pJG1hUSmUV n+cF7+DiDUHAm9WN0/WLPPZNHXv0MyKfJPArBs/RrvCjeLF+vDA=
    =S2wQ
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxN
  • From Ben Collins@21:1/5 to Nicolas Mora on Fri Mar 21 23:10:01 2025
    On Fri, Mar 21, 2025 at 09:31:26AM -0500, Nicolas Mora wrote:
    Hello,

    Le 2025-03-16 à 22 h 27, Ben Collins a écrit :

    Might be best if I disable mbedtls for now.

    Yet, if I disable MbedTLS, I still have an error on jwt_jwks. The expected error message isn't the one returned by the test
    "Couldn't read a file:// file" != "Could not read a file:// file"

    Looks like the error message comes from another library (jansson?)

    2: ./tests/jwt_jwks.c:93:F:jwt_jwks:load_fromurl:0: Assertion 'jwks_error_msg(jwk_set) == "Couldn't read a file:// file"' failed: jwks_error_msg(jwk_set) == "Could not read a file:// file", "Couldn't read a file:// file" == "Couldn't read a file:// file"

    Right. Different versions of CUrl return this error message differently.
    I think there's a numeric code I can check instead.

    --
    Ben Collins
    https://libjwt.io
    https://github.com/benmcollins
    --
    3EC9 7598 1672 961A 1139 173A 5D5A 57C7 242B 22CF

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEPsl1mBZylhoRORc6XVpXxyQrIs8FAmfd4dUACgkQXVpXxyQr Is/VcA/9Fg3OJGio9bhlEaMnKJlOgFKIsQUojGlZ0oVWhnNzlSYC4xg4oX+8wnHw bXx5NRNSULtkfQGe5QQy2usdY5smvwkG4A06wTIdymFDUqsTLjxZUXm06A28EqJW bRaDmOpiVB3KztC5WB6kZ7YcTEJHVdIttxA3zKsfGfKORaNsnXadhUG/TXVWZmDV 9nnd8lWqAD3Yww7aJiDpoZE8Jiu/vp5cPc9W0EGvRUcl27xfghcxUY7q63QoH6i+ mg3D+UB3xmAT2undjxBdMUJ3I5hZfeAJmDkmzIjdqdchUMLAw8ZIRYC8q+8Y1Yk8 lOhZhwCboqZMv/z7a/giF3sdi59LJusbrFNK6654Aut1hLUH1T3uaTmdcvph0K9n WU3tJoO8ZM0LCoGFp4E6KokaKIR2o7pd8W/lmAfiYj6eTluWiJtZzWhjz4UBcdPL dbmIxFHj/VSWjduH0ngMDuYiu1470f6ShYEKm2blhDUB8Sy5Bvzfx+MCtw8R2btD hS3aRmXBP63+epMy85Z+e57y8ZlIvUqb/8iUfa/MsI9ZUhVw+x22e75GKPt3jAb3 XzzY1miIWIXxaLdQJx+MtAHnsxFP63Ecb8EVZqo1wF7bKVXEbXOCfzDUg8N8AImH wLWNyuBAKOxda114knW7CDuWuL8Zc/9bOQhvVBFp7bo6FQWGLRk=
    =F+yF
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxN
  • From Ben Collins@21:1/5 to Nicolas Mora on Thu Mar 27 12:20:01 2025
    On Fri, Mar 21, 2025 at 09:31:26AM -0500, Nicolas Mora wrote:
    Hello,

    Le 2025-03-16 à 22 h 27, Ben Collins a écrit :

    Might be best if I disable mbedtls for now.

    Yet, if I disable MbedTLS, I still have an error on jwt_jwks. The expected error message isn't the one returned by the test
    "Couldn't read a file:// file" != "Could not read a file:// file"

    Looks like the error message comes from another library (jansson?)

    Upstream 3.2.1 merged, which fixes this issue in the tests. Updated the
    salsa repo. I think it's pretty much good to go now.

    Thanks again for all the feedback.

    --
    Ben Collins
    https://libjwt.io
    https://github.com/benmcollins
    --
    3EC9 7598 1672 961A 1139 173A 5D5A 57C7 242B 22CF

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEPsl1mBZylhoRORc6XVpXxyQrIs8FAmflMeoACgkQXVpXxyQr Is8edQ/9H+vN5t4Nzbz/kDkH6dTyNS2cYYLOPcvxQX/cFMeIiU+M8FpFHzZLkJsL 4baDZ68AI0L3YqCBXeTPECWdQ3IfP6Gbf/FOrc1hsb1+b34yeFVs/rNgu+ydXAnR +dVqKAIgczubWkTOOp0PnDYxr9M1g0rFNT7K4yfH4RC2CijNa/uGhxqi1sCajLUq Jeh9pIZwW1MxuGodQ1ZggOfKwIUhBc1bJ9Py61932UgyjF2uGQQyHUUjluGuZCCE 4+Twn9fvP4QBTQaSEn7L3Z9RgiDmOqLxtZ2bHs+ppe1Lm/5O7yGxYyvS2ayJlQwN zqagNil5AxMt8bv/JYMzCcmA1p7yKIYUUkfvkHTPy/LYVJtxCnQ0DpjveRdzikRU +ocvsr2Et8j0NXyRLD5U3cZyAW4aKAf/Z6OHNOQEvYeejKfiM2dtV0BfxVwA6XtT 6N9ryfdFkHeKQFKPEHg2V4Ca6R+PLp4Zsrzbe+Ayw1frdCuGFUBfa5iItf3v9O3F jrQkJ8C7HePISl2j+vcuwUwlMEr+1Bjh5nC8Vop8PBDOA7wQWrboOo57wj8qyhwa w61B4W5KG2J9q+uvXGpCaka30niy225KdN2W/fQSIAkxGMGCNEuxotF8Zbzqm5s3 q2DBjH/hQwW8370WYlA4gaXyeN+iWnLm6ahmpXv5r4gjuUQDK7c=
    =dxBD
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxN