On Sun, Mar 08, 2020 at 10:59:19AM +0000, Zbigniew Jędrzejewski-Szmek wrote:
Hi,
for a recent systemd build, the automated tests results showed failure [1],
and one of the failing tests was fedora-ci.koji-build.rpminspect.static-analysis.
When I click on the label, I get redirected to [2], which is a long list
of stuff like "print message" and "shell script" and "ci notifier". They
are all green, and after clicking on one of them to unroll it, the
display jumps, so it took me a while to figure out that the interesting
item is one of the "shell scripts". Dunno, when doing this a second time
I wouldn't be confused so much, but a slightly less elaborate UI which
makes the failing test result more prominent would be nice.
[1] https://bodhi.fedoraproject.org/updates/FEDORA-2020-b49f1d9b82
[2] http://fedora-build-checks.apps.ci.centos.org/blue/organizations/jenkins/fedora-rpminspect/detail/fedora-rpminspect/3219/pipeline/
Anyhoo, getting to the failing test:
there's a long list of two repeated items:
[2020-03-06T13:45:51.450Z] rpminspect output for humans - see rpminspect.json for full details
[2020-03-06T13:45:51.450Z] Overall Result: NOT PASSED
[2020-03-06T13:45:51.450Z] NOT PASSED items:
[2020-03-06T13:45:51.450Z] header-metadata:
[2020-03-06T13:45:51.450Z] message: Package Build Host "unused" is not within an expected build host subdomain in systemd-tests-debuginfo-245-1.fc33.s390x
[2020-03-06T13:45:51.450Z] remedy: Make sure the SRPM is built on a host within the expected subdomain.
Seems fully bogus? "unused" might be a placeholder value, but even
if it wasn't, we have a dedicated server farm to build things.
As a packager, I don't have any control over the hostname of the
builder and I shouldn't ever need to care.
I'm not sure if this is still a policy requirement, but as I have worked my
way through rpminspect's ancestor I came across this check. It looks at the
build host in the RPM headers and looks to see if the hostname ends with a
particular string. For Fedora packages, that would be ".fedoraproject.org"
and for RHEL packages, that would be ".redhat.com".
The substring that it looks for can be configured in
/etc/rpminspect/rpminspect.conf. The setting is "buildhost_subdomain" and
probably looks like this on Fedora:
buildhost_subdomain = ".fedoraproject.org .bos.redhat.com"
The .bos.redhat.com part is there for s390x builds.
If you don't want to run this test, you can comment out buildhost_subdomain in
rpminspect.conf. Given the string is "unused" in your output, I'm not sure if
we have changed policy to just stop writing that data out (or if rpm did...).
Since rpminspect is running here as part of gating, the config file changes
need to happen on that side. *but*, the config file comes from the
rpminspect-data-fedora package and anyone can send a pull request to that to
adjust things:
https://github.com/rpminspect/rpminspect-data-fedora
[2020-03-06T13:45:51.451Z] elf-object-properties:
[2020-03-06T13:45:51.451Z] message: /usr/lib/systemd/tests/test-dhcp-client may use functions unsuitable for IPv6 support on s390x
[2020-03-06T13:45:51.451Z] remedy: Please review all usages of IPv4-only functions and ensure IPv6 compliance.
I understand the sentiment, but what is "functions unsuitable for IPv6
support on s390x"? I'm not a s390x expert, and the code is using general
linux apis. Is this message talking about some s390x-specific bug? How am
I supposed to figure this out, without any function name or hint what to
look for specifically? (Obviously, in the case of a test binary for
DHCPv4, it might be fully legitimately using IPv4-only constructs…).
That's a really good question. The remedy string is meant to be guidance for
the package maintainer and in this case it sure would be helpful if you knew
what those functions were. I do my best with these strings, but feedback like
this is really good. Also, feel free to refine any of these by sending a pull
request to:
https://github.com/rpminspect/rpminspect
And if you don't want to send a PR, you can just file an Issue and explain
what the string should be.
In this case, the blacklisted functions are listed in
/etc/rpminspect/rpminspect.conf as the value of the elf_ipv6_blacklist. That
looks like this in rpminspect-data-fedora:
elf_ipv6_blacklist = "gethostbyname gethostbyname2 gethostbyaddr inet_addr
inet_aton inet_nsap_addr inet_ntoa inet_nsap_ntoa inet_makeaddr inet_netof
inet_network inet_neta inet_net_ntop inet_net_pton rcmd rexec rresvport"
What should I do to make the tests green? The first issue seems to be
something that should be squashed by a general Fedora override (or the
test just removed). For the second unfathomable one, I'd add an override,
but I have no idea how...
For the first issue, depending on what our policy is now around setting the
buildhost in the RPM header we need to either comment out buildhost_subdomain
or change it in rpminspect.conf in the rpminspect-data-fedora package. If you
can follow up on that and send a PR to rpminspect-data-fedora, I can merge it
and do a new release.
For the second issue, look through your code for any of those functions and
port to their replacements. If you need help with that, just let me know.
There are many examples online on porting over from deprecated inet functions
to newer ones. Here's a place to start:
https://akkadia.org/drepper/userapi-ipv6.html
Thanks,
--
David Cantrell <dcantrell@xxxxxxxxxx>
Red Hat, Inc. | Boston, MA | EST5EDT
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
