From: Greg Hudson Date: Sun, 27 Jul 2025 16:44:16 +0000 (-0400) Subject: Run KEYRING ccache tests in session wrapper X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;p=thirdparty%2Fkrb5.git Run KEYRING ccache tests in session wrapper Tests for the KEYRING ccache type can fail if the session keyring has been revoked. When keyctl is present, run these tests within a keyctl session wrapper to isolate them from the containing environment's session keyring. --- diff --git a/src/config/pre.in b/src/config/pre.in index 1197c1ffd6..6a6a4adbb1 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -178,6 +178,7 @@ KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include LDFLAGS = @LDFLAGS@ LIBS = @LIBS@ FUZZ_LDFLAGS = @FUZZ_LDFLAGS@ +KEYCTL_SESSION = @KEYCTL_SESSION@ INSTALL=@INSTALL@ INSTALL_STRIP= diff --git a/src/configure.ac b/src/configure.ac index bf6cc14c52..7313bc5528 100644 --- a/src/configure.ac +++ b/src/configure.ac @@ -351,6 +351,14 @@ if test "$with_keyutils" != no; then fi fi +# Check for keyctl. If it is found, define a command prefix for +# running a command inside a keyring session. Include "env" in the +# wrapper to allow environment variable settings in the wrapped +# command. +AC_CHECK_PROG(KEYCTL,keyctl,keyctl) +AS_IF([test x"$KEYCTL" != x], [KEYCTL_SESSION="keyctl session - env"]) +AC_SUBST([KEYCTL_SESSION]) + # The SPAKE preauth plugin currently supports edwards25519 natively, # and can support three NIST groups using OpenSSL. HAVE_SPAKE_OPENSSL=no diff --git a/src/lib/krb5/ccache/Makefile.in b/src/lib/krb5/ccache/Makefile.in index 2864e92b96..449f74bf44 100644 --- a/src/lib/krb5/ccache/Makefile.in +++ b/src/lib/krb5/ccache/Makefile.in @@ -145,11 +145,11 @@ t_marshal: $(T_MARSHAL_OBJS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $@ $(T_MARSHAL_OBJS) $(KRB5_BASE_LIBS) check-unix: t_cc t_marshal - $(RUN_TEST) ./t_cc + $(RUN_TEST) $(KEYCTL_SESSION) ./t_cc $(RUN_TEST) ./t_marshal testcache check-pytests: t_cccursor t_cccol - $(RUNPYTEST) $(srcdir)/t_cccol.py $(PYTESTFLAGS) + $(KEYCTL_SESSION) $(RUNPYTEST) $(srcdir)/t_cccol.py $(PYTESTFLAGS) clean-unix:: $(RM) t_cc t_cc.o t_cccursor t_cccursor.o t_cccol t_cccol.o diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in index 80ac35aacc..52c5777b49 100644 --- a/src/tests/Makefile.in +++ b/src/tests/Makefile.in @@ -150,7 +150,7 @@ check-pytests: responder s2p s4u2proxy unlockiter s4u2self $(RUNPYTEST) $(srcdir)/t_keyrollover.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_renew.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_renprinc.py $(PYTESTFLAGS) - $(RUNPYTEST) $(srcdir)/t_ccache.py $(PYTESTFLAGS) + $(KEYCTL_SESSION) $(RUNPYTEST) $(srcdir)/t_ccache.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_stringattr.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_sesskeynego.py $(PYTESTFLAGS) $(RUNPYTEST) $(srcdir)/t_crossrealm.py $(PYTESTFLAGS)