--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package keyutils
Dear Release Team,
please unblock keyutils. The only source-related change was a
refactoring of the patches related to kernel feature tests. Build-wise,
post-build tests have been re-enabled for MIPS.
All other changes are improvements to autopkgtest testing, chiefly
* Splitting tests into those requiring machine-isolation or not
* Saving test artifacts.
Full debdiff attached.
Regards,
Christian
unblock keyutils/1.6-6
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff -Nru keyutils-1.6/debian/changelog keyutils-1.6/debian/changelog
--- keyutils-1.6/debian/changelog 2019-02-12 07:36:31.000000000 +0100
+++ keyutils-1.6/debian/changelog 2019-03-06 17:18:19.000000000 +0100
@@ -1,3 +1,55 @@
+keyutils (1.6-6) unstable; urgency=medium
+
+ * d/tests:
+ - Use set -e only for test setup
+ - upstream-runtime-tests
+ + Skip tests requiring root
+ They don't work with some container solutions due to their close
+ interaction with the kernel. These tests are moved to
+ upstream-runtime-test-isolation. (Closes: #923156)
+ + Drop needs-root restriction
+ - upstream-runtime-tests-isolation
+ + Drop redundant tests
+ Clean out tests not requiring machine-isolation, as these are
+ performed by the test upstream-runtime-tests.
+
+ -- Christian Kastner <ckk@debian.org> Wed, 06 Mar 2019 17:18:19 +0100
+
+keyutils (1.6-5) unstable; urgency=medium
+
+ * d/tests:
+ - Save all output to $AUTOPKGTEST_ARTIFACTS
+ * d/tests:
+ - Run individual tests in AUTOPKGTEST_TMP subdirs, just in case
+
+ -- Christian Kastner <ckk@debian.org> Fri, 01 Mar 2019 15:47:59 +0100
+
+keyutils (1.6-4) unstable; urgency=medium
+
+ * d/tests: upstream-runtime-tests: Fix broken option value
+ SKIPINSTALLREQ expects "yes", not "1". This led to debci tests failing.
+ * d/changelog: Fix line too long in 1.6.0-3
+
+ -- Christian Kastner <ckk@debian.org> Fri, 22 Feb 2019 16:49:41 +0100
+
+keyutils (1.6-3) unstable; urgency=medium
+
+ * d/patches:
+ - Add Debian-specific-kernel-feature-tests.patch
+ Fold various Debian kernel feature test patches into one, dropping all
+ the other patches
+ - Drop Disable-some-tests.patch
+ The test is guarded by a kernel feature test for CONFIG_BIG_KEYS, which
+ we disable in another patch anyway
+ * d/tests: Split tests in two: isolation-machine required, or not
+ * d/control: Add Rules-Requires-Root: no
+ We don't need (fake)root to build the packages
+ * d/rules: Re-enable tests on MIPS
+ Bug #881830 blocking this has been fixed in stable in 2017, and the fix
+ should have propagated to the buildds by now
+
+ -- Christian Kastner <ckk@debian.org> Thu, 21 Feb 2019 20:49:14 +0100
+
keyutils (1.6-2) unstable; urgency=medium
* Add patchd/Disable-DH-tests.patch
diff -Nru keyutils-1.6/debian/control keyutils-1.6/debian/control
--- keyutils-1.6/debian/control 2019-02-12 07:36:31.000000000 +0100
+++ keyutils-1.6/debian/control 2019-03-06 17:18:19.000000000 +0100
@@ -5,6 +5,7 @@
Build-Depends:
debhelper-compat (= 12),
lsb-release,
+Rules-Requires-Root: no
Standards-Version: 4.3.0
Homepage: https://people.redhat.com/~dhowells/keyutils/
Vcs-Git: https://salsa.debian.org/debian/keyutils.git
diff -Nru keyutils-1.6/debian/patches/Debian-specific-kernel-feature-tests.patch keyutils-1.6/debian/patches/Debian-specific-kernel-feature-tests.patch
--- keyutils-1.6/debian/patches/Debian-specific-kernel-feature-tests.patch 1970-01-01 01:00:00.000000000 +0100
+++ keyutils-1.6/debian/patches/Debian-specific-kernel-feature-tests.patch 2019-03-06 17:18:19.000000000 +0100
@@ -0,0 +1,109 @@
+From: Christian Kastner <ckk@debian.org>
+Date: Mon, 26 May 2014 09:54:57 +0200
+Subject: Debian-specific kernel feature tests
+
+Upstream assumes features based on the kernel version, but some of these
+features aren't available in the Debian kernel, or were only enabled at a later
+point. Also, the release number comparison used by upstream breaks with sid's
+non-numeric release number of "unstable".
+
+This adjust the feature tests to reflect Debian's kernels:
+ * Drop $OSRELEASE tests
+ * Drop ancient RedHat-specific test
+ * Debian's kernel generally lacks CONFIG_BIG_KEYS
+ * Debian's kernel has CONFIG_KEY_DH_OPERATIONS since 4.19~exp1
+
+Forwarded: not-needed
+Last-Update: 2019-02-20
+---
+ tests/keyctl/padd/useradd/runtest.sh | 5 +----
+ tests/keyctl/session/valid/runtest.sh | 15 ---------------
+ tests/keyctl/show/valid/runtest.sh | 3 +--
+ tests/prepare.inc.sh | 12 +++---------
+ 4 files changed, 5 insertions(+), 30 deletions(-)
+
+diff --git a/tests/keyctl/padd/useradd/runtest.sh b/tests/keyctl/padd/useradd/runtest.sh
+index 206a163..22e3fda 100644
+--- a/tests/keyctl/padd/useradd/runtest.sh
++++ b/tests/keyctl/padd/useradd/runtest.sh
+@@ -40,10 +40,7 @@ expect_payload payload "lizard"
+ marker "UNLINK KEY"
+ unlink_key $keyid @s
+
+-if [ $skip_root_required = 0 ] && {
+- [ $OSDIST = RHEL ] && ! version_less_than $OSRELEASE 6.6 ||
+- keyutils_at_or_later_than 1.5.6 ;
+- }
++if [ $skip_root_required = 0 ] && keyutils_at_or_later_than 1.5.6
+ then
+ # add keys with huge payloads
+ old_root_quota=`cat /proc/sys/kernel/keys/root_maxbytes`
+diff --git a/tests/keyctl/session/valid/runtest.sh b/tests/keyctl/session/valid/runtest.sh
+index 4c83131..5258b17 100644
+--- a/tests/keyctl/session/valid/runtest.sh
++++ b/tests/keyctl/session/valid/runtest.sh
+@@ -9,21 +9,6 @@
+ result=PASS
+ echo "++++ BEGINNING TEST" >$OUTPUTFILE
+
+-# describe the keyring created for an anonymous session
+-if [ $OSDIST = RHEL ] && version_less_than $OSRELEASE 6
+-then
+- marker "ANON SESSION"
+- new_session - keyctl rdescribe @s "@"
+- expect_key_rdesc rdesc "keyring@.*@.*@.*@_ses[^@]*\$"
+-
+- # check the session keyring ID is shown
+- seskeyring="`tail -2 $OUTPUTFILE | head -1`"
+- if ! expr "$seskeyring" : "Joined session keyring: [0-9]*" >&/dev/null
+- then
+- failed
+- fi
+-fi
+-
+ # describe the keyring created for a named session
+ marker "NAMED SESSION"
+ new_session qwerty keyctl rdescribe @s "@"
+diff --git a/tests/keyctl/show/valid/runtest.sh b/tests/keyctl/show/valid/runtest.sh
+index cbdd85f..f7e7c9d 100644
+--- a/tests/keyctl/show/valid/runtest.sh
++++ b/tests/keyctl/show/valid/runtest.sh
+@@ -30,8 +30,7 @@ then
+ failed
+ fi
+
+-if [ $OSDIST = RHEL ] && ! version_less_than $OSRELEASE 6.6 ||
+- keyutils_at_or_later_than 1.5.6
++if keyutils_at_or_later_than 1.5.6
+ then
+ # should be eight lines in the output (banner + session + 6 keyrings)
+ marker "COUNT LINES"
+diff --git a/tests/prepare.inc.sh b/tests/prepare.inc.sh
+index ab9ae4d..3597907 100644
+--- a/tests/prepare.inc.sh
++++ b/tests/prepare.inc.sh
+@@ -82,21 +82,15 @@ fi
+ #
+ # Work out whether the big_key type is supported by the kernel
+ #
++# Debian's kernel is not built with CONFIG_BIG_KEYS
+ have_big_key_type=0
+-if [ $OSDIST = RHEL ] && ! version_less_than $OSRELEASE 7
+-then
+- # big_key is backported to 3.10 for RHEL-7
+- have_big_key_type=1
+-elif kernel_at_or_later_than 3.13-rc1
+-then
+- have_big_key_type=1
+-fi
+
+ #
+ # Work out whether Diffie-Hellman is supported by the kernel
+ #
++# Debian's kernel introduced this in 4.19~exp1
+ have_dh_compute=0
+-if keyutils_at_or_later_than 1.5.10 && kernel_at_or_later_than 4.7-rc1
++if keyutils_at_or_later_than 1.5.10 && kernel_at_or_later_than 4.19
+ then
+ have_dh_compute=1
+ fi
diff -Nru keyutils-1.6/debian/patches/Disable-DH-tests.patch keyutils-1.6/debian/patches/Disable-DH-tests.patch
--- keyutils-1.6/debian/patches/Disable-DH-tests.patch 2019-02-12 07:36:31.000000000 +0100
+++ keyutils-1.6/debian/patches/Disable-DH-tests.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,26 +0,0 @@
-From: Christian Kastner <ckk@debian.org>
-Date: Tue, 12 Feb 2019 07:31:36 +0100
-Subject: Disable DH tests
-
-Apparently, this requires a kernel feature not available on all buildds, and
-the upstream feature tests only checks for kernel version and not actually
-enabled kernel options.
----
- tests/prepare.inc.sh | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/tests/prepare.inc.sh b/tests/prepare.inc.sh
-index 12ac73e..4c7ba91 100644
---- a/tests/prepare.inc.sh
-+++ b/tests/prepare.inc.sh
-@@ -91,7 +91,9 @@ have_big_key_type=0
- have_dh_compute=0
- if keyutils_at_or_later_than 1.5.10 && kernel_at_or_later_than 4.7-rc1
- then
-- have_dh_compute=1
-+ # Deactive, as this is apparently not enabled on all buildds
-+ #have_dh_compute=1
-+ have_dh_compute=0
- fi
-
- #
diff -Nru keyutils-1.6/debian/patches/Disable-some-tests.patch keyutils-1.6/debian/patches/Disable-some-tests.patch
--- keyutils-1.6/debian/patches/Disable-some-tests.patch 2019-02-12 07:36:31.000000000 +0100
+++ keyutils-1.6/debian/patches/Disable-some-tests.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,124 +0,0 @@
-From: Christian Kastner <ckk@debian.org>
-Date: Mon, 26 May 2014 00:44:59 +0200
-Subject: Disable some tests
-
-Some tests do not properly check whether features they need are available.
-These will be fixed in the next upstream release.
-
-Forwarded: no
-Last-Update: 2019-02-09
----
- tests/bugzillas/bz1031154/runtest.sh | 87 ------------------------------------
- 1 file changed, 87 deletions(-)
- delete mode 100644 tests/bugzillas/bz1031154/runtest.sh
-
-diff --git a/tests/bugzillas/bz1031154/runtest.sh b/tests/bugzillas/bz1031154/runtest.sh
-deleted file mode 100644
-index e4d64d4..0000000
---- a/tests/bugzillas/bz1031154/runtest.sh
-+++ /dev/null
-@@ -1,104 +0,0 @@
--#!/bin/bash
--
--# Test for https://bugzilla.redhat.com/show_bug.cgi?id=1031154
--
--. ../../prepare.inc.sh
--. ../../toolbox.inc.sh
--
--# We intentionally generate AVCs so the test system shouldn't fail us
--# because the AVCs were generated.
--export AVC_ERROR=+no_avc_check
--export RHTS_OPTION_STRONGER_AVC=
--
--# ---- do the actual testing ----
--
--result=PASS
--
--if [ $have_big_key_type = 0 ]
--then
-- toolbox_skip_test $TEST "SKIPPING TEST DUE TO LACK OF BIG_KEY TYPE"
-- exit 0
--fi
--
--require_selinux
--require_command getenforce
--require_command setenforce
--require_command runcon
--require_command ausearch
--
--echo "++++ BEGINNING TEST" >$OUTPUTFILE
--
--# we need a reference time to scan the audit log from so as not to pick up old
--# results from this test.
--base_date=`date +"%x@%X"`
--base_time=${base_date#*@}
--base_date=${base_date%@*}
--sleep 1
--
--# reset the permissive audit log autocancel thing
--load_policy
--
--# we need to be in permissive mode
--marker "ENTER SELINUX PERMISSIVE MODE"
--
--mode=`getenforce`
--
--if [ "$mode" != "Permissive" ]
--then
-- echo setenforce Permissive >>$OUTPUTFILE
-- if ! setenforce Permissive
-- then
-- failed
-- fi
--fi
--
--# create a big key to probe
--marker "CREATE BIG KEY"
--pcreate_key_by_size 8192 big_key test-key @s
--expect_keyid id
--
--# check the big key is file backed and the right size
--marker "CHECK BIG KEY"
--xid=`printf %08x $id`
--
--pk=`cat /proc/keys | grep "^$xid.*test-key: 8192 \\[file\\]"`
--echo $pk >>$OUTPUTFILE
--if [ -z "$pk" ]
--then
-- echo "+++ Incorrectly created key" >>$OUTPUTFILE
-- cat /proc/keys | grep "^$xid" >>$OUTPUTFILE
-- failed
--fi
--
--# use a separate context to access the key
--marker "ACCESS INTERCONTEXT"
--
--echo runcon system_u:system_r:httpd_t:s0-s0:c0.c1023 keyctl print $id >>$OUTPUTFILE
--if ! runcon system_u:system_r:httpd_t:s0-s0:c0.c1023 keyctl print $id >/dev/null 2>>$OUTPUTFILE
--then
-- failed
--fi
--
--# examine the audit logs
--marker "EXAMINE AUDIT LOGS"
--
--echo ausearch -m AVC -i --subject httpd_t -ts $base_date $base_time \| audit2allow \| grep '-P "allow httpd_t user_tmpfs_t:file [{] (open |read )+[}];"' >>$OUTPUTFILE
--if ausearch -m AVC -i --subject httpd_t -ts $base_date $base_time 2>>$OUTPUTFILE | audit2allow 2>>$OUTPUTFILE | grep -P "allow httpd_t user_tmpfs_t:file [{] (open |read )+[}];"
--then
-- failed
--fi
--
--marker "RESTORE SELINUX MODE"
--if [ "$mode" != "Permissive" ]
--then
-- echo setenforce $mode >>$OUTPUTFILE
-- if ! setenforce $mode
-- then
-- failed
-- fi
--fi
--
--echo "++++ FINISHED TEST: $result" >>$OUTPUTFILE
--
--# --- then report the results in the database ---
--toolbox_report_result $TEST $result
diff -Nru keyutils-1.6/debian/patches/Drop-tests-requiring-CONFIG_BIG_KEYS.patch keyutils-1.6/debian/patches/Drop-tests-requiring-CONFIG_BIG_KEYS.patch
--- keyutils-1.6/debian/patches/Drop-tests-requiring-CONFIG_BIG_KEYS.patch 2019-02-12 07:36:31.000000000 +0100
+++ keyutils-1.6/debian/patches/Drop-tests-requiring-CONFIG_BIG_KEYS.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,29 +0,0 @@
-From: Christian Kastner <ckk@debian.org>
-Date: Sat, 30 Apr 2016 23:49:52 +0200
-Subject: Drop tests requiring CONFIG_BIG_KEYS
-
-The Debian kernel is not built with CONFIG_BIG_KEYS.
-
-Forwarded: not-needed
-Last-Update: 2019-02-09
----
- tests/keyctl/padd/useradd/runtest.sh | 15 ---------------
- 1 file changed, 15 deletions(-)
-
-Index: keyutils/tests/prepare.inc.sh
-===================================================================
---- keyutils.orig/tests/prepare.inc.sh
-+++ keyutils/tests/prepare.inc.sh
-@@ -82,11 +82,8 @@ fi
- #
- # Work out whether the big_key type is supported by the kernel
- #
-+# Debian's kernel is not built with CONFIG_BIG_KEYS
- have_big_key_type=0
--if kernel_at_or_later_than 3.13-rc1
--then
-- have_big_key_type=1
--fi
-
- #
- # Work out whether Diffie-Hellman is supported by the kernel
diff -Nru keyutils-1.6/debian/patches/Remove-RHEL-specific-feature-test.patch keyutils-1.6/debian/patches/Remove-RHEL-specific-feature-test.patch
--- keyutils-1.6/debian/patches/Remove-RHEL-specific-feature-test.patch 2019-02-12 07:36:31.000000000 +0100
+++ keyutils-1.6/debian/patches/Remove-RHEL-specific-feature-test.patch 1970-01-01 01:00:00.000000000 +0100
@@ -1,85 +0,0 @@
-From: Christian Kastner <ckk@debian.org>
-Date: Mon, 26 May 2014 09:54:57 +0200
-Subject: Remove RHEL-specific feature test
-
-The release number comparison breaks with sid's release number of "unstable".
-
-Forwarded: no
-Last-Update: 2019-02-09
----
- tests/keyctl/session/valid/runtest.sh | 15 ---------------
- 1 file changed, 15 deletions(-)
-
-Index: keyutils/tests/keyctl/session/valid/runtest.sh
-===================================================================
---- keyutils.orig/tests/keyctl/session/valid/runtest.sh
-+++ keyutils/tests/keyctl/session/valid/runtest.sh
-@@ -9,21 +9,6 @@
- result=PASS
- echo "++++ BEGINNING TEST" >$OUTPUTFILE
-
--# describe the keyring created for an anonymous session
--if [ $OSDIST = RHEL ] && version_less_than $OSRELEASE 6
--then
-- marker "ANON SESSION"
-- new_session - keyctl rdescribe @s "@"
-- expect_key_rdesc rdesc "keyring@.*@.*@.*@_ses[^@]*\$"
--
-- # check the session keyring ID is shown
-- seskeyring="`tail -2 $OUTPUTFILE | head -1`"
-- if ! expr "$seskeyring" : "Joined session keyring: [0-9]*" >&/dev/null
-- then
-- failed
-- fi
--fi
--
- # describe the keyring created for a named session
- marker "NAMED SESSION"
- new_session qwerty keyctl rdescribe @s "@"
-Index: keyutils/tests/prepare.inc.sh
-===================================================================
---- keyutils.orig/tests/prepare.inc.sh
-+++ keyutils/tests/prepare.inc.sh
-@@ -83,11 +83,7 @@ fi
- # Work out whether the big_key type is supported by the kernel
- #
- have_big_key_type=0
--if [ $OSDIST = RHEL ] && ! version_less_than $OSRELEASE 7
--then
-- # big_key is backported to 3.10 for RHEL-7
-- have_big_key_type=1
--elif kernel_at_or_later_than 3.13-rc1
-+if kernel_at_or_later_than 3.13-rc1
- then
- have_big_key_type=1
- fi
-Index: keyutils/tests/keyctl/show/valid/runtest.sh
-===================================================================
---- keyutils.orig/tests/keyctl/show/valid/runtest.sh
-+++ keyutils/tests/keyctl/show/valid/runtest.sh
-@@ -30,8 +30,7 @@ then
- failed
- fi
-
--if [ $OSDIST = RHEL ] && ! version_less_than $OSRELEASE 6.6 ||
-- keyutils_at_or_later_than 1.5.6
-+if keyutils_at_or_later_than 1.5.6
- then
- # should be eight lines in the output (banner + session + 6 keyrings)
- marker "COUNT LINES"
-Index: keyutils/tests/keyctl/padd/useradd/runtest.sh
-===================================================================
---- keyutils.orig/tests/keyctl/padd/useradd/runtest.sh
-+++ keyutils/tests/keyctl/padd/useradd/runtest.sh
-@@ -40,10 +40,7 @@ expect_payload payload "lizard"
- marker "UNLINK KEY"
- unlink_key $keyid @s
-
--if [ $skip_root_required = 0 ] && {
-- [ $OSDIST = RHEL ] && ! version_less_than $OSRELEASE 6.6 ||
-- keyutils_at_or_later_than 1.5.6 ;
-- }
-+if [ $skip_root_required = 0 ] && keyutils_at_or_later_than 1.5.6
- then
- # add keys with huge payloads
- old_root_quota=`cat /proc/sys/kernel/keys/root_maxbytes`
diff -Nru keyutils-1.6/debian/patches/series keyutils-1.6/debian/patches/series
--- keyutils-1.6/debian/patches/series 2019-02-12 07:36:31.000000000 +0100
+++ keyutils-1.6/debian/patches/series 2019-03-06 17:18:19.000000000 +0100
@@ -1,11 +1,8 @@
cifs.patch
cflags.patch
hardening.patch
-Disable-some-tests.patch
-Remove-RHEL-specific-feature-test.patch
+Debian-specific-kernel-feature-tests.patch
Make-build-reproducible.patch
-Drop-tests-requiring-CONFIG_BIG_KEYS.patch
endianness-and-PIE.patch
pkg-config-install-tweaks.patch
man-page-fixes.patch
-Disable-DH-tests.patch
diff -Nru keyutils-1.6/debian/rules keyutils-1.6/debian/rules
--- keyutils-1.6/debian/rules 2019-02-12 07:36:31.000000000 +0100
+++ keyutils-1.6/debian/rules 2019-03-06 17:18:19.000000000 +0100
@@ -26,7 +26,6 @@
dh_auto_install -- LIBDIR=/lib/$(DEB_HOST_MULTIARCH) USRLIBDIR=/usr/lib/$(DEB_HOST_MULTIARCH)
override_dh_auto_test:
-ifeq ($(filter $(DEB_HOST_ARCH), mips mipsel),)
# Use the library and executable we just built;
# skip tests requiring root
dh_auto_test -- \
@@ -34,14 +33,6 @@
LD_LIBRARY_PATH=$(CURDIR) \
SKIPROOTREQ=yes \
SKIPINSTALLREQ=yes
-else
- # Disable the testsuite on mips and mipsel where the kernel might not
- # have the nessesary compat keyctl syscall available.
- # This can be removed when either:
- # - All the buildds use kernel >= 4.12
- # - #881830 is fixed in stable
- echo Testsuite disabled on $(DEB_HOST_ARCH)
-endif
override_dh_missing:
dh_missing --fail-missing
diff -Nru keyutils-1.6/debian/tests/control keyutils-1.6/debian/tests/control
--- keyutils-1.6/debian/tests/control 2019-02-12 07:36:31.000000000 +0100
+++ keyutils-1.6/debian/tests/control 2019-03-06 17:18:19.000000000 +0100
@@ -1,3 +1,7 @@
Tests: upstream-runtime-tests
-Restrictions: needs-root breaks-testbed allow-stderr isolation-machine
+Restrictions: allow-stderr
+Depends: keyutils, lsb-release, file
+
+Tests: upstream-runtime-tests-isolation
+Restrictions: allow-stderr needs-root breaks-testbed isolation-machine
Depends: keyutils, lsb-release, file
diff -Nru keyutils-1.6/debian/tests/upstream-runtime-tests keyutils-1.6/debian/tests/upstream-runtime-tests
--- keyutils-1.6/debian/tests/upstream-runtime-tests 2019-02-12 07:36:31.000000000 +0100
+++ keyutils-1.6/debian/tests/upstream-runtime-tests 2019-03-06 17:18:19.000000000 +0100
@@ -1,10 +1,18 @@
#!/bin/sh
# Run upstream runtime tests
# Assumes $AUTOPKGTEST_TMP is set, see /usr/share/doc/autopkgtest/README.package-tests.gz
-set -e
# We just copy and run the entire test suite to resp. from the $AUTOPKGTEST_TMP
# directory because it generates output within each test's source directory.
-cp -r tests "$AUTOPKGTEST_TMP"
-cd "$AUTOPKGTEST_TMP"/tests
-make run
+set -e
+cp -r tests "$AUTOPKGTEST_TMP/upstream-runtime-tests"
+cd "$AUTOPKGTEST_TMP/upstream-runtime-tests"
+set +e
+
+# Skip tests requiring either root or /sbin/request-key, as they don't work
+# with some container solutions due to their close interaction with the kernel.
+# See #923156
+make SKIPROOTREQ=yes SKIPINSTALLREQ=yes run
+
+# Save all test output files so that they can be accessed from ci.debian.net
+cp -r keyctl "$AUTOPKGTEST_ARTIFACTS/upstream-runtime-tests"
diff -Nru keyutils-1.6/debian/tests/upstream-runtime-tests-isolation keyutils-1.6/debian/tests/upstream-runtime-tests-isolation
--- keyutils-1.6/debian/tests/upstream-runtime-tests-isolation 1970-01-01 01:00:00.000000000 +0100
+++ keyutils-1.6/debian/tests/upstream-runtime-tests-isolation 2019-03-06 17:18:19.000000000 +0100
@@ -0,0 +1,45 @@
+#!/bin/sh
+# Run upstream runtime tests
+# Assumes $AUTOPKGTEST_TMP is set, see /usr/share/doc/autopkgtest/README.package-tests.gz
+
+# We just copy and run the entire test suite to resp. from the $AUTOPKGTEST_TMP
+# directory because it generates output within each test's source directory.
+set -e
+cp -r tests "$AUTOPKGTEST_TMP/upstream-runtime-tests-isolation"
+cd "$AUTOPKGTEST_TMP/upstream-runtime-tests-isolation"
+set +e
+
+# Clean out tests not requiring machine-isolation, as these are performed by
+# upstream-runtime-tests
+# As of v1.6, this leaves "padd" and "requesting" as tests requiring
+# machine-isolation
+for testname in \
+ add \
+ clear \
+ describing \
+ dh_compute \
+ instantiating \
+ invalidate \
+ link \
+ listing \
+ newring \
+ noargs \
+ permitting \
+ pupdate \
+ reading \
+ restrict \
+ revoke \
+ search \
+ session \
+ show \
+ timeout \
+ unlink \
+ update
+do
+ rm -rf keyctl/$testname
+done
+
+make run
+
+# Save all test output files so that they can be accessed from ci.debian.net
+cp -r keyctl "$AUTOPKGTEST_ARTIFACTS/upstream-runtime-tests-isolation"
diff -Nru keyutils-1.6/debian/watch keyutils-1.6/debian/watch
--- keyutils-1.6/debian/watch 2019-02-12 07:36:31.000000000 +0100
+++ keyutils-1.6/debian/watch 2019-03-06 17:18:19.000000000 +0100
@@ -1,3 +1,2 @@
version=4
https://people.redhat.com/~dhowells/keyutils/keyutils-(\d.*)\.(?:tgz|tbz2|txz|tar\.(?:gz|bz2|xz))
-# Bart Martens <bartm@debian.org> Tue, 29 Jan 2013 21:10:46 +0000
--- End Message ---