1. Marcin Kasperski
  2. perl/keyring/osxkeychain
Issue #1 open

OS X Cpan install failed: ./Build test -- NOT OK

Anonymous created an issue

$ sudo cpan Passwd::Keyring::OSXKeychain CPAN: Storable loaded ok (v2.19) Going to read /Users/bchittenden/.cpan/Metadata Database was generated on Wed, 24 Jul 2013 22:08:39 GMT Running install for module 'Passwd::Keyring::OSXKeychain' CPAN: YAML loaded ok (v0.73) Running make for M/ME/MEKK/Passwd-Keyring-OSXKeychain-0.1004.tar.gz CPAN: Digest::SHA loaded ok (v5.85) CPAN: Compress::Zlib loaded ok (v2.037) Checksum for /Users/bchittenden/.cpan/sources/authors/id/M/ME/MEKK/Passwd-Keyring-OSXKeychain-0.1004.tar.gz ok x Passwd-Keyring-OSXKeychain-0.1004 x Passwd-Keyring-OSXKeychain-0.1004/INSTALL x Passwd-Keyring-OSXKeychain-0.1004/README x Passwd-Keyring-OSXKeychain-0.1004/Build.PL x Passwd-Keyring-OSXKeychain-0.1004/Makefile.PL x Passwd-Keyring-OSXKeychain-0.1004/MANIFEST x Passwd-Keyring-OSXKeychain-0.1004/META.json x Passwd-Keyring-OSXKeychain-0.1004/META.yml x Passwd-Keyring-OSXKeychain-0.1004/Changes x Passwd-Keyring-OSXKeychain-0.1004/t x Passwd-Keyring-OSXKeychain-0.1004/t/04-recovering-in-sep-prog.t x Passwd-Keyring-OSXKeychain-0.1004/t/02-is-persistent.t x Passwd-Keyring-OSXKeychain-0.1004/t/00-load.t x Passwd-Keyring-OSXKeychain-0.1004/t/manifest.t x Passwd-Keyring-OSXKeychain-0.1004/t/boilerplate.t x Passwd-Keyring-OSXKeychain-0.1004/t/06-recovering-with-app-change.t x Passwd-Keyring-OSXKeychain-0.1004/t/05-many-sets-and-gets-with-name.t x Passwd-Keyring-OSXKeychain-0.1004/t/03-many-sets-and-gets.t x Passwd-Keyring-OSXKeychain-0.1004/t/08-verylong-params.t x Passwd-Keyring-OSXKeychain-0.1004/t/pod.t x Passwd-Keyring-OSXKeychain-0.1004/t/cpan-meta.t x Passwd-Keyring-OSXKeychain-0.1004/t/07-ugly-chars.t x Passwd-Keyring-OSXKeychain-0.1004/t/cpan-meta-json.t x Passwd-Keyring-OSXKeychain-0.1004/t/pod-coverage.t x Passwd-Keyring-OSXKeychain-0.1004/t/01-set-and-get.t x Passwd-Keyring-OSXKeychain-0.1004/t/11-parse_password_out_of_output.t x Passwd-Keyring-OSXKeychain-0.1004/lib x Passwd-Keyring-OSXKeychain-0.1004/lib/Passwd x Passwd-Keyring-OSXKeychain-0.1004/lib/Passwd/Keyring x Passwd-Keyring-OSXKeychain-0.1004/lib/Passwd/Keyring/OSXKeychain.pm CPAN: File::Temp loaded ok (v0.22) CPAN: Module::Build loaded ok (v0.4007)

CPAN.pm: Going to build M/ME/MEKK/Passwd-Keyring-OSXKeychain-0.1004.tar.gz

Created MYMETA.yml and MYMETA.json Creating new 'Build' script for 'Passwd-Keyring-OSXKeychain' version '0.1004' Building Passwd-Keyring-OSXKeychain MEKK/Passwd-Keyring-OSXKeychain-0.1004.tar.gz ./Build -- OK Running Build test t/00-load.t .......................... 1/1 # Testing Passwd::Keyring::OSXKeychain 0.1004, Perl 5.008009, /opt/local/bin/perl t/00-load.t .......................... ok t/01-set-and-get.t ................... Keychain "<NULL>" no-timeout t/01-set-and-get.t ................... 1/8 password: "verysecret"

Failed test 'get recovers'

at t/01-set-and-get.t line 26.

password has been deleted.

Failed test 'clear_password removed one password'

at t/01-set-and-get.t line 28.

security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain. "/usr/bin/security" unexpectedly returned exit value 44 at /Users/bchittenden/.cpan/build/Passwd-Keyring-OSXKeychain-0.1004-F1jBrD/blib/lib/Passwd/Keyring/OSXKeychain.pm line 168

Looks like you planned 8 tests but ran 4.

Looks like you failed 2 tests of 4 run.

Looks like your test exited with 44 just after 4.

t/01-set-and-get.t ................... Dubious, test returned 44 (wstat 11264, 0x2c00) Failed 6/8 subtests t/02-is-persistent.t ................. Keychain "<NULL>" no-timeout t/02-is-persistent.t ................. ok t/03-many-sets-and-gets.t ............ Keychain "<NULL>" no-timeout t/03-many-sets-and-gets.t ............ 2/11 password: "secret-Paul"

Failed test 'get works'

at t/03-many-sets-and-gets.t line 31.

password: "secret-Greg"

Failed test 'get works'

at t/03-many-sets-and-gets.t line 33.

password: "secret-Paul2"

Failed test 'get works'

at t/03-many-sets-and-gets.t line 35.

password: "secret-Duke"

Failed test 'get works'

at t/03-many-sets-and-gets.t line 37.

password has been deleted.

Failed test 'clear_password removed 1'

at t/03-many-sets-and-gets.t line 39.

security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain. "/usr/bin/security" unexpectedly returned exit value 44 at /Users/bchittenden/.cpan/build/Passwd-Keyring-OSXKeychain-0.1004-F1jBrD/blib/lib/Passwd/Keyring/OSXKeychain.pm line 168

Looks like you planned 11 tests but ran 7.

Looks like you failed 5 tests of 7 run.

Looks like your test exited with 44 just after 7.

t/03-many-sets-and-gets.t ............ Dubious, test returned 44 (wstat 11264, 0x2c00) Failed 9/11 subtests t/04-recovering-in-sep-prog.t ........ Keychain "<NULL>" no-timeout t/04-recovering-in-sep-prog.t ........ 1/13 security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain. "/usr/bin/security" unexpectedly returned exit value 44 at /Users/bchittenden/.cpan/build/Passwd-Keyring-OSXKeychain-0.1004-F1jBrD/blib/lib/Passwd/Keyring/OSXKeychain.pm line 168

Looks like you planned 13 tests but ran 1.

Looks like your test exited with 44 just after 1.

t/04-recovering-in-sep-prog.t ........ Dubious, test returned 44 (wstat 11264, 0x2c00) Failed 12/13 subtests t/05-many-sets-and-gets-with-name.t .. Keychain "<NULL>" no-timeout t/05-many-sets-and-gets-with-name.t .. 2/20 password: "secret-Paul"

Failed test 'get works'

at t/05-many-sets-and-gets-with-name.t line 38.

password: "secret-Greg"

Failed test 'get works'

at t/05-many-sets-and-gets-with-name.t line 40.

password: 0x7365637265742D5061756C3220C485C485C485C485 "secret-Paul2 \304\205\304\205\304\205\304\205" t/05-many-sets-and-gets-with-name.t .. 5/20

Failed test 'get works'

at t/05-many-sets-and-gets-with-name.t line 42.

password: "secret-Duke"

Failed test 'get works'

at t/05-many-sets-and-gets-with-name.t line 44.

password has been deleted. security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain. "/usr/bin/security" unexpectedly returned exit value 44 at /Users/bchittenden/.cpan/build/Passwd-Keyring-OSXKeychain-0.1004-F1jBrD/blib/lib/Passwd/Keyring/OSXKeychain.pm line 168

Looks like you planned 20 tests but ran 7.

Looks like you failed 4 tests of 7 run.

Looks like your test exited with 44 just after 7.

t/05-many-sets-and-gets-with-name.t .. Dubious, test returned 44 (wstat 11264, 0x2c00) Failed 17/20 subtests t/06-recovering-with-app-change.t .... Keychain "<NULL>" no-timeout t/06-recovering-with-app-change.t .... 1/16 security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain. "/usr/bin/security" unexpectedly returned exit value 44 at /Users/bchittenden/.cpan/build/Passwd-Keyring-OSXKeychain-0.1004-F1jBrD/blib/lib/Passwd/Keyring/OSXKeychain.pm line 168

Looks like you planned 16 tests but ran 1.

Looks like your test exited with 44 just after 1.

t/06-recovering-with-app-change.t .... Dubious, test returned 44 (wstat 11264, 0x2c00) Failed 15/16 subtests t/07-ugly-chars.t .................... Keychain "<NULL>" no-timeout t/07-ugly-chars.t .................... 1/4 password: 0xC2AB74616A6E6520686173C5826FC2BB "\302\253tajne has\305\202o\302\273"

Failed test 'get works with ugly characters'

at t/07-ugly-chars.t line 26.

password has been deleted.

Failed test 'clear clears'

at t/07-ugly-chars.t line 28.

Looks like you failed 2 tests of 4.

t/07-ugly-chars.t .................... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/4 subtests t/08-verylong-params.t ............... Keychain "<NULL>" no-timeout t/08-verylong-params.t ............... 1/4 password: "BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB"

Failed test 'get_password with long params works'

at t/08-verylong-params.t line 32.

password has been deleted.

Failed test 'clear_password with long params works'

at t/08-verylong-params.t line 34.

Looks like you failed 2 tests of 4.

t/08-verylong-params.t ............... Dubious, test returned 2 (wstat 512, 0x200) Failed 2/4 subtests t/11-parse_password_out_of_output.t .. ok t/boilerplate.t ...................... ok t/cpan-meta-json.t ................... skipped: Test::CPAN::Meta::JSON required for testing META.json t/cpan-meta.t ........................ skipped: Test::CPAN::Meta required for testing META.yml t/manifest.t ......................... skipped: Author tests not required for installation t/pod-coverage.t ..................... ok t/pod.t .............................. skipped: Test::Pod 1.22 required for testing POD

Test Summary Report

t/01-set-and-get.t (Wstat: 11264 Tests: 4 Failed: 2) Failed tests: 3-4 Non-zero exit status: 44 Parse errors: Bad plan. You planned 8 tests but ran 4. t/03-many-sets-and-gets.t (Wstat: 11264 Tests: 7 Failed: 5) Failed tests: 3-7 Non-zero exit status: 44 Parse errors: Bad plan. You planned 11 tests but ran 7. t/04-recovering-in-sep-prog.t (Wstat: 11264 Tests: 1 Failed: 0) Non-zero exit status: 44 Parse errors: Bad plan. You planned 13 tests but ran 1. t/05-many-sets-and-gets-with-name.t (Wstat: 11264 Tests: 7 Failed: 4) Failed tests: 3-6 Non-zero exit status: 44 Parse errors: Bad plan. You planned 20 tests but ran 7. t/06-recovering-with-app-change.t (Wstat: 11264 Tests: 1 Failed: 0) Non-zero exit status: 44 Parse errors: Bad plan. You planned 16 tests but ran 1. t/07-ugly-chars.t (Wstat: 512 Tests: 4 Failed: 2) Failed tests: 3-4 Non-zero exit status: 2 t/08-verylong-params.t (Wstat: 512 Tests: 4 Failed: 2) Failed tests: 3-4 Non-zero exit status: 2 t/boilerplate.t (Wstat: 0 Tests: 3 Failed: 0) TODO passed: 1-3 Files=16, Tests=40, 10 wallclock secs ( 0.08 usr 0.05 sys + 1.14 cusr 0.38 csys = 1.65 CPU) Result: FAIL Failed 7/16 test programs. 15/40 subtests failed. MEKK/Passwd-Keyring-OSXKeychain-0.1004.tar.gz ./Build test -- NOT OK //hint// to see the cpan-testers results for installing this module, try: reports MEKK/Passwd-Keyring-OSXKeychain-0.1004.tar.gz Running Build install make test had returned bad status, won't install without force

Comments (14)

  1. Marcin Kasperski repo owner

    The text above is very difficult to read, but I suppose you report http://www.cpantesters.org/cpan/report/a09a2e36-eae1-11e2-846e-8df8e131e93b and http://www.cpantesters.org/cpan/report/63d8a33c-e5ce-11e2-8ce1-2eeaf99809b0 (at least those are two current cpantesters reports for the module)

    Regarding the matter as such: https://bitbucket.org/Mekk/perl-keyring-osxkeychain/src/a7ce3ce9202ba695aeb58bdcd7d673b8bb68e268/README?at=default#cl-8

    I created the module to make some reasonable initial code, but I can't work on diagnosing non-trivial bugs as I do not have Mac, and do not have access to any Mac. If you have one, you are very welcome to help.

    (Problem with "default keychain not found" is more or less about raising better exception in context in which for some reason no keychain is present on the account – or, better, about creating one in such a case. Problem with items not found is subtler, if I had Mac, I would try stepping through test actions and reviewing keychain state via security or GUI after every step).

  2. Maroš Kollár

    I can confirm that tests fail on OSX 10.9.5. After a investigating the issue I believe that I have found the reason for the test failures. When I manually run "/usr/bin/security -q find-generic-password -a myusername -s myrealm -D mygroup -g" (the command was generated by Passwd::Keyring::OSXKeychain) I get the following output:

    keychain: "/Users/username/Library/Keychains/login.keychain"
    class: "genp"
    attributes:
        0x00000007 <blob>="myrealm"
        0x00000008 <blob>=<NULL>
        "acct"<blob>="myusername"
        "cdat"<timedate>=0x32303135303230393039333932345A00  "20150209093924Z\000"
        "crtr"<uint32>=<NULL>
        "cusi"<sint32>=<NULL>
        "desc"<blob>="mygroup"
        "gena"<blob>=<NULL>
        "icmt"<blob>="myapp"
        "invi"<sint32>=<NULL>
        "mdat"<timedate>=0x32303135303230393133333335345A00  "20150209133354Z\000"
        "nega"<sint32>=<NULL>
        "prot"<blob>=<NULL>
        "scrp"<sint32>=<NULL>
        "svce"<blob>="myrealm"
        "type"<uint32>=<NULL>
    password: "blabla"
    

    However it seems that the password is printed on STDERR whereas the rest of the output comes on STDOUT, and that IPC::System::Simple only captures the STDOUT part without the password. After consulting the 'find-generic-password' help it seems like that the '-w' flag prints the password directly to STDOUT (without any quotes or prefixes).

    Usage: find-generic-password [-a account] [-s service] [options...] [-g] [keychain...]
        -a  Match "account" string
        -c  Match "creator" (four-character code)
        -C  Match "type" (four-character code)
        -D  Match "kind" string
        -G  Match "value" string (generic attribute)
        -j  Match "comment" string
        -l  Match "label" string
        -s  Match "service" string
        -g  Display the password for the item found
        -w  Display only the password on stdout
    If no keychains are specified to search, the default search list is used.
            Find a generic password item.
    
  3. Marcin Kasperski repo owner

    Thank you for your report. Could yould you show what is the result of

    "/usr/bin/security -q find-generic-password -a myusername -s myrealm -D mygroup -w"

    ? Preferably in two cases:

    • of plain textual password
    • of password containing some non-ascii characters (like accented letters)

    I need those as I can't google-find whether -w quotes passwords and whether it hex-es them in case ugly chars are present.

    (another approach is to drop 2>&1 onto command or swap IPC module, but -w would be cleaner...)

  4. Maroš Kollár

    Unfortunately the tests still don't pass with the latest version. Please find an annotated output of prove attached.

    The output of "/usr/bin/security -q find-generic-password -a myusername -s myrealm -D mygroup -w" is just the plaintext password (no quotes) on STDOUT. If the passwords contain high bytes then it prints out hex: "€uro" -> ffffffe2ffffff82ffffffac75726f0a3231333469396b6f70 "∑sum" -> ffffffe2ffffff88ffffff9173756d0a3231333469396b6f70

    If the password is not on file it prints an error on STDERR "security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain."

  5. Marcin Kasperski repo owner
    1. Attached test results are in fact optimistic, looks like basic save and restore combo more-or-less works. There are some problems with clear and maybe with password keying, and non-ascii chars cause some problems. Also, stderr is not always muted from the user point of view. I will take a deeper look at that in a few days.

    2. Looks like -w is problematic as it may be difficult to decide whether abcdabcd is 8-letter password "abcdabcd", or maybe hexed escape of sth. Unless those leading and tailing common parts mean something (those two share common suffix after decoding...). If you could quote a few more such passwords of varying length, those could be of help.

  6. Maroš Kollár

    -w shouldn't be problematic since hex encoded passwords are mostly unambiguous

    1. Passwords printed with the -w flag are either plaintext or hex encoded
    2. Passwords that contain non-ascii characters are always hex encoded (sometimes non-ascii passwords get hex-encoded)
    3. Multibyte characters in hex strings are marked with ffffff
    4. Hex encoded passwords are (sometimes?) postfixed with zero-byte + the string 'kopoppp' ('006b6f70006f7000700070')

    Here are some examples

    x123x -> in 6b6f706f707070006b6f70006f7000700070
    ü∑bér-> 2ffffff88ffffff9162ffffffc3ffffffa9720a3231333469396b6f70006f7000700070
    ¥€N -> ffffffc2ffffffa5ffffffe2ffffff82ffffffac4e
    abccccccccdddddeeefffffffggggghhhhhïìjjklllmñ -> 6162636363636363636364646464646565656666666666666667676767676868686868ffffffc3ffffffafffffffc3ffffffac6a6a6b6c6c6c6dffffffc3ffffffb1
    

    The following Perl function translates the hex strings (I'm pretty sure that this can be optimized) decode("UTF-8",join "",map { pack("H*",$_) } qw(c3 bc e2 88 91 62 c3 a9 72 0a 32 31 33 34 69 39 6b 6f 70 00 6f 70 00 70 00 70));

    The result is 'ü∑bér 2134i9kopoppp' (with newline)

  7. Marcin Kasperski repo owner

    I took a look at your examples. Are they properly copied?

    1) 6b6f706f707070006b6f70006f7000700070 decodes to kopoppp\0kop\0op\0p\0p (where \0 is null byte), I can't find x123x there (and I suppose this is just ending of sth longer)

    2) In case of ü∑bér I assume you truncated sth on the beginning (considering example you gave below, I prepended c3bce and tried decoding c3bce2ffffff88ffffff9162ffffffc3ffffffa9720a3231333469396b6f70006f7000700070), this gave ü∑bér\n2134i9kop\0op\0p\0p (\n is newline \0 is null byte)

    3) In ¥€N case there is just ¥€N, without any suffix (and that matters), ditto in last one.

    Last thing is important, if there is no marker, there is no way one could decide whether sth like "fefe1818" or even "1418" (string consisting of even number of digits and/or letters a-f) is encoded password, or not.

    I contemplate writing some script to gather more examples...

  8. Maroš Kollár

    Please find the results attached. Please note that the keychain displays some weird behaviour when the password is changed:

    1. set password to 'other'
    2. Password is returned as plaintext
    3. set password in same keychain entry to 'othér'
    4. Password is returned as hex (6f7468ffffffc3ffffffa972) without suffix
    5. set password back to 'other'
    6. Password is returned as hex (6f7468657200) with zero byte suffix
    7. set password back to 'othér'
    8. Password is returned as hex (6f7468ffffffc3ffffffa97200) with zero byte suffix
    9. set password to 'othersomethingreallylongbutwithoutanyspecialcharacters'
    10. Returns hex (6f74686572736f6d657468696e677265616c6c796c6f6e67627574776974686f7574616e797370656369616c636861726163746572730000) with to zero bytes
    11. set password to 'other'
    12. hex (6f746865720000) with two zero byte suffixed
    13. set password to 'öthé®'
    14. ffffffc3ffffffb67468ffffffc3ffffffa9ffffffc2ffffffae0000
    15. set pasword back to 'other'
    16. 6f7468657200ffffffc2ffffffae0000 (seems to contain parts of previous passwords behind zero bytes! - that was probably also the case for the kopoppp suffix i discovered last time)

    Alas, a hex encoded password ends either with '00' or contains at least two pairs of 'ffffff' (or both). This makes cases where literal and hex-encoded passwords are ambiguous quite rare but not entirely impossible.

  9. Log in to comment