From: "Richard W.M. Jones" <rjones@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: "Sam James" <sam@gentoo.org>,
"Carlos O'Donell via Libc-alpha" <libc-alpha@sourceware.org>,
autoconf@gnu.org, c-std-porting@lists.linux.dev,
"Zack Weinberg" <zack@owlfolio.org>,
"David Seifert" <soap@gentoo.org>,
"Gentoo Toolchain" <toolchain@gentoo.org>,
"Arsen Arsenović" <arsen@aarsen.me>,
"Paul Eggert" <eggert@cs.ucla.edu>,
berrange@redhat.com, "Daiki Ueno" <ueno@gnu.org>
Subject: Re: On time64 and Large File Support
Date: Thu, 2 Mar 2023 08:30:20 +0000 [thread overview]
Message-ID: <20230302083020.GH7636@redhat.com> (raw)
In-Reply-To: <20230301223859.chl5o3bedqckf3tx@redhat.com>
On Wed, Mar 01, 2023 at 04:38:59PM -0600, Eric Blake wrote:
> [replying to the original post, because I'm not sure where else in the
> more recent activity on this thread would be more appropriate]
>
> On Fri, Nov 11, 2022 at 08:38:18AM +0000, Sam James wrote:
> > Hi all,
> >
> > In Gentoo, we've been planning out what we should do for time64 on glibc [0]
> > and concluded that we need some support in glibc for a newer option. I'll outline
> > why below.
> >
> ...
> >
> > Indeed, the gnulib version of change #2 is exactly how we ended up with
> > wget/gnutls breaking [1]. I feel this shows that the only approach
> > "supported" by glibc right now is untenable.
>
> > [1] https://bugs.gentoo.org/828001
>
> Now Fedora is also being hit by the gnutls ABI change due to time_t in
> public interfaces being silently changed. From an IRC conversation I
> had with Dan Berrange and Rich Jones (I think Rich mean i686 below):
>
> <danpb> rjones (IRC): oh wow, the certificates created on i696 are not quite right .....
> <danpb> Validity:
> <danpb> Not Before: Sat Sep 05 00:23:57 UTC 2703
> <danpb> Not After: Sun Sep 06 00:23:57 UTC 2703
> <danpb> just a few years too early
> <danpb> i think this is looking like a gnutls regression, downgrading gnutls makes it work
> ...
> <danpb> rjones (IRC): hmm, i'm beginning to think gnutls has been miscompiled by gcc
> <danpb> gnutls_x509_crt_get_activation_time inside the gnutls verification api returns garbage
> <danpb> but the very same call done from a demo program returns the right answer
> ...
> <danpb> OMG, gnulib-- has silently changed gnutls to use 64-bit time_t
> <danpb> ...which is an ABI incompatibility because gnutls has public APIs which have time_t parameters
> <danpb> so apps talking to gnutls will expect 32-bit time_t, but gnutls is processing 64-bit time_t
> <danpb> this is utterly insane
For context, we first noticed that qemu tests were failing on i686
with lots of TLS-related errors. qemu uses GnuTLS. eg:
Summary of Failures:
124/658 qemu:unit / test-crypto-tlscredsx509 ERROR 2.42s killed by signal 6 SIGABRT
202/658 qemu:unit / test-io-channel-tls ERROR 1.47s killed by signal 6 SIGABRT
125/658 qemu:unit / test-crypto-tlssession ERROR 8.74s killed by signal 6 SIGABRT
32/658 qemu:qtest+qtest-aarch64 / qtest-aarch64/migration-test ERROR 92.96s killed by signal 6 SIGABRT
34/658 qemu:qtest+qtest-i386 / qtest-i386/migration-test ERROR 96.63s killed by signal 6 SIGABRT
37/658 qemu:qtest+qtest-x86_64 / qtest-x86_64/migration-test ERROR 104.25s killed by signal 6 SIGABRT
Dan Berrange investigated and found the ABI change in GnuTLS causing
this, since GnuTLS headers export public interfaces using time_t.
Which in turn is caused by a change in gnulib enabling _TIME_BITS=64
This seems to have started in GnuTLS 3.8.0.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
prev parent reply other threads:[~2023-03-02 8:30 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-11 8:38 Sam James
2022-11-11 9:16 ` Paul Eggert
2022-11-11 9:19 ` Sam James
2022-11-11 23:48 ` Joseph Myers
2022-11-11 9:19 ` Florian Weimer
2022-11-11 9:27 ` Sam James
2022-11-11 11:38 ` Florian Weimer
2022-11-11 20:12 ` Paul Eggert
2022-11-12 2:20 ` Zack Weinberg
2022-11-12 3:57 ` Sam James
2022-11-12 14:16 ` Zack Weinberg
2022-11-12 17:41 ` Paul Eggert
2022-11-12 18:50 ` Bruno Haible
2022-11-12 19:15 ` Paul Eggert
2022-11-12 20:23 ` Wookey
2022-11-12 20:54 ` Russ Allbery
2022-11-12 21:31 ` Paul Eggert
2022-11-15 5:09 ` Sam James
2022-11-12 18:19 ` Paul Eggert
2022-11-11 9:40 ` Andreas K. Huettel
2022-11-11 11:30 ` Florian Weimer
2022-11-11 19:01 ` Andreas K. Huettel
2022-11-11 19:28 ` Palmer Dabbelt
2022-11-11 9:46 ` Paul Eggert
2022-11-11 11:22 ` Florian Weimer
2022-11-11 19:56 ` Paul Eggert
2022-11-12 4:20 ` Wookey
2022-11-12 4:28 ` Sam James
2022-11-12 4:56 ` Wookey
2022-11-12 4:59 ` Sam James
2022-11-12 18:33 ` Paul Eggert
2022-11-14 8:39 ` Adam Sampson
2022-11-14 11:47 ` Florian Weimer
2022-11-14 20:26 ` Arsen Arsenović
2022-11-14 20:52 ` Florian Weimer
2022-11-15 7:39 ` Arsen Arsenović
2022-11-11 10:25 ` Richard Purdie
2023-03-01 22:38 ` Eric Blake
2023-03-02 0:29 ` Demi Marie Obenour
2023-03-02 9:04 ` Daniel P. Berrangé
2023-03-02 10:28 ` Paul Eggert
2023-03-02 10:38 ` Andreas Schwab
2023-03-03 5:46 ` Paul Eggert
2023-03-06 8:58 ` Andreas Schwab
2023-03-06 10:19 ` Florian Weimer
2023-03-02 11:02 ` Richard W.M. Jones
2023-03-02 12:17 ` Bruno Haible
2023-03-02 13:24 ` Daniel P. Berrangé
2023-03-03 3:30 ` Wookey
2023-03-03 5:50 ` Paul Eggert
2023-03-03 14:01 ` Wookey
2023-03-03 14:14 ` Daniel P. Berrangé
2023-03-03 23:21 ` Arsen Arsenović
2023-03-03 11:49 ` Florian Weimer
2023-03-03 12:39 ` Richard W.M. Jones
2023-03-02 8:30 ` Richard W.M. Jones [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230302083020.GH7636@redhat.com \
--to=rjones@redhat.com \
--cc=arsen@aarsen.me \
--cc=autoconf@gnu.org \
--cc=berrange@redhat.com \
--cc=c-std-porting@lists.linux.dev \
--cc=eblake@redhat.com \
--cc=eggert@cs.ucla.edu \
--cc=libc-alpha@sourceware.org \
--cc=sam@gentoo.org \
--cc=soap@gentoo.org \
--cc=toolchain@gentoo.org \
--cc=ueno@gnu.org \
--cc=zack@owlfolio.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).