0s autopkgtest [02:33:19]: starting date and time: 2025-01-15 02:33:19+0000 0s autopkgtest [02:33:19]: git checkout: 325255d2 Merge branch 'pin-any-arch' into 'ubuntu/production' 0s autopkgtest [02:33:19]: host juju-7f2275-prod-proposed-migration-environment-2; command line: /home/ubuntu/autopkgtest/runner/autopkgtest --output-dir /tmp/autopkgtest-work.t_6j8_f0/out --timeout-copy=6000 --setup-commands /home/ubuntu/autopkgtest-cloud/worker-config-production/setup-canonical.sh --apt-pocket=proposed=src:sssd,src:adequate,src:apbs,src:binutils,src:boost1.83,src:createrepo-c,src:dotnet8,src:dotnet9,src:dovecot,src:dpdk,src:freeradius,src:gcc-11,src:gcc-14,src:libixion,src:liborcus,src:libreoffice,src:libsbml,src:libzstd,src:link-grammar,src:linux-aws,src:linux-azure,src:linux-gcp,src:linux-lowlatency,src:linux-oracle,src:linux-riscv,src:linux,src:mmdebstrap,src:nftables,src:nodejs,src:open-iscsi,src:postfix,src:pyside2,src:python3-defaults,src:samba,src:squid,src:systemd,src:tdb,src:tifffile,src:tzdata,src:vim --apt-upgrade sssd --timeout-short=300 --timeout-copy=20000 --timeout-build=20000 '--env=ADT_TEST_TRIGGERS=sssd/2.10.1-2ubuntu1 adequate/0.17.5 apbs/3.4.1-6build2 binutils/2.43.50.20250108-1ubuntu1 boost1.83/1.83.0-4ubuntu2 createrepo-c/0.17.3-6build1 dotnet8/8.0.112-8.0.12-0ubuntu1 dotnet9/9.0.102-9.0.1-0ubuntu1 dovecot/1:2.3.21.1+dfsg1-1ubuntu2 dpdk/24.11.1-1 freeradius/3.2.6+dfsg-3 gcc-11/11.5.0-2ubuntu1 gcc-14/14.2.0-13ubuntu1 libixion/0.19.0-6build1 liborcus/0.19.2-6build1 libreoffice/4:24.8.4~rc2-0ubuntu4 libsbml/5.20.4+dfsg-0.1 libzstd/1.5.6+dfsg-2 link-grammar/5.12.5~dfsg-1build1 linux-aws/6.11.0-1005.5 linux-azure/6.11.0-1005.5 linux-gcp/6.11.0-1004.4 linux-lowlatency/6.11.0-1005.5 linux-oracle/6.11.0-1007.7 linux-riscv/6.11.0-8.8.1build1 linux/6.11.0-9.9build1 mmdebstrap/1.5.6-2 nftables/1.1.1-1build1 nodejs/20.18.1+dfsg-1ubuntu2 open-iscsi/2.1.10-3ubuntu1 postfix/3.9.1-10 pyside2/5.15.16-2 python3-defaults/3.13.1-1~exp2 samba/2:4.20.4+dfsg-1ubuntu5 squid/6.10-1ubuntu2 systemd/257.1-7ubuntu1 tdb/1.4.12-1build1 tifffile/20250110-1 tzdata/2024b-6ubuntu1 vim/2:9.1.0967-1ubuntu1' -- ssh -s /home/ubuntu/autopkgtest/ssh-setup/nova -- --flavor autopkgtest --security-groups autopkgtest-juju-7f2275-prod-proposed-migration-environment-2@bos03-arm64-20.secgroup --name adt-plucky-arm64-sssd-20250115-023319-juju-7f2275-prod-proposed-migration-environment-2-83a36827-b34b-4e82-a71f-c0da86c00570 --image adt/ubuntu-plucky-arm64-server --keyname testbed-juju-7f2275-prod-proposed-migration-environment-2 --net-id=net_prod-proposed-migration -e TERM=linux -e ''"'"'http_proxy=http://squid.internal:3128'"'"'' -e ''"'"'https_proxy=http://squid.internal:3128'"'"'' -e ''"'"'no_proxy=127.0.0.1,127.0.1.1,login.ubuntu.com,localhost,localdomain,novalocal,internal,archive.ubuntu.com,ports.ubuntu.com,security.ubuntu.com,ddebs.ubuntu.com,changelogs.ubuntu.com,keyserver.ubuntu.com,launchpadlibrarian.net,launchpadcontent.net,launchpad.net,10.24.0.0/24,keystone.ps5.canonical.com,objectstorage.prodstack5.canonical.com,radosgw.ps5.canonical.com'"'"'' --mirror=http://ftpmaster.internal/ubuntu/ 131s autopkgtest [02:35:30]: testbed dpkg architecture: arm64 131s autopkgtest [02:35:30]: testbed apt version: 2.9.18 131s autopkgtest [02:35:30]: @@@@@@@@@@@@@@@@@@@@ test bed setup 131s autopkgtest [02:35:30]: testbed release detected to be: None 132s autopkgtest [02:35:31]: updating testbed package index (apt update) 133s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [73.9 kB] 133s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 133s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 133s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 133s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [880 kB] 133s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [149 kB] 133s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/restricted Sources [9708 B] 133s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [12.3 kB] 133s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 Packages [292 kB] 133s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted arm64 Packages [57.8 kB] 133s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 Packages [1040 kB] 134s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse arm64 Packages [10.2 kB] 134s Fetched 2525 kB in 1s (2495 kB/s) 135s Reading package lists... 136s + lsb_release --codename --short 136s + RELEASE=plucky 136s + cat 136s + [ plucky != trusty ] 136s + DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y --allow-downgrades -o Dpkg::Options::=--force-confnew dist-upgrade 136s Reading package lists... 136s Building dependency tree... 136s Reading state information... 137s Calculating upgrade... 138s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 138s + rm /etc/apt/preferences.d/force-downgrade-to-release.pref 138s + /usr/lib/apt/apt-helper analyze-pattern ?true 138s + DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y purge --autoremove ?obsolete 138s Reading package lists... 139s Building dependency tree... 139s Reading state information... 140s 0 upgraded, 0 newly installed, 0 to remove and 36 not upgraded. 140s + grep -q trusty /etc/lsb-release 140s + [ ! -d /usr/share/doc/unattended-upgrades ] 140s + [ ! -d /usr/share/doc/lxd ] 140s + [ ! -d /usr/share/doc/lxd-client ] 140s + [ ! -d /usr/share/doc/snapd ] 140s + type iptables 140s + cat 140s + chmod 755 /etc/rc.local 140s + . /etc/rc.local 140s + iptables -w -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 140s + iptables -A OUTPUT -d 10.255.255.1/32 -p tcp -j DROP 140s + iptables -A OUTPUT -d 10.255.255.2/32 -p tcp -j DROP 140s + uname -m 140s + [ aarch64 = ppc64le ] 140s + [ -d /run/systemd/system ] 140s + systemd-detect-virt --quiet --vm 140s + mkdir -p /etc/systemd/system/systemd-random-seed.service.d/ 140s + cat 140s + grep -q lz4 /etc/initramfs-tools/initramfs.conf 140s + echo COMPRESS=lz4 140s autopkgtest [02:35:39]: upgrading testbed (apt dist-upgrade and autopurge) 140s Reading package lists... 141s Building dependency tree... 141s Reading state information... 142s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 142s Starting 2 pkgProblemResolver with broken count: 0 142s Done 143s Entering ResolveByKeep 144s 144s The following packages were automatically installed and are no longer required: 144s python3.12 python3.12-minimal 144s Use 'sudo apt autoremove' to remove them. 145s The following NEW packages will be installed: 145s libpython3.13-minimal libpython3.13-stdlib python3.13 python3.13-minimal 145s The following packages have been kept back: 145s libnftables1 nftables 145s The following packages will be upgraded: 145s binutils binutils-aarch64-linux-gnu binutils-common gcc-14-base libatomic1 145s libbinutils libctf-nobfd0 libctf0 libgcc-s1 libgprofng0 libnss-systemd 145s libpam-systemd libpython3-stdlib libsframe1 libstdc++6 libsystemd-shared 145s libsystemd0 libudev1 libzstd1 linux-libc-dev linux-tools-common python3 145s python3-minimal systemd systemd-cryptsetup systemd-resolved systemd-sysv 145s systemd-timesyncd tzdata udev vim-common vim-tiny xxd zstd 145s 34 upgraded, 4 newly installed, 0 to remove and 2 not upgraded. 145s Need to get 26.1 MB of archives. 145s After this operation, 24.4 MB of additional disk space will be used. 145s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 libpython3.13-minimal arm64 3.13.1-2 [879 kB] 145s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 python3.13-minimal arm64 3.13.1-2 [2262 kB] 146s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 python3-minimal arm64 3.13.1-1~exp2 [27.6 kB] 146s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 python3 arm64 3.13.1-1~exp2 [23.9 kB] 146s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 tzdata all 2024b-6ubuntu1 [197 kB] 146s Get:6 http://ftpmaster.internal/ubuntu plucky/main arm64 libpython3.13-stdlib arm64 3.13.1-2 [2061 kB] 146s Get:7 http://ftpmaster.internal/ubuntu plucky/main arm64 python3.13 arm64 3.13.1-2 [729 kB] 146s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpython3-stdlib arm64 3.13.1-1~exp2 [10.2 kB] 146s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 systemd-timesyncd arm64 257.1-7ubuntu1 [41.0 kB] 146s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 systemd-resolved arm64 257.1-7ubuntu1 [313 kB] 147s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 systemd-cryptsetup arm64 257.1-7ubuntu1 [121 kB] 147s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsystemd-shared arm64 257.1-7ubuntu1 [2228 kB] 147s Get:13 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsystemd0 arm64 257.1-7ubuntu1 [517 kB] 147s Get:14 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 systemd-sysv arm64 257.1-7ubuntu1 [11.8 kB] 147s Get:15 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libnss-systemd arm64 257.1-7ubuntu1 [170 kB] 147s Get:16 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpam-systemd arm64 257.1-7ubuntu1 [254 kB] 147s Get:17 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 systemd arm64 257.1-7ubuntu1 [3456 kB] 147s Get:18 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 udev arm64 257.1-7ubuntu1 [1976 kB] 147s Get:19 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libudev1 arm64 257.1-7ubuntu1 [198 kB] 147s Get:20 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 gcc-14-base arm64 14.2.0-13ubuntu1 [53.0 kB] 147s Get:21 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libstdc++6 arm64 14.2.0-13ubuntu1 [748 kB] 147s Get:22 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libatomic1 arm64 14.2.0-13ubuntu1 [11.5 kB] 147s Get:23 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libgcc-s1 arm64 14.2.0-13ubuntu1 [61.8 kB] 147s Get:24 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libzstd1 arm64 1.5.6+dfsg-2 [279 kB] 148s Get:25 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 vim-tiny arm64 2:9.1.0967-1ubuntu1 [807 kB] 148s Get:26 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 vim-common all 2:9.1.0967-1ubuntu1 [396 kB] 148s Get:27 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 xxd arm64 2:9.1.0967-1ubuntu1 [67.7 kB] 148s Get:28 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libgprofng0 arm64 2.43.50.20250108-1ubuntu1 [779 kB] 148s Get:29 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libctf0 arm64 2.43.50.20250108-1ubuntu1 [99.0 kB] 148s Get:30 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libctf-nobfd0 arm64 2.43.50.20250108-1ubuntu1 [102 kB] 148s Get:31 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 binutils-aarch64-linux-gnu arm64 2.43.50.20250108-1ubuntu1 [3422 kB] 148s Get:32 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libbinutils arm64 2.43.50.20250108-1ubuntu1 [782 kB] 148s Get:33 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 binutils arm64 2.43.50.20250108-1ubuntu1 [3248 B] 148s Get:34 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 binutils-common arm64 2.43.50.20250108-1ubuntu1 [245 kB] 148s Get:35 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsframe1 arm64 2.43.50.20250108-1ubuntu1 [14.4 kB] 148s Get:36 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 linux-libc-dev arm64 6.11.0-9.9 [1642 kB] 148s Get:37 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 linux-tools-common all 6.11.0-9.9 [484 kB] 148s Get:38 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 zstd arm64 1.5.6+dfsg-2 [594 kB] 149s Preconfiguring packages ... 149s Fetched 26.1 MB in 3s (7539 kB/s) 149s Selecting previously unselected package libpython3.13-minimal:arm64. 149s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80205 files and directories currently installed.) 149s Preparing to unpack .../libpython3.13-minimal_3.13.1-2_arm64.deb ... 149s Unpacking libpython3.13-minimal:arm64 (3.13.1-2) ... 149s Selecting previously unselected package python3.13-minimal. 149s Preparing to unpack .../python3.13-minimal_3.13.1-2_arm64.deb ... 149s Unpacking python3.13-minimal (3.13.1-2) ... 149s Setting up libpython3.13-minimal:arm64 (3.13.1-2) ... 149s Setting up python3.13-minimal (3.13.1-2) ... 150s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80525 files and directories currently installed.) 150s Preparing to unpack .../python3-minimal_3.13.1-1~exp2_arm64.deb ... 150s Unpacking python3-minimal (3.13.1-1~exp2) over (3.12.8-1) ... 150s Setting up python3-minimal (3.13.1-1~exp2) ... 151s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80525 files and directories currently installed.) 151s Preparing to unpack .../0-python3_3.13.1-1~exp2_arm64.deb ... 151s Unpacking python3 (3.13.1-1~exp2) over (3.12.8-1) ... 151s Preparing to unpack .../1-tzdata_2024b-6ubuntu1_all.deb ... 151s Unpacking tzdata (2024b-6ubuntu1) over (2024b-4ubuntu1) ... 151s Selecting previously unselected package libpython3.13-stdlib:arm64. 151s Preparing to unpack .../2-libpython3.13-stdlib_3.13.1-2_arm64.deb ... 151s Unpacking libpython3.13-stdlib:arm64 (3.13.1-2) ... 151s Selecting previously unselected package python3.13. 151s Preparing to unpack .../3-python3.13_3.13.1-2_arm64.deb ... 151s Unpacking python3.13 (3.13.1-2) ... 151s Preparing to unpack .../4-libpython3-stdlib_3.13.1-1~exp2_arm64.deb ... 151s Unpacking libpython3-stdlib:arm64 (3.13.1-1~exp2) over (3.12.8-1) ... 151s Preparing to unpack .../5-systemd-timesyncd_257.1-7ubuntu1_arm64.deb ... 151s Unpacking systemd-timesyncd (257.1-7ubuntu1) over (257-2ubuntu1) ... 151s Preparing to unpack .../6-systemd-resolved_257.1-7ubuntu1_arm64.deb ... 151s Unpacking systemd-resolved (257.1-7ubuntu1) over (257-2ubuntu1) ... 151s Preparing to unpack .../7-systemd-cryptsetup_257.1-7ubuntu1_arm64.deb ... 151s Unpacking systemd-cryptsetup (257.1-7ubuntu1) over (257-2ubuntu1) ... 151s Preparing to unpack .../8-libsystemd-shared_257.1-7ubuntu1_arm64.deb ... 151s Unpacking libsystemd-shared:arm64 (257.1-7ubuntu1) over (257-2ubuntu1) ... 151s Preparing to unpack .../9-libsystemd0_257.1-7ubuntu1_arm64.deb ... 151s Unpacking libsystemd0:arm64 (257.1-7ubuntu1) over (257-2ubuntu1) ... 152s Setting up libsystemd0:arm64 (257.1-7ubuntu1) ... 152s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80942 files and directories currently installed.) 152s Preparing to unpack .../0-systemd-sysv_257.1-7ubuntu1_arm64.deb ... 152s Unpacking systemd-sysv (257.1-7ubuntu1) over (257-2ubuntu1) ... 152s Preparing to unpack .../1-libnss-systemd_257.1-7ubuntu1_arm64.deb ... 152s Unpacking libnss-systemd:arm64 (257.1-7ubuntu1) over (257-2ubuntu1) ... 152s Preparing to unpack .../2-libpam-systemd_257.1-7ubuntu1_arm64.deb ... 152s Unpacking libpam-systemd:arm64 (257.1-7ubuntu1) over (257-2ubuntu1) ... 152s Preparing to unpack .../3-systemd_257.1-7ubuntu1_arm64.deb ... 152s Unpacking systemd (257.1-7ubuntu1) over (257-2ubuntu1) ... 152s Preparing to unpack .../4-udev_257.1-7ubuntu1_arm64.deb ... 152s Unpacking udev (257.1-7ubuntu1) over (257-2ubuntu1) ... 152s Preparing to unpack .../5-libudev1_257.1-7ubuntu1_arm64.deb ... 152s Unpacking libudev1:arm64 (257.1-7ubuntu1) over (257-2ubuntu1) ... 152s Setting up libudev1:arm64 (257.1-7ubuntu1) ... 152s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80943 files and directories currently installed.) 152s Preparing to unpack .../gcc-14-base_14.2.0-13ubuntu1_arm64.deb ... 152s Unpacking gcc-14-base:arm64 (14.2.0-13ubuntu1) over (14.2.0-12ubuntu1) ... 153s Setting up gcc-14-base:arm64 (14.2.0-13ubuntu1) ... 153s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80943 files and directories currently installed.) 153s Preparing to unpack .../libstdc++6_14.2.0-13ubuntu1_arm64.deb ... 153s Unpacking libstdc++6:arm64 (14.2.0-13ubuntu1) over (14.2.0-12ubuntu1) ... 153s Setting up libstdc++6:arm64 (14.2.0-13ubuntu1) ... 153s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80943 files and directories currently installed.) 153s Preparing to unpack .../libatomic1_14.2.0-13ubuntu1_arm64.deb ... 153s Unpacking libatomic1:arm64 (14.2.0-13ubuntu1) over (14.2.0-12ubuntu1) ... 153s Preparing to unpack .../libgcc-s1_14.2.0-13ubuntu1_arm64.deb ... 153s Unpacking libgcc-s1:arm64 (14.2.0-13ubuntu1) over (14.2.0-12ubuntu1) ... 153s Setting up libgcc-s1:arm64 (14.2.0-13ubuntu1) ... 153s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80943 files and directories currently installed.) 153s Preparing to unpack .../libzstd1_1.5.6+dfsg-2_arm64.deb ... 153s Unpacking libzstd1:arm64 (1.5.6+dfsg-2) over (1.5.6+dfsg-1) ... 153s Setting up libzstd1:arm64 (1.5.6+dfsg-2) ... 153s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80943 files and directories currently installed.) 153s Preparing to unpack .../00-vim-tiny_2%3a9.1.0967-1ubuntu1_arm64.deb ... 153s Unpacking vim-tiny (2:9.1.0967-1ubuntu1) over (2:9.1.0861-1ubuntu1) ... 153s Preparing to unpack .../01-vim-common_2%3a9.1.0967-1ubuntu1_all.deb ... 153s Unpacking vim-common (2:9.1.0967-1ubuntu1) over (2:9.1.0861-1ubuntu1) ... 153s Preparing to unpack .../02-xxd_2%3a9.1.0967-1ubuntu1_arm64.deb ... 153s Unpacking xxd (2:9.1.0967-1ubuntu1) over (2:9.1.0861-1ubuntu1) ... 153s Preparing to unpack .../03-libgprofng0_2.43.50.20250108-1ubuntu1_arm64.deb ... 153s Unpacking libgprofng0:arm64 (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 153s Preparing to unpack .../04-libctf0_2.43.50.20250108-1ubuntu1_arm64.deb ... 153s Unpacking libctf0:arm64 (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 153s Preparing to unpack .../05-libctf-nobfd0_2.43.50.20250108-1ubuntu1_arm64.deb ... 153s Unpacking libctf-nobfd0:arm64 (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 153s Preparing to unpack .../06-binutils-aarch64-linux-gnu_2.43.50.20250108-1ubuntu1_arm64.deb ... 153s Unpacking binutils-aarch64-linux-gnu (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 154s Preparing to unpack .../07-libbinutils_2.43.50.20250108-1ubuntu1_arm64.deb ... 154s Unpacking libbinutils:arm64 (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 154s Preparing to unpack .../08-binutils_2.43.50.20250108-1ubuntu1_arm64.deb ... 154s Unpacking binutils (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 154s Preparing to unpack .../09-binutils-common_2.43.50.20250108-1ubuntu1_arm64.deb ... 154s Unpacking binutils-common:arm64 (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 154s Preparing to unpack .../10-libsframe1_2.43.50.20250108-1ubuntu1_arm64.deb ... 154s Unpacking libsframe1:arm64 (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 154s Preparing to unpack .../11-linux-libc-dev_6.11.0-9.9_arm64.deb ... 154s Unpacking linux-libc-dev:arm64 (6.11.0-9.9) over (6.11.0-8.8) ... 154s Preparing to unpack .../12-linux-tools-common_6.11.0-9.9_all.deb ... 154s Unpacking linux-tools-common (6.11.0-9.9) over (6.11.0-8.8) ... 154s Preparing to unpack .../13-zstd_1.5.6+dfsg-2_arm64.deb ... 154s Unpacking zstd (1.5.6+dfsg-2) over (1.5.6+dfsg-1) ... 154s Setting up binutils-common:arm64 (2.43.50.20250108-1ubuntu1) ... 154s Installing new version of config file /etc/gprofng.rc ... 154s Setting up linux-libc-dev:arm64 (6.11.0-9.9) ... 154s Setting up libctf-nobfd0:arm64 (2.43.50.20250108-1ubuntu1) ... 154s Setting up xxd (2:9.1.0967-1ubuntu1) ... 154s Setting up libsframe1:arm64 (2.43.50.20250108-1ubuntu1) ... 154s Setting up tzdata (2024b-6ubuntu1) ... 154s 154s Current default time zone: 'Etc/UTC' 154s Local time is now: Wed Jan 15 02:35:53 UTC 2025. 154s Universal Time is now: Wed Jan 15 02:35:53 UTC 2025. 154s Run 'dpkg-reconfigure tzdata' if you wish to change it. 154s 154s Setting up vim-common (2:9.1.0967-1ubuntu1) ... 154s Setting up libatomic1:arm64 (14.2.0-13ubuntu1) ... 154s Setting up libsystemd-shared:arm64 (257.1-7ubuntu1) ... 154s Setting up libbinutils:arm64 (2.43.50.20250108-1ubuntu1) ... 154s Setting up linux-tools-common (6.11.0-9.9) ... 154s Setting up libpython3.13-stdlib:arm64 (3.13.1-2) ... 154s Setting up zstd (1.5.6+dfsg-2) ... 154s Setting up libpython3-stdlib:arm64 (3.13.1-1~exp2) ... 154s Setting up libctf0:arm64 (2.43.50.20250108-1ubuntu1) ... 154s Setting up python3.13 (3.13.1-2) ... 156s Setting up python3 (3.13.1-1~exp2) ... 156s /usr/bin/py3clean:101: DeprecationWarning: glob.glob1 is deprecated and will be removed in Python 3.15. Use glob.glob and pass a directory to its root_dir argument instead. 156s for fn in glob1(directory, "%s.*" % fname): 156s Setting up systemd (257.1-7ubuntu1) ... 156s /usr/lib/tmpfiles.d/legacy.conf:14: Duplicate line for path "/run/lock", ignoring. 156s Created symlink '/run/systemd/system/tmp.mount' → '/dev/null'. 156s /usr/lib/tmpfiles.d/legacy.conf:14: Duplicate line for path "/run/lock", ignoring. 157s Setting up vim-tiny (2:9.1.0967-1ubuntu1) ... 157s Setting up libgprofng0:arm64 (2.43.50.20250108-1ubuntu1) ... 157s Setting up systemd-cryptsetup (257.1-7ubuntu1) ... 157s Setting up systemd-timesyncd (257.1-7ubuntu1) ... 157s systemd-time-wait-sync.service is a disabled or a static unit not running, not starting it. 158s Setting up udev (257.1-7ubuntu1) ... 158s Setting up systemd-resolved (257.1-7ubuntu1) ... 159s Setting up systemd-sysv (257.1-7ubuntu1) ... 159s Setting up libnss-systemd:arm64 (257.1-7ubuntu1) ... 159s Setting up binutils-aarch64-linux-gnu (2.43.50.20250108-1ubuntu1) ... 159s Setting up binutils (2.43.50.20250108-1ubuntu1) ... 159s Setting up libpam-systemd:arm64 (257.1-7ubuntu1) ... 159s Processing triggers for libc-bin (2.40-4ubuntu1) ... 159s Processing triggers for man-db (2.13.0-1) ... 161s Processing triggers for dbus (1.14.10-4ubuntu5) ... 161s Processing triggers for shared-mime-info (2.4-5) ... 161s Warning: program compiled against libxml 212 using older 209 161s Processing triggers for initramfs-tools (0.142ubuntu35) ... 161s update-initramfs: Generating /boot/initrd.img-6.11.0-8-generic 162s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 179s System running in EFI mode, skipping. 180s Reading package lists... 180s Building dependency tree... 180s Reading state information... 180s Starting pkgProblemResolver with broken count: 0 180s Starting 2 pkgProblemResolver with broken count: 0 180s Done 181s The following packages will be REMOVED: 181s python3.12* python3.12-minimal* 181s 0 upgraded, 0 newly installed, 2 to remove and 2 not upgraded. 181s After this operation, 8710 kB disk space will be freed. 181s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80943 files and directories currently installed.) 181s Removing python3.12 (3.12.8-3) ... 182s Removing python3.12-minimal (3.12.8-3) ... 182s /usr/bin/py3clean:125: DeprecationWarning: glob.glob1 is deprecated and will be removed in Python 3.15. Use glob.glob and pass a directory to its root_dir argument instead. 182s for fn in glob1(directory, "%s.%s.py[co]" % (fname, magic_tag)): 182s Processing triggers for man-db (2.13.0-1) ... 183s Processing triggers for systemd (257.1-7ubuntu1) ... 183s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80915 files and directories currently installed.) 183s Purging configuration files for python3.12-minimal (3.12.8-3) ... 183s autopkgtest [02:36:22]: rebooting testbed after setup commands that affected boot 218s autopkgtest [02:36:57]: testbed running kernel: Linux 6.11.0-8-generic #8-Ubuntu SMP PREEMPT_DYNAMIC Mon Sep 16 14:19:41 UTC 2024 221s autopkgtest [02:37:00]: @@@@@@@@@@@@@@@@@@@@ apt-source sssd 239s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed/main sssd 2.10.1-2ubuntu1 (dsc) [5330 B] 239s Get:2 http://ftpmaster.internal/ubuntu plucky-proposed/main sssd 2.10.1-2ubuntu1 (tar) [9197 kB] 239s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main sssd 2.10.1-2ubuntu1 (asc) [833 B] 239s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main sssd 2.10.1-2ubuntu1 (diff) [49.9 kB] 240s gpgv: Signature made Tue Jan 14 21:45:37 2025 UTC 240s gpgv: using RSA key E92FD0B36B14F1F4D8E0EB2F106DA1C8C3CBBF14 240s gpgv: Can't check signature: No public key 240s dpkg-source: warning: cannot verify inline signature for ./sssd_2.10.1-2ubuntu1.dsc: no acceptable signature found 240s autopkgtest [02:37:19]: testing package sssd version 2.10.1-2ubuntu1 247s autopkgtest [02:37:26]: build not needed 257s autopkgtest [02:37:36]: test ldap-user-group-ldap-auth: preparing testbed 257s Reading package lists... 258s Building dependency tree... 258s Reading state information... 258s Starting pkgProblemResolver with broken count: 0 258s Starting 2 pkgProblemResolver with broken count: 0 258s Done 259s The following NEW packages will be installed: 259s expect ldap-utils libargon2-1 libavahi-client3 libavahi-common-data 259s libavahi-common3 libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 259s libdhash1t64 libevent-2.1-7t64 libini-config5t64 libipa-hbac-dev 259s libipa-hbac0t64 libjose0 libkrad0 libldb2 libltdl7 libnfsidmap1 libnss-sss 259s libnss-sudo libodbc2 libpam-pwquality libpam-sss libpath-utils1t64 259s libpwquality-common libpwquality1 libref-array1t64 libsmbclient0 259s libsss-certmap-dev libsss-certmap0 libsss-idmap-dev libsss-idmap0 259s libsss-nss-idmap-dev libsss-nss-idmap0 libsss-sudo libtalloc2 libtcl8.6 259s libtdb1 libtevent0t64 libverto-libevent1t64 libverto1t64 libwbclient0 259s python3-libipa-hbac python3-libsss-nss-idmap python3-sss samba-libs slapd 259s sssd sssd-ad sssd-ad-common sssd-common sssd-dbus sssd-idp sssd-ipa sssd-kcm 259s sssd-krb5 sssd-krb5-common sssd-ldap sssd-passkey sssd-proxy sssd-tools 259s tcl-expect tcl8.6 259s 0 upgraded, 65 newly installed, 0 to remove and 2 not upgraded. 259s Need to get 13.0 MB of archives. 259s After this operation, 61.6 MB of additional disk space will be used. 259s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 libargon2-1 arm64 0~20190702+dfsg-4build1 [20.5 kB] 259s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 libltdl7 arm64 2.4.7-8 [40.6 kB] 259s Get:3 http://ftpmaster.internal/ubuntu plucky/main arm64 libodbc2 arm64 2.3.12-1ubuntu1 [145 kB] 259s Get:4 http://ftpmaster.internal/ubuntu plucky/main arm64 slapd arm64 2.6.8+dfsg-1~exp4ubuntu3 [1532 kB] 260s Get:5 http://ftpmaster.internal/ubuntu plucky/main arm64 libtcl8.6 arm64 8.6.15+dfsg-2 [987 kB] 260s Get:6 http://ftpmaster.internal/ubuntu plucky/main arm64 tcl8.6 arm64 8.6.15+dfsg-2 [14.7 kB] 260s Get:7 http://ftpmaster.internal/ubuntu plucky/universe arm64 tcl-expect arm64 5.45.4-3 [112 kB] 260s Get:8 http://ftpmaster.internal/ubuntu plucky/universe arm64 expect arm64 5.45.4-3 [137 kB] 260s Get:9 http://ftpmaster.internal/ubuntu plucky/main arm64 ldap-utils arm64 2.6.8+dfsg-1~exp4ubuntu3 [148 kB] 260s Get:10 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common-data arm64 0.8-14ubuntu1 [30.5 kB] 260s Get:11 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common3 arm64 0.8-14ubuntu1 [23.1 kB] 260s Get:12 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-client3 arm64 0.8-14ubuntu1 [27.3 kB] 260s Get:13 http://ftpmaster.internal/ubuntu plucky/main arm64 libbasicobjects0t64 arm64 0.6.2-3 [5882 B] 260s Get:14 http://ftpmaster.internal/ubuntu plucky/main arm64 libcares2 arm64 1.34.4-2.1 [100 kB] 260s Get:15 http://ftpmaster.internal/ubuntu plucky/main arm64 libcollection4t64 arm64 0.6.2-3 [23.6 kB] 260s Get:16 http://ftpmaster.internal/ubuntu plucky/main arm64 libcrack2 arm64 2.9.6-5.2 [28.9 kB] 260s Get:17 http://ftpmaster.internal/ubuntu plucky/main arm64 libdhash1t64 arm64 0.6.2-3 [8914 B] 260s Get:18 http://ftpmaster.internal/ubuntu plucky/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-10 [140 kB] 260s Get:19 http://ftpmaster.internal/ubuntu plucky/main arm64 libpath-utils1t64 arm64 0.6.2-3 [9088 B] 260s Get:20 http://ftpmaster.internal/ubuntu plucky/main arm64 libref-array1t64 arm64 0.6.2-3 [7312 B] 260s Get:21 http://ftpmaster.internal/ubuntu plucky/main arm64 libini-config5t64 arm64 0.6.2-3 [44.4 kB] 260s Get:22 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libipa-hbac0t64 arm64 2.10.1-2ubuntu1 [18.4 kB] 260s Get:23 http://ftpmaster.internal/ubuntu plucky/universe arm64 libjose0 arm64 14-1 [44.9 kB] 260s Get:24 http://ftpmaster.internal/ubuntu plucky/main arm64 libverto-libevent1t64 arm64 0.3.1-1.2ubuntu3 [6328 B] 260s Get:25 http://ftpmaster.internal/ubuntu plucky/main arm64 libverto1t64 arm64 0.3.1-1.2ubuntu3 [10.4 kB] 260s Get:26 http://ftpmaster.internal/ubuntu plucky/main arm64 libkrad0 arm64 1.21.3-3 [22.2 kB] 260s Get:27 http://ftpmaster.internal/ubuntu plucky/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 260s Get:28 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libtdb1 arm64 1.4.12-1build1 [49.0 kB] 260s Get:29 http://ftpmaster.internal/ubuntu plucky/main arm64 libtevent0t64 arm64 0.16.1-3 [42.3 kB] 260s Get:30 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libldb2 arm64 2:2.9.1+samba4.20.4+dfsg-1ubuntu5 [193 kB] 260s Get:31 http://ftpmaster.internal/ubuntu plucky/main arm64 libnfsidmap1 arm64 1:2.6.4-4ubuntu1 [48.3 kB] 260s Get:32 http://ftpmaster.internal/ubuntu plucky/universe arm64 libnss-sudo all 1.9.15p5-3ubuntu5 [15.2 kB] 260s Get:33 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality-common all 1.4.5-3build1 [7748 B] 260s Get:34 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality1 arm64 1.4.5-3build1 [13.3 kB] 260s Get:35 http://ftpmaster.internal/ubuntu plucky/main arm64 libpam-pwquality arm64 1.4.5-3build1 [11.7 kB] 260s Get:36 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libwbclient0 arm64 2:4.20.4+dfsg-1ubuntu5 [76.7 kB] 260s Get:37 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 samba-libs arm64 2:4.20.4+dfsg-1ubuntu5 [6307 kB] 261s Get:38 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsmbclient0 arm64 2:4.20.4+dfsg-1ubuntu5 [62.8 kB] 261s Get:39 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libnss-sss arm64 2.10.1-2ubuntu1 [33.1 kB] 261s Get:40 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpam-sss arm64 2.10.1-2ubuntu1 [50.4 kB] 261s Get:41 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 python3-sss arm64 2.10.1-2ubuntu1 [46.6 kB] 261s Get:42 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-certmap0 arm64 2.10.1-2ubuntu1 [47.7 kB] 261s Get:43 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-idmap0 arm64 2.10.1-2ubuntu1 [23.5 kB] 261s Get:44 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-nss-idmap0 arm64 2.10.1-2ubuntu1 [31.8 kB] 261s Get:45 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-common arm64 2.10.1-2ubuntu1 [1134 kB] 261s Get:46 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 sssd-idp arm64 2.10.1-2ubuntu1 [28.3 kB] 261s Get:47 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 sssd-passkey arm64 2.10.1-2ubuntu1 [32.8 kB] 261s Get:48 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libipa-hbac-dev arm64 2.10.1-2ubuntu1 [6666 B] 261s Get:49 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-certmap-dev arm64 2.10.1-2ubuntu1 [5726 B] 261s Get:50 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-idmap-dev arm64 2.10.1-2ubuntu1 [8380 B] 261s Get:51 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-nss-idmap-dev arm64 2.10.1-2ubuntu1 [6712 B] 261s Get:52 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 libsss-sudo arm64 2.10.1-2ubuntu1 [22.0 kB] 261s Get:53 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 python3-libipa-hbac arm64 2.10.1-2ubuntu1 [16.8 kB] 261s Get:54 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 python3-libsss-nss-idmap arm64 2.10.1-2ubuntu1 [9286 B] 261s Get:55 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-ad-common arm64 2.10.1-2ubuntu1 [74.2 kB] 261s Get:56 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-krb5-common arm64 2.10.1-2ubuntu1 [90.0 kB] 261s Get:57 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-ad arm64 2.10.1-2ubuntu1 [136 kB] 261s Get:58 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-ipa arm64 2.10.1-2ubuntu1 [222 kB] 261s Get:59 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-krb5 arm64 2.10.1-2ubuntu1 [14.4 kB] 261s Get:60 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-ldap arm64 2.10.1-2ubuntu1 [31.8 kB] 261s Get:61 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-proxy arm64 2.10.1-2ubuntu1 [44.3 kB] 261s Get:62 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd arm64 2.10.1-2ubuntu1 [4118 B] 261s Get:63 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-dbus arm64 2.10.1-2ubuntu1 [101 kB] 261s Get:64 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 sssd-kcm arm64 2.10.1-2ubuntu1 [138 kB] 261s Get:65 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-tools arm64 2.10.1-2ubuntu1 [98.8 kB] 262s Preconfiguring packages ... 262s Fetched 13.0 MB in 2s (5348 kB/s) 262s Selecting previously unselected package libargon2-1:arm64. 262s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80915 files and directories currently installed.) 262s Preparing to unpack .../00-libargon2-1_0~20190702+dfsg-4build1_arm64.deb ... 262s Unpacking libargon2-1:arm64 (0~20190702+dfsg-4build1) ... 262s Selecting previously unselected package libltdl7:arm64. 262s Preparing to unpack .../01-libltdl7_2.4.7-8_arm64.deb ... 262s Unpacking libltdl7:arm64 (2.4.7-8) ... 262s Selecting previously unselected package libodbc2:arm64. 263s Preparing to unpack .../02-libodbc2_2.3.12-1ubuntu1_arm64.deb ... 263s Unpacking libodbc2:arm64 (2.3.12-1ubuntu1) ... 263s Selecting previously unselected package slapd. 263s Preparing to unpack .../03-slapd_2.6.8+dfsg-1~exp4ubuntu3_arm64.deb ... 263s Unpacking slapd (2.6.8+dfsg-1~exp4ubuntu3) ... 263s Selecting previously unselected package libtcl8.6:arm64. 263s Preparing to unpack .../04-libtcl8.6_8.6.15+dfsg-2_arm64.deb ... 263s Unpacking libtcl8.6:arm64 (8.6.15+dfsg-2) ... 263s Selecting previously unselected package tcl8.6. 263s Preparing to unpack .../05-tcl8.6_8.6.15+dfsg-2_arm64.deb ... 263s Unpacking tcl8.6 (8.6.15+dfsg-2) ... 263s Selecting previously unselected package tcl-expect:arm64. 263s Preparing to unpack .../06-tcl-expect_5.45.4-3_arm64.deb ... 263s Unpacking tcl-expect:arm64 (5.45.4-3) ... 263s Selecting previously unselected package expect. 263s Preparing to unpack .../07-expect_5.45.4-3_arm64.deb ... 263s Unpacking expect (5.45.4-3) ... 263s Selecting previously unselected package ldap-utils. 263s Preparing to unpack .../08-ldap-utils_2.6.8+dfsg-1~exp4ubuntu3_arm64.deb ... 263s Unpacking ldap-utils (2.6.8+dfsg-1~exp4ubuntu3) ... 263s Selecting previously unselected package libavahi-common-data:arm64. 263s Preparing to unpack .../09-libavahi-common-data_0.8-14ubuntu1_arm64.deb ... 263s Unpacking libavahi-common-data:arm64 (0.8-14ubuntu1) ... 263s Selecting previously unselected package libavahi-common3:arm64. 263s Preparing to unpack .../10-libavahi-common3_0.8-14ubuntu1_arm64.deb ... 263s Unpacking libavahi-common3:arm64 (0.8-14ubuntu1) ... 263s Selecting previously unselected package libavahi-client3:arm64. 263s Preparing to unpack .../11-libavahi-client3_0.8-14ubuntu1_arm64.deb ... 263s Unpacking libavahi-client3:arm64 (0.8-14ubuntu1) ... 263s Selecting previously unselected package libbasicobjects0t64:arm64. 263s Preparing to unpack .../12-libbasicobjects0t64_0.6.2-3_arm64.deb ... 263s Unpacking libbasicobjects0t64:arm64 (0.6.2-3) ... 263s Selecting previously unselected package libcares2:arm64. 263s Preparing to unpack .../13-libcares2_1.34.4-2.1_arm64.deb ... 263s Unpacking libcares2:arm64 (1.34.4-2.1) ... 263s Selecting previously unselected package libcollection4t64:arm64. 263s Preparing to unpack .../14-libcollection4t64_0.6.2-3_arm64.deb ... 263s Unpacking libcollection4t64:arm64 (0.6.2-3) ... 263s Selecting previously unselected package libcrack2:arm64. 263s Preparing to unpack .../15-libcrack2_2.9.6-5.2_arm64.deb ... 263s Unpacking libcrack2:arm64 (2.9.6-5.2) ... 263s Selecting previously unselected package libdhash1t64:arm64. 263s Preparing to unpack .../16-libdhash1t64_0.6.2-3_arm64.deb ... 263s Unpacking libdhash1t64:arm64 (0.6.2-3) ... 263s Selecting previously unselected package libevent-2.1-7t64:arm64. 263s Preparing to unpack .../17-libevent-2.1-7t64_2.1.12-stable-10_arm64.deb ... 263s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 263s Selecting previously unselected package libpath-utils1t64:arm64. 263s Preparing to unpack .../18-libpath-utils1t64_0.6.2-3_arm64.deb ... 263s Unpacking libpath-utils1t64:arm64 (0.6.2-3) ... 263s Selecting previously unselected package libref-array1t64:arm64. 263s Preparing to unpack .../19-libref-array1t64_0.6.2-3_arm64.deb ... 263s Unpacking libref-array1t64:arm64 (0.6.2-3) ... 263s Selecting previously unselected package libini-config5t64:arm64. 264s Preparing to unpack .../20-libini-config5t64_0.6.2-3_arm64.deb ... 264s Unpacking libini-config5t64:arm64 (0.6.2-3) ... 264s Selecting previously unselected package libipa-hbac0t64. 264s Preparing to unpack .../21-libipa-hbac0t64_2.10.1-2ubuntu1_arm64.deb ... 264s Unpacking libipa-hbac0t64 (2.10.1-2ubuntu1) ... 264s Selecting previously unselected package libjose0:arm64. 264s Preparing to unpack .../22-libjose0_14-1_arm64.deb ... 264s Unpacking libjose0:arm64 (14-1) ... 264s Selecting previously unselected package libverto-libevent1t64:arm64. 264s Preparing to unpack .../23-libverto-libevent1t64_0.3.1-1.2ubuntu3_arm64.deb ... 264s Unpacking libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 264s Selecting previously unselected package libverto1t64:arm64. 264s Preparing to unpack .../24-libverto1t64_0.3.1-1.2ubuntu3_arm64.deb ... 264s Unpacking libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 264s Selecting previously unselected package libkrad0:arm64. 264s Preparing to unpack .../25-libkrad0_1.21.3-3_arm64.deb ... 264s Unpacking libkrad0:arm64 (1.21.3-3) ... 264s Selecting previously unselected package libtalloc2:arm64. 264s Preparing to unpack .../26-libtalloc2_2.4.2-1build2_arm64.deb ... 264s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 264s Selecting previously unselected package libtdb1:arm64. 264s Preparing to unpack .../27-libtdb1_1.4.12-1build1_arm64.deb ... 264s Unpacking libtdb1:arm64 (1.4.12-1build1) ... 264s Selecting previously unselected package libtevent0t64:arm64. 264s Preparing to unpack .../28-libtevent0t64_0.16.1-3_arm64.deb ... 264s Unpacking libtevent0t64:arm64 (0.16.1-3) ... 264s Selecting previously unselected package libldb2:arm64. 264s Preparing to unpack .../29-libldb2_2%3a2.9.1+samba4.20.4+dfsg-1ubuntu5_arm64.deb ... 264s Unpacking libldb2:arm64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu5) ... 264s Selecting previously unselected package libnfsidmap1:arm64. 264s Preparing to unpack .../30-libnfsidmap1_1%3a2.6.4-4ubuntu1_arm64.deb ... 264s Unpacking libnfsidmap1:arm64 (1:2.6.4-4ubuntu1) ... 264s Selecting previously unselected package libnss-sudo. 264s Preparing to unpack .../31-libnss-sudo_1.9.15p5-3ubuntu5_all.deb ... 264s Unpacking libnss-sudo (1.9.15p5-3ubuntu5) ... 264s Selecting previously unselected package libpwquality-common. 264s Preparing to unpack .../32-libpwquality-common_1.4.5-3build1_all.deb ... 264s Unpacking libpwquality-common (1.4.5-3build1) ... 264s Selecting previously unselected package libpwquality1:arm64. 264s Preparing to unpack .../33-libpwquality1_1.4.5-3build1_arm64.deb ... 264s Unpacking libpwquality1:arm64 (1.4.5-3build1) ... 264s Selecting previously unselected package libpam-pwquality:arm64. 264s Preparing to unpack .../34-libpam-pwquality_1.4.5-3build1_arm64.deb ... 264s Unpacking libpam-pwquality:arm64 (1.4.5-3build1) ... 264s Selecting previously unselected package libwbclient0:arm64. 264s Preparing to unpack .../35-libwbclient0_2%3a4.20.4+dfsg-1ubuntu5_arm64.deb ... 264s Unpacking libwbclient0:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 264s Selecting previously unselected package samba-libs:arm64. 264s Preparing to unpack .../36-samba-libs_2%3a4.20.4+dfsg-1ubuntu5_arm64.deb ... 264s Unpacking samba-libs:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 264s Selecting previously unselected package libsmbclient0:arm64. 264s Preparing to unpack .../37-libsmbclient0_2%3a4.20.4+dfsg-1ubuntu5_arm64.deb ... 264s Unpacking libsmbclient0:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 264s Selecting previously unselected package libnss-sss:arm64. 264s Preparing to unpack .../38-libnss-sss_2.10.1-2ubuntu1_arm64.deb ... 264s Unpacking libnss-sss:arm64 (2.10.1-2ubuntu1) ... 264s Selecting previously unselected package libpam-sss:arm64. 264s Preparing to unpack .../39-libpam-sss_2.10.1-2ubuntu1_arm64.deb ... 264s Unpacking libpam-sss:arm64 (2.10.1-2ubuntu1) ... 264s Selecting previously unselected package python3-sss. 265s Preparing to unpack .../40-python3-sss_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking python3-sss (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package libsss-certmap0. 265s Preparing to unpack .../41-libsss-certmap0_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking libsss-certmap0 (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package libsss-idmap0. 265s Preparing to unpack .../42-libsss-idmap0_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking libsss-idmap0 (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package libsss-nss-idmap0. 265s Preparing to unpack .../43-libsss-nss-idmap0_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking libsss-nss-idmap0 (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package sssd-common. 265s Preparing to unpack .../44-sssd-common_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking sssd-common (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package sssd-idp. 265s Preparing to unpack .../45-sssd-idp_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking sssd-idp (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package sssd-passkey. 265s Preparing to unpack .../46-sssd-passkey_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking sssd-passkey (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package libipa-hbac-dev. 265s Preparing to unpack .../47-libipa-hbac-dev_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking libipa-hbac-dev (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package libsss-certmap-dev. 265s Preparing to unpack .../48-libsss-certmap-dev_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking libsss-certmap-dev (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package libsss-idmap-dev. 265s Preparing to unpack .../49-libsss-idmap-dev_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking libsss-idmap-dev (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package libsss-nss-idmap-dev. 265s Preparing to unpack .../50-libsss-nss-idmap-dev_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking libsss-nss-idmap-dev (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package libsss-sudo. 265s Preparing to unpack .../51-libsss-sudo_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking libsss-sudo (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package python3-libipa-hbac. 265s Preparing to unpack .../52-python3-libipa-hbac_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking python3-libipa-hbac (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package python3-libsss-nss-idmap. 265s Preparing to unpack .../53-python3-libsss-nss-idmap_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking python3-libsss-nss-idmap (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package sssd-ad-common. 265s Preparing to unpack .../54-sssd-ad-common_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking sssd-ad-common (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package sssd-krb5-common. 265s Preparing to unpack .../55-sssd-krb5-common_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking sssd-krb5-common (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package sssd-ad. 265s Preparing to unpack .../56-sssd-ad_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking sssd-ad (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package sssd-ipa. 265s Preparing to unpack .../57-sssd-ipa_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking sssd-ipa (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package sssd-krb5. 265s Preparing to unpack .../58-sssd-krb5_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking sssd-krb5 (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package sssd-ldap. 265s Preparing to unpack .../59-sssd-ldap_2.10.1-2ubuntu1_arm64.deb ... 265s Unpacking sssd-ldap (2.10.1-2ubuntu1) ... 265s Selecting previously unselected package sssd-proxy. 266s Preparing to unpack .../60-sssd-proxy_2.10.1-2ubuntu1_arm64.deb ... 266s Unpacking sssd-proxy (2.10.1-2ubuntu1) ... 266s Selecting previously unselected package sssd. 266s Preparing to unpack .../61-sssd_2.10.1-2ubuntu1_arm64.deb ... 266s Unpacking sssd (2.10.1-2ubuntu1) ... 266s Selecting previously unselected package sssd-dbus. 266s Preparing to unpack .../62-sssd-dbus_2.10.1-2ubuntu1_arm64.deb ... 266s Unpacking sssd-dbus (2.10.1-2ubuntu1) ... 266s Selecting previously unselected package sssd-kcm. 266s Preparing to unpack .../63-sssd-kcm_2.10.1-2ubuntu1_arm64.deb ... 266s Unpacking sssd-kcm (2.10.1-2ubuntu1) ... 266s Selecting previously unselected package sssd-tools. 266s Preparing to unpack .../64-sssd-tools_2.10.1-2ubuntu1_arm64.deb ... 266s Unpacking sssd-tools (2.10.1-2ubuntu1) ... 266s Setting up libpwquality-common (1.4.5-3build1) ... 266s Setting up libnfsidmap1:arm64 (1:2.6.4-4ubuntu1) ... 266s Setting up libsss-idmap0 (2.10.1-2ubuntu1) ... 266s Setting up libbasicobjects0t64:arm64 (0.6.2-3) ... 266s Setting up libipa-hbac0t64 (2.10.1-2ubuntu1) ... 266s Setting up libsss-idmap-dev (2.10.1-2ubuntu1) ... 266s Setting up libref-array1t64:arm64 (0.6.2-3) ... 266s Setting up libipa-hbac-dev (2.10.1-2ubuntu1) ... 266s Setting up libtdb1:arm64 (1.4.12-1build1) ... 266s Setting up libargon2-1:arm64 (0~20190702+dfsg-4build1) ... 266s Setting up libcollection4t64:arm64 (0.6.2-3) ... 266s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 266s Setting up ldap-utils (2.6.8+dfsg-1~exp4ubuntu3) ... 266s Setting up libjose0:arm64 (14-1) ... 266s Setting up libwbclient0:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 266s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 266s Setting up libpath-utils1t64:arm64 (0.6.2-3) ... 266s Setting up libavahi-common-data:arm64 (0.8-14ubuntu1) ... 266s Setting up libcares2:arm64 (1.34.4-2.1) ... 266s Setting up libdhash1t64:arm64 (0.6.2-3) ... 266s Setting up libtcl8.6:arm64 (8.6.15+dfsg-2) ... 266s Setting up libltdl7:arm64 (2.4.7-8) ... 266s Setting up libcrack2:arm64 (2.9.6-5.2) ... 266s Setting up libodbc2:arm64 (2.3.12-1ubuntu1) ... 266s Setting up python3-libipa-hbac (2.10.1-2ubuntu1) ... 266s Setting up libnss-sudo (1.9.15p5-3ubuntu5) ... 266s Setting up libsss-nss-idmap0 (2.10.1-2ubuntu1) ... 266s Setting up libini-config5t64:arm64 (0.6.2-3) ... 266s Setting up libtevent0t64:arm64 (0.16.1-3) ... 266s Setting up libnss-sss:arm64 (2.10.1-2ubuntu1) ... 266s Setting up slapd (2.6.8+dfsg-1~exp4ubuntu3) ... 266s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 266s Can't find configuration db, was SSSD configured and run? 266s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 266s Can't find configuration db, was SSSD configured and run? 266s Creating new user openldap... [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 266s Can't find configuration db, was SSSD configured and run? 266s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 266s Can't find configuration db, was SSSD configured and run? 266s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 266s Can't find configuration db, was SSSD configured and run? 266s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 266s Can't find configuration db, was SSSD configured and run? 266s done. 266s Creating initial configuration... done. 266s Creating LDAP directory... done. 267s Setting up tcl8.6 (8.6.15+dfsg-2) ... 267s Setting up libsss-sudo (2.10.1-2ubuntu1) ... 267s Setting up libsss-nss-idmap-dev (2.10.1-2ubuntu1) ... 267s Setting up libavahi-common3:arm64 (0.8-14ubuntu1) ... 267s Setting up tcl-expect:arm64 (5.45.4-3) ... 267s Setting up libsss-certmap0 (2.10.1-2ubuntu1) ... 267s Setting up libpwquality1:arm64 (1.4.5-3build1) ... 267s Setting up python3-libsss-nss-idmap (2.10.1-2ubuntu1) ... 267s Setting up libldb2:arm64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu5) ... 267s Setting up libavahi-client3:arm64 (0.8-14ubuntu1) ... 267s Setting up expect (5.45.4-3) ... 267s Setting up libpam-pwquality:arm64 (1.4.5-3build1) ... 267s Setting up samba-libs:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 267s Setting up libsss-certmap-dev (2.10.1-2ubuntu1) ... 267s Setting up python3-sss (2.10.1-2ubuntu1) ... 267s Setting up libsmbclient0:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 267s Setting up libpam-sss:arm64 (2.10.1-2ubuntu1) ... 267s Setting up sssd-common (2.10.1-2ubuntu1) ... 267s Creating SSSD system user & group... 267s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 267s Can't find configuration db, was SSSD configured and run? 267s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 267s Can't find configuration db, was SSSD configured and run? 267s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 267s Can't find configuration db, was SSSD configured and run? 267s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 267s Can't find configuration db, was SSSD configured and run? 268s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 268s Can't find configuration db, was SSSD configured and run? 268s [sss_cache] [sss_tool_confdb_init] (0x0010): Can't access '/var/lib/sss/db/config.ldb', probably SSSD isn't configured 268s Can't find configuration db, was SSSD configured and run? 268s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 268s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 268s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 268s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 268s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 268s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 269s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 269s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 269s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 270s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 270s sssd-autofs.service is a disabled or a static unit, not starting it. 270s sssd-nss.service is a disabled or a static unit, not starting it. 270s sssd-pam.service is a disabled or a static unit, not starting it. 270s sssd-ssh.service is a disabled or a static unit, not starting it. 270s sssd-sudo.service is a disabled or a static unit, not starting it. 270s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 270s Setting up sssd-proxy (2.10.1-2ubuntu1) ... 270s Setting up sssd-kcm (2.10.1-2ubuntu1) ... 270s Created symlink '/etc/systemd/system/sockets.target.wants/sssd-kcm.socket' → '/usr/lib/systemd/system/sssd-kcm.socket'. 271s sssd-kcm.service is a disabled or a static unit, not starting it. 271s Setting up sssd-dbus (2.10.1-2ubuntu1) ... 271s sssd-ifp.service is a disabled or a static unit, not starting it. 271s Setting up sssd-ad-common (2.10.1-2ubuntu1) ... 271s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 272s sssd-pac.service is a disabled or a static unit, not starting it. 272s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 272s Setting up sssd-krb5-common (2.10.1-2ubuntu1) ... 272s Setting up sssd-krb5 (2.10.1-2ubuntu1) ... 272s Setting up sssd-ldap (2.10.1-2ubuntu1) ... 272s Setting up sssd-ad (2.10.1-2ubuntu1) ... 272s Setting up sssd-tools (2.10.1-2ubuntu1) ... 272s Setting up sssd-ipa (2.10.1-2ubuntu1) ... 272s Setting up sssd (2.10.1-2ubuntu1) ... 272s Setting up libverto1t64:arm64 (0.3.1-1.2ubuntu3) ... 272s Setting up libkrad0:arm64 (1.21.3-3) ... 272s Setting up libverto-libevent1t64:arm64 (0.3.1-1.2ubuntu3) ... 272s Setting up sssd-passkey (2.10.1-2ubuntu1) ... 272s Setting up sssd-idp (2.10.1-2ubuntu1) ... 272s Processing triggers for libc-bin (2.40-4ubuntu1) ... 272s Processing triggers for ufw (0.36.2-8) ... 272s Processing triggers for man-db (2.13.0-1) ... 273s Processing triggers for dbus (1.14.10-4ubuntu5) ... 280s autopkgtest [02:37:59]: test ldap-user-group-ldap-auth: [----------------------- 280s + . debian/tests/util 280s + . debian/tests/common-tests 280s + trap cleanup EXIT 280s + mydomain=example.com 280s + myhostname=ldap.example.com 280s + mysuffix=dc=example,dc=com 280s + admin_dn=cn=admin,dc=example,dc=com 280s + admin_pw=secret 280s + ldap_user=testuser1 280s + ldap_user_pw=testuser1secret 280s + ldap_group=ldapusers 280s + adjust_hostname ldap.example.com 280s + local myhostname=ldap.example.com 280s + echo ldap.example.com 280s + hostname ldap.example.com 280s + grep -qE ldap.example.com /etc/hosts 280s + echo 127.0.1.10 ldap.example.com 280s + reconfigure_slapd 280s + debconf-set-selections 280s + rm -rf /var/backups/*slapd* /var/backups/unknown*ldapdb 280s + dpkg-reconfigure -fnoninteractive -pcritical slapd 281s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3... done. 281s Moving old database directory to /var/backups: 281s - directory unknown... done. 281s Creating initial configuration... done. 281s Creating LDAP directory... done. 281s + generate_certs ldap.example.com 281s + local cn=ldap.example.com 281s + local cert=/etc/ldap/server.pem 281s + local key=/etc/ldap/server.key 281s + local cnf=/etc/ldap/openssl.cnf 281s + cat 281s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 281s .+...+.+.....+.........+...+....+++++++++++++++++++++++++++++++++++++++*.....+..........+++++++++++++++++++++++++++++++++++++++*.....+.+.....+......+.+...+..+...+......+.+.........+.....+......+...+..........+......+...+............+......+.....+....+........+..................+....++++++ 282s ..........+....+..+.......+..+...+...+....+.....+......+...+....+++++++++++++++++++++++++++++++++++++++*....+.+...+..+...+...+.........+....+............+++++++++++++++++++++++++++++++++++++++*......+........+.......+...+...........+.......+........+......+...+...+...............+....+...+...+.......................+.+.....+...+.+......+......+..+..........+......+.....+....+..+...+............+.........+.+........+...+...+..........+..............+...+...+.+.....+.++++++ 282s ----- 282s + chmod 0640 /etc/ldap/server.key 282s + chgrp openldap /etc/ldap/server.key 282s + [ ! -f /etc/ldap/server.pem ] 282s + [ ! -f /etc/ldap/server.key ] 282s + enable_ldap_ssl 282s + cat 282s + cat 282s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 282s modifying entry "cn=config" 282s 282s + populate_ldap_rfc2307 282s + cat 282s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 282s adding new entry "ou=People,dc=example,dc=com" 282s 282s adding new entry "ou=Group,dc=example,dc=com" 282s 282s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 282s 282s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 282s 282s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 282s 282s + configure_sssd_ldap_rfc2307 282s + cat 282s + chmod 0600 /etc/sssd/sssd.conf 282s + systemctl restart sssd 282s + enable_pam_mkhomedir 282s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 282s Assert local user databases do not have our LDAP test data 282s + echo session optional pam_mkhomedir.so 282s + run_common_tests 282s + echo Assert local user databases do not have our LDAP test data 282s + check_local_user testuser1 282s + local local_user=testuser1 282s + grep -q ^testuser1 /etc/passwd 282s + check_local_group testuser1 282s + local local_group=testuser1 282s + grep -q ^testuser1 /etc/group 282s + check_local_group ldapusers 282s + local local_group=ldapusers 282s + grep -q ^ldapusers /etc/group 282s + echo The LDAP user is known to the system via getent 282s + check_getent_user testuser1 282s + local getent_user=testuser1 282s + local output 282s The LDAP user is known to the system via getent 282s + getent passwd testuser1 282s The LDAP user's private group is known to the system via getent 282s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 282s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 282s + echo The LDAP user's private group is known to the system via getent 282s + check_getent_group testuser1 282s + local getent_group=testuser1 282s + local output 282s + getent group testuser1 282s The LDAP group ldapusers is known to the system via getent 282s + output=testuser1:*:10001:testuser1 282s + [ -z testuser1:*:10001:testuser1 ] 282s + echo The LDAP group ldapusers is known to the system via getent 282s + check_getent_group ldapusers 282s + local getent_group=ldapusers 282s + local output 282s + getent group ldapusers 282s The id(1) command can resolve the group membership of the LDAP user 282s + output=ldapusers:*:10100:testuser1 282s + [ -z ldapusers:*:10100:testuser1 ] 282s + echo The id(1) command can resolve the group membership of the LDAP user 282s + id -Gn testuser1 282s The LDAP user can login via ssh 282s + output=testuser1 ldapusers 282s + [ testuser1 ldapusers != testuser1 ldapusers ] 282s + echo The LDAP user can login via ssh 282s + setup_sshd_password_auth 282s + cat 282s + systemctl restart ssh 282s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1secret 282s spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no testuser1@localhost 282s Warning: Permanently added 'localhost' (ED25519) to the list of known hosts. 282s testuser1@localhost's password: 283s Creating directory '/home/testuser1'. 283s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.11.0-8-generic aarch64) 283s 283s * Documentation: https://help.ubuntu.com 283s * Management: https://landscape.canonical.com 283s * Support: https://ubuntu.com/pro 283s 283s 283s The programs included with the Ubuntu system are free software; 283s the exact distribution terms for each program are described in the 283s individual files in /usr/share/doc/*/copyright. 283s 283s Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by 283s applicable law. 283s 283s [?2004htestuser1@ldap:~$ + cleanup 283s + result=0 283s + set +e 283s + [ 0 -ne 0 ] 283s + echo ## All tests passed, phew 283s + cleanup_sshd_config 283s + rm -f /etc/ssh/sshd_config.d/00-dep8.conf 283s id -un 283s [?2004l testuser1 283s [?2004htestuser1@ldap:~$ ## All tests passed, phew 283s + systemctl restart ssh 283s autopkgtest [02:38:02]: test ldap-user-group-ldap-auth: -----------------------] 284s autopkgtest [02:38:03]: test ldap-user-group-ldap-auth: - - - - - - - - - - results - - - - - - - - - - 284s ldap-user-group-ldap-auth PASS 284s autopkgtest [02:38:03]: test ldap-user-group-krb5-auth: preparing testbed 285s Reading package lists... 285s Building dependency tree... 285s Reading state information... 285s Starting pkgProblemResolver with broken count: 0 285s Starting 2 pkgProblemResolver with broken count: 0 285s Done 286s The following NEW packages will be installed: 286s krb5-admin-server krb5-config krb5-kdc krb5-user libgssrpc4t64 286s libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 286s 0 upgraded, 8 newly installed, 0 to remove and 2 not upgraded. 286s Need to get 606 kB of archives. 286s After this operation, 2986 kB of additional disk space will be used. 286s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 krb5-config all 2.7 [22.0 kB] 286s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 libgssrpc4t64 arm64 1.21.3-3 [58.1 kB] 286s Get:3 http://ftpmaster.internal/ubuntu plucky/main arm64 libkadm5clnt-mit12 arm64 1.21.3-3 [39.7 kB] 286s Get:4 http://ftpmaster.internal/ubuntu plucky/main arm64 libkdb5-10t64 arm64 1.21.3-3 [40.6 kB] 286s Get:5 http://ftpmaster.internal/ubuntu plucky/main arm64 libkadm5srv-mit12 arm64 1.21.3-3 [53.1 kB] 286s Get:6 http://ftpmaster.internal/ubuntu plucky/universe arm64 krb5-user arm64 1.21.3-3 [108 kB] 287s Get:7 http://ftpmaster.internal/ubuntu plucky/universe arm64 krb5-kdc arm64 1.21.3-3 [189 kB] 287s Get:8 http://ftpmaster.internal/ubuntu plucky/universe arm64 krb5-admin-server arm64 1.21.3-3 [94.9 kB] 287s Preconfiguring packages ... 287s Fetched 606 kB in 1s (810 kB/s) 287s Selecting previously unselected package krb5-config. 287s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 82209 files and directories currently installed.) 287s Preparing to unpack .../0-krb5-config_2.7_all.deb ... 287s Unpacking krb5-config (2.7) ... 287s Selecting previously unselected package libgssrpc4t64:arm64. 287s Preparing to unpack .../1-libgssrpc4t64_1.21.3-3_arm64.deb ... 287s Unpacking libgssrpc4t64:arm64 (1.21.3-3) ... 287s Selecting previously unselected package libkadm5clnt-mit12:arm64. 287s Preparing to unpack .../2-libkadm5clnt-mit12_1.21.3-3_arm64.deb ... 287s Unpacking libkadm5clnt-mit12:arm64 (1.21.3-3) ... 288s Selecting previously unselected package libkdb5-10t64:arm64. 288s Preparing to unpack .../3-libkdb5-10t64_1.21.3-3_arm64.deb ... 288s Unpacking libkdb5-10t64:arm64 (1.21.3-3) ... 288s Selecting previously unselected package libkadm5srv-mit12:arm64. 288s Preparing to unpack .../4-libkadm5srv-mit12_1.21.3-3_arm64.deb ... 288s Unpacking libkadm5srv-mit12:arm64 (1.21.3-3) ... 288s Selecting previously unselected package krb5-user. 288s Preparing to unpack .../5-krb5-user_1.21.3-3_arm64.deb ... 288s Unpacking krb5-user (1.21.3-3) ... 288s Selecting previously unselected package krb5-kdc. 288s Preparing to unpack .../6-krb5-kdc_1.21.3-3_arm64.deb ... 288s Unpacking krb5-kdc (1.21.3-3) ... 288s Selecting previously unselected package krb5-admin-server. 288s Preparing to unpack .../7-krb5-admin-server_1.21.3-3_arm64.deb ... 288s Unpacking krb5-admin-server (1.21.3-3) ... 288s Setting up libgssrpc4t64:arm64 (1.21.3-3) ... 288s Setting up krb5-config (2.7) ... 288s Setting up libkadm5clnt-mit12:arm64 (1.21.3-3) ... 288s Setting up libkdb5-10t64:arm64 (1.21.3-3) ... 288s Setting up libkadm5srv-mit12:arm64 (1.21.3-3) ... 288s Setting up krb5-user (1.21.3-3) ... 288s update-alternatives: using /usr/bin/kinit.mit to provide /usr/bin/kinit (kinit) in auto mode 288s update-alternatives: using /usr/bin/klist.mit to provide /usr/bin/klist (klist) in auto mode 288s update-alternatives: using /usr/bin/kswitch.mit to provide /usr/bin/kswitch (kswitch) in auto mode 288s update-alternatives: using /usr/bin/ksu.mit to provide /usr/bin/ksu (ksu) in auto mode 288s update-alternatives: using /usr/bin/kpasswd.mit to provide /usr/bin/kpasswd (kpasswd) in auto mode 288s update-alternatives: using /usr/bin/kdestroy.mit to provide /usr/bin/kdestroy (kdestroy) in auto mode 288s update-alternatives: using /usr/bin/kadmin.mit to provide /usr/bin/kadmin (kadmin) in auto mode 288s update-alternatives: using /usr/bin/ktutil.mit to provide /usr/bin/ktutil (ktutil) in auto mode 288s Setting up krb5-kdc (1.21.3-3) ... 289s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-kdc.service' → '/usr/lib/systemd/system/krb5-kdc.service'. 289s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 289s Setting up krb5-admin-server (1.21.3-3) ... 289s Created symlink '/etc/systemd/system/multi-user.target.wants/krb5-admin-server.service' → '/usr/lib/systemd/system/krb5-admin-server.service'. 290s Processing triggers for man-db (2.13.0-1) ... 290s Processing triggers for libc-bin (2.40-4ubuntu1) ... 298s autopkgtest [02:38:17]: test ldap-user-group-krb5-auth: [----------------------- 298s + . debian/tests/util 298s + . debian/tests/common-tests 298s + trap cleanup EXIT 298s + mydomain=example.com 298s + myhostname=ldap.example.com 298s + mysuffix=dc=example,dc=com 298s + myrealm=EXAMPLE.COM 298s + admin_dn=cn=admin,dc=example,dc=com 298s + admin_pw=secret 298s + ldap_user=testuser1 298s + ldap_user_pw=testuser1secret 298s + kerberos_principal_pw=testuser1kerberos 298s + ldap_group=ldapusers 298s + adjust_hostname ldap.example.com 298s + local myhostname=ldap.example.com 298s + echo ldap.example.com 298s + hostname ldap.example.com 298s + grep -qE ldap.example.com /etc/hosts 298s + reconfigure_slapd 298s + debconf-set-selections 298s + rm -rf /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3 /var/backups/unknown-2.6.8+dfsg-1~exp4ubuntu3-20250115-023800.ldapdb 298s + dpkg-reconfigure -fnoninteractive -pcritical slapd 299s Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.6.8+dfsg-1~exp4ubuntu3... done. 299s Moving old database directory to /var/backups: 299s - directory unknown... done. 299s Creating initial configuration... done. 299s Creating LDAP directory... done. 299s + generate_certs ldap.example.com 299s + local cn=ldap.example.com 299s + local cert=/etc/ldap/server.pem 299s + local key=/etc/ldap/server.key 299s + local cnf=/etc/ldap/openssl.cnf 299s + cat 299s + openssl req -new -x509 -nodes -out /etc/ldap/server.pem -keyout /etc/ldap/server.key -config /etc/ldap/openssl.cnf 299s ..+++++++++++++++++++++++++++++++++++++++*......+....+.........+..+...+...............+.+...+...+...+.....+......+.+..+......+......+++++++++++++++++++++++++++++++++++++++*.+.+..+.+.....+.......+...+.....+............+..........+..............+..........+...+..+..........+...+...+.....+.........+.........+.........+.+.....+.+......+..+......+......+.........++++++ 299s ......+..........+..+++++++++++++++++++++++++++++++++++++++*.....+...+.....+.+........+...+...+..........+.........+..+...+.+..............+..........+++++++++++++++++++++++++++++++++++++++*...+.+......+.........+......+........+...+...+.........+............+...............+.+..+.......+........+.+..++++modifying entry "cn=config" 299s 299s ++ 299s ----- 299s + chmod 0640 /etc/ldap/server.key 299s + chgrp openldap /etc/ldap/server.key 299s + [ ! -f /etc/ldap/server.pem ] 299s + [ ! -f /etc/ldap/server.key ] 299s + enable_ldap_ssl 299s + cat 299s + cat 299s + ldapmodify -H ldapi:/// -Y EXTERNAL -Q 299s + populate_ldap_rfc2307 299s + cat 299s + ldapadd -x -D cn=admin,dc=example,dc=com -w secret 299s adding new entry "ou=People,dc=example,dc=com" 299s 299s adding new entry "ou=Group,dc=example,dc=com" 299s 299s adding new entry "uid=testuser1,ou=People,dc=example,dc=com" 299s 299s adding new entry "cn=testuser1,ou=Group,dc=example,dc=com" 299s 299s adding new entry "cn=ldapusers,ou=Group,dc=example,dc=com" 299s 299s + create_realm EXAMPLE.COM ldap.example.com 299s + local realm_name=EXAMPLE.COM 299s + local kerberos_server=ldap.example.com 299s + rm -rf /var/lib/krb5kdc/* 299s + rm -rf /etc/krb5kdc/kdc.conf 299s + rm -f /etc/krb5.keytab 299s + cat 299s + cat 299s + echo # */admin * 299s + kdb5_util create -s -P secretpassword 299s Initializing database '/var/lib/krb5kdc/principal' for realm 'EXAMPLE.COM', 299s master key name 'K/M@EXAMPLE.COM' 299s + systemctl restart krb5-kdc.service krb5-admin-server.service 299s + create_krb_principal testuser1 testuser1kerberos 299s + local principal=testuser1 299s + local password=testuser1kerberos 299s + kadmin.local -q addprinc -pw testuser1kerberos testuser1 300s No policy specified for testuser1@EXAMPLE.COM; defaulting to no policy 300s Authenticating as principal root/admin@EXAMPLE.COM with password. 300s Principal "testuser1@EXAMPLE.COM" created. 300s + configure_sssd_ldap_rfc2307_krb5_auth 300s + cat 300s + chmod 0600 /etc/sssd/sssd.conf 300s + systemctl restart sssd 300s + enable_pam_mkhomedir 300s + grep -qE ^session.*pam_mkhomedir\.so /etc/pam.d/common-session 300s Assert local user databases do not have our LDAP test data 300s + run_common_tests 300s + echo Assert local user databases do not have our LDAP test data 300s + check_local_user testuser1 300s + local local_user=testuser1 300s + grep -q ^testuser1 /etc/passwd 300s + check_local_group testuser1 300s + local local_group=testuser1 300s + grep -q ^testuser1 /etc/group 300s + check_local_group ldapusers 300s + local local_group=ldapusers 300s + grep -q ^ldapusers /etc/group 300s The LDAP user is known to the system via getent 300s The LDAP user's private group is known to the system via getent 300s + echo The LDAP user is known to the system via getent 300s + check_getent_user testuser1 300s + local getent_user=testuser1 300s + local output 300s + getent passwd testuser1 300s + output=testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash 300s + [ -z testuser1:*:10001:10001:testuser1:/home/testuser1:/bin/bash ] 300s + echo The LDAP user's private group is known to the system via getent 300s + check_getent_group testuser1 300s + local getent_group=testuser1 300s + local output 300s + getent group testuser1 300s + output=testuser1:*:10001:testuser1 300s + [ -z testuser1:*:10001:testuser1 ] 300s + echo The LDAP group ldapusers is known to the system via getent 300s + check_getent_group ldapusers 300s + local getent_group=ldapusers 300s + local output 300s + getent group ldapusers 300s The LDAP group ldapusers is known to the system via getent 300s The id(1) command can resolve the group membership of the LDAP user 300s + output=ldapusers:*:10100:testuser1 300s + [ -z ldapusers:*:10100:testuser1 ] 300s + echo The id(1) command can resolve the group membership of the LDAP user 300s + id -Gn testuser1 300s The Kerberos principal can login via ssh 300s + output=testuser1 ldapusers 300s + [ testuser1 ldapusers != testuser1 ldapusers ] 300s + echo The Kerberos principal can login via ssh 300s + setup_sshd_password_auth 300s + cat 300s + systemctl restart ssh 300s + kdestroy 300s + /usr/bin/expect -f debian/tests/login.exp testuser1 testuser1kerberos testuser1@EXAMPLE.COM 300s spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no testuser1@localhost 300s Warning: Permanently added 'localhost' (ED25519) to the list of known hosts. 300s testuser1@localhost's password: 301s Welcome to Ubuntu Plucky Puffin (development branch) (GNU/Linux 6.11.0-8-generic aarch64) 301s 301s * Documentation: https://help.ubuntu.com 301s * Management: https://landscape.canonical.com 301s * Support: https://ubuntu.com/pro 301s 301s Last login: Wed Jan 15 02:38:02 2025 from ::1 301s [?2004htestuser1@ldap:~$ id -un 301s [?2004l testuser1 301s [?2004htestuser1@ldap:~$ klist 301s [?2004l Ticket cache: FILE:/tmp/krb5cc_10001_z80vkU 301s Default principal: testuser1@EXAMPLE.COM 301s 301s Valid starting Expires Service principal 301s 01/15/25 02:38:19 01/15/25 12:38:19 krbtgt/EXAMPLE.COM@EXAMPLE.COM 301s renew until 01/16/25 02:38:19 301s + cleanup 301s + result=0 301s + set +e 301s + [ 0 -ne 0 ] 301s + echo ## All tests passed, phew 301s + cleanup_sshd_config 301s + rm -f /etc/ssh/sshd_config.d/00-dep8.conf 301s + systemctl restart ssh 301s ## All tests passed, phew 301s autopkgtest [02:38:20]: test ldap-user-group-krb5-auth: -----------------------] 302s ldap-user-group-krb5-auth PASS 302s autopkgtest [02:38:21]: test ldap-user-group-krb5-auth: - - - - - - - - - - results - - - - - - - - - - 302s autopkgtest [02:38:21]: test sssd-softhism2-certificates-tests.sh: preparing testbed 484s autopkgtest [02:41:23]: testbed dpkg architecture: arm64 484s autopkgtest [02:41:23]: testbed apt version: 2.9.18 485s autopkgtest [02:41:24]: @@@@@@@@@@@@@@@@@@@@ test bed setup 485s autopkgtest [02:41:24]: testbed release detected to be: plucky 486s autopkgtest [02:41:25]: updating testbed package index (apt update) 486s Get:1 http://ftpmaster.internal/ubuntu plucky-proposed InRelease [73.9 kB] 486s Hit:2 http://ftpmaster.internal/ubuntu plucky InRelease 486s Hit:3 http://ftpmaster.internal/ubuntu plucky-updates InRelease 486s Hit:4 http://ftpmaster.internal/ubuntu plucky-security InRelease 486s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse Sources [12.3 kB] 486s Get:6 http://ftpmaster.internal/ubuntu plucky-proposed/main Sources [149 kB] 486s Get:7 http://ftpmaster.internal/ubuntu plucky-proposed/restricted Sources [9708 B] 486s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/universe Sources [880 kB] 487s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 Packages [292 kB] 487s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/restricted arm64 Packages [57.8 kB] 487s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/universe arm64 Packages [1040 kB] 487s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/multiverse arm64 Packages [10.2 kB] 487s Fetched 2525 kB in 1s (2443 kB/s) 488s Reading package lists... 488s + lsb_release --codename --short 488s + RELEASE=plucky 488s + cat 488s + [ plucky != trusty ] 488s + DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y --allow-downgrades -o Dpkg::Options::=--force-confnew dist-upgrade 489s Reading package lists... 489s Building dependency tree... 489s Reading state information... 489s Calculating upgrade... 490s 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 490s + rm /etc/apt/preferences.d/force-downgrade-to-release.pref 490s + /usr/lib/apt/apt-helper analyze-pattern ?true 490s + DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y purge --autoremove ?obsolete 490s Reading package lists... 490s Building dependency tree... 490s Reading state information... 491s 0 upgraded, 0 newly installed, 0 to remove and 36 not upgraded. 491s + grep -q trusty /etc/lsb-release 491s + [ ! -d /usr/share/doc/unattended-upgrades ] 491s + [ ! -d /usr/share/doc/lxd ] 491s + [ ! -d /usr/share/doc/lxd-client ] 491s + [ ! -d /usr/share/doc/snapd ] 491s + type iptables 491s + cat 491s + chmod 755 /etc/rc.local 491s + . /etc/rc.local 491s + iptables -w -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 491s + iptables -A OUTPUT -d 10.255.255.1/32 -p tcp -j DROP 491s + iptables -A OUTPUT -d 10.255.255.2/32 -p tcp -j DROP 491s + uname -m 491s + [ aarch64 = ppc64le ] 491s + [ -d /run/systemd/system ] 491s + systemd-detect-virt --quiet --vm 491s + mkdir -p /etc/systemd/system/systemd-random-seed.service.d/ 491s + cat 491s + grep -q lz4 /etc/initramfs-tools/initramfs.conf 491s + echo COMPRESS=lz4 491s autopkgtest [02:41:30]: upgrading testbed (apt dist-upgrade and autopurge) 491s Reading package lists... 491s Building dependency tree... 491s Reading state information... 492s Calculating upgrade...Starting pkgProblemResolver with broken count: 0 492s Starting 2 pkgProblemResolver with broken count: 0 492s Done 493s Entering ResolveByKeep 493s 493s The following packages were automatically installed and are no longer required: 493s python3.12 python3.12-minimal 493s Use 'sudo apt autoremove' to remove them. 494s The following NEW packages will be installed: 494s libpython3.13-minimal libpython3.13-stdlib python3.13 python3.13-minimal 494s The following packages have been kept back: 494s libnftables1 nftables 494s The following packages will be upgraded: 494s binutils binutils-aarch64-linux-gnu binutils-common gcc-14-base libatomic1 494s libbinutils libctf-nobfd0 libctf0 libgcc-s1 libgprofng0 libnss-systemd 494s libpam-systemd libpython3-stdlib libsframe1 libstdc++6 libsystemd-shared 494s libsystemd0 libudev1 libzstd1 linux-libc-dev linux-tools-common python3 494s python3-minimal systemd systemd-cryptsetup systemd-resolved systemd-sysv 494s systemd-timesyncd tzdata udev vim-common vim-tiny xxd zstd 494s 34 upgraded, 4 newly installed, 0 to remove and 2 not upgraded. 494s Need to get 26.1 MB of archives. 494s After this operation, 24.4 MB of additional disk space will be used. 494s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 libpython3.13-minimal arm64 3.13.1-2 [879 kB] 494s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 python3.13-minimal arm64 3.13.1-2 [2262 kB] 494s Get:3 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 python3-minimal arm64 3.13.1-1~exp2 [27.6 kB] 494s Get:4 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 python3 arm64 3.13.1-1~exp2 [23.9 kB] 494s Get:5 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 tzdata all 2024b-6ubuntu1 [197 kB] 494s Get:6 http://ftpmaster.internal/ubuntu plucky/main arm64 libpython3.13-stdlib arm64 3.13.1-2 [2061 kB] 494s Get:7 http://ftpmaster.internal/ubuntu plucky/main arm64 python3.13 arm64 3.13.1-2 [729 kB] 494s Get:8 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpython3-stdlib arm64 3.13.1-1~exp2 [10.2 kB] 494s Get:9 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 systemd-timesyncd arm64 257.1-7ubuntu1 [41.0 kB] 494s Get:10 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 systemd-resolved arm64 257.1-7ubuntu1 [313 kB] 494s Get:11 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 systemd-cryptsetup arm64 257.1-7ubuntu1 [121 kB] 494s Get:12 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsystemd-shared arm64 257.1-7ubuntu1 [2228 kB] 494s Get:13 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsystemd0 arm64 257.1-7ubuntu1 [517 kB] 494s Get:14 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 systemd-sysv arm64 257.1-7ubuntu1 [11.8 kB] 494s Get:15 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libnss-systemd arm64 257.1-7ubuntu1 [170 kB] 495s Get:16 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpam-systemd arm64 257.1-7ubuntu1 [254 kB] 495s Get:17 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 systemd arm64 257.1-7ubuntu1 [3456 kB] 495s Get:18 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 udev arm64 257.1-7ubuntu1 [1976 kB] 495s Get:19 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libudev1 arm64 257.1-7ubuntu1 [198 kB] 495s Get:20 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 gcc-14-base arm64 14.2.0-13ubuntu1 [53.0 kB] 495s Get:21 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libstdc++6 arm64 14.2.0-13ubuntu1 [748 kB] 495s Get:22 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libatomic1 arm64 14.2.0-13ubuntu1 [11.5 kB] 495s Get:23 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libgcc-s1 arm64 14.2.0-13ubuntu1 [61.8 kB] 495s Get:24 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libzstd1 arm64 1.5.6+dfsg-2 [279 kB] 495s Get:25 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 vim-tiny arm64 2:9.1.0967-1ubuntu1 [807 kB] 495s Get:26 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 vim-common all 2:9.1.0967-1ubuntu1 [396 kB] 495s Get:27 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 xxd arm64 2:9.1.0967-1ubuntu1 [67.7 kB] 495s Get:28 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libgprofng0 arm64 2.43.50.20250108-1ubuntu1 [779 kB] 495s Get:29 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libctf0 arm64 2.43.50.20250108-1ubuntu1 [99.0 kB] 495s Get:30 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libctf-nobfd0 arm64 2.43.50.20250108-1ubuntu1 [102 kB] 495s Get:31 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 binutils-aarch64-linux-gnu arm64 2.43.50.20250108-1ubuntu1 [3422 kB] 495s Get:32 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libbinutils arm64 2.43.50.20250108-1ubuntu1 [782 kB] 495s Get:33 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 binutils arm64 2.43.50.20250108-1ubuntu1 [3248 B] 495s Get:34 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 binutils-common arm64 2.43.50.20250108-1ubuntu1 [245 kB] 495s Get:35 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsframe1 arm64 2.43.50.20250108-1ubuntu1 [14.4 kB] 495s Get:36 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 linux-libc-dev arm64 6.11.0-9.9 [1642 kB] 495s Get:37 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 linux-tools-common all 6.11.0-9.9 [484 kB] 495s Get:38 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 zstd arm64 1.5.6+dfsg-2 [594 kB] 495s Preconfiguring packages ... 496s Fetched 26.1 MB in 1s (17.7 MB/s) 496s Selecting previously unselected package libpython3.13-minimal:arm64. 496s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80205 files and directories currently installed.) 496s Preparing to unpack .../libpython3.13-minimal_3.13.1-2_arm64.deb ... 496s Unpacking libpython3.13-minimal:arm64 (3.13.1-2) ... 496s Selecting previously unselected package python3.13-minimal. 496s Preparing to unpack .../python3.13-minimal_3.13.1-2_arm64.deb ... 496s Unpacking python3.13-minimal (3.13.1-2) ... 496s Setting up libpython3.13-minimal:arm64 (3.13.1-2) ... 496s Setting up python3.13-minimal (3.13.1-2) ... 497s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80525 files and directories currently installed.) 497s Preparing to unpack .../python3-minimal_3.13.1-1~exp2_arm64.deb ... 497s Unpacking python3-minimal (3.13.1-1~exp2) over (3.12.8-1) ... 497s Setting up python3-minimal (3.13.1-1~exp2) ... 497s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80525 files and directories currently installed.) 497s Preparing to unpack .../0-python3_3.13.1-1~exp2_arm64.deb ... 497s Unpacking python3 (3.13.1-1~exp2) over (3.12.8-1) ... 497s Preparing to unpack .../1-tzdata_2024b-6ubuntu1_all.deb ... 497s Unpacking tzdata (2024b-6ubuntu1) over (2024b-4ubuntu1) ... 498s Selecting previously unselected package libpython3.13-stdlib:arm64. 498s Preparing to unpack .../2-libpython3.13-stdlib_3.13.1-2_arm64.deb ... 498s Unpacking libpython3.13-stdlib:arm64 (3.13.1-2) ... 498s Selecting previously unselected package python3.13. 498s Preparing to unpack .../3-python3.13_3.13.1-2_arm64.deb ... 498s Unpacking python3.13 (3.13.1-2) ... 498s Preparing to unpack .../4-libpython3-stdlib_3.13.1-1~exp2_arm64.deb ... 498s Unpacking libpython3-stdlib:arm64 (3.13.1-1~exp2) over (3.12.8-1) ... 498s Preparing to unpack .../5-systemd-timesyncd_257.1-7ubuntu1_arm64.deb ... 498s Unpacking systemd-timesyncd (257.1-7ubuntu1) over (257-2ubuntu1) ... 498s Preparing to unpack .../6-systemd-resolved_257.1-7ubuntu1_arm64.deb ... 498s Unpacking systemd-resolved (257.1-7ubuntu1) over (257-2ubuntu1) ... 498s Preparing to unpack .../7-systemd-cryptsetup_257.1-7ubuntu1_arm64.deb ... 498s Unpacking systemd-cryptsetup (257.1-7ubuntu1) over (257-2ubuntu1) ... 498s Preparing to unpack .../8-libsystemd-shared_257.1-7ubuntu1_arm64.deb ... 498s Unpacking libsystemd-shared:arm64 (257.1-7ubuntu1) over (257-2ubuntu1) ... 498s Preparing to unpack .../9-libsystemd0_257.1-7ubuntu1_arm64.deb ... 498s Unpacking libsystemd0:arm64 (257.1-7ubuntu1) over (257-2ubuntu1) ... 498s Setting up libsystemd0:arm64 (257.1-7ubuntu1) ... 498s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80942 files and directories currently installed.) 498s Preparing to unpack .../0-systemd-sysv_257.1-7ubuntu1_arm64.deb ... 498s Unpacking systemd-sysv (257.1-7ubuntu1) over (257-2ubuntu1) ... 498s Preparing to unpack .../1-libnss-systemd_257.1-7ubuntu1_arm64.deb ... 498s Unpacking libnss-systemd:arm64 (257.1-7ubuntu1) over (257-2ubuntu1) ... 498s Preparing to unpack .../2-libpam-systemd_257.1-7ubuntu1_arm64.deb ... 498s Unpacking libpam-systemd:arm64 (257.1-7ubuntu1) over (257-2ubuntu1) ... 498s Preparing to unpack .../3-systemd_257.1-7ubuntu1_arm64.deb ... 498s Unpacking systemd (257.1-7ubuntu1) over (257-2ubuntu1) ... 499s Preparing to unpack .../4-udev_257.1-7ubuntu1_arm64.deb ... 499s Unpacking udev (257.1-7ubuntu1) over (257-2ubuntu1) ... 499s Preparing to unpack .../5-libudev1_257.1-7ubuntu1_arm64.deb ... 499s Unpacking libudev1:arm64 (257.1-7ubuntu1) over (257-2ubuntu1) ... 499s Setting up libudev1:arm64 (257.1-7ubuntu1) ... 499s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80943 files and directories currently installed.) 499s Preparing to unpack .../gcc-14-base_14.2.0-13ubuntu1_arm64.deb ... 499s Unpacking gcc-14-base:arm64 (14.2.0-13ubuntu1) over (14.2.0-12ubuntu1) ... 499s Setting up gcc-14-base:arm64 (14.2.0-13ubuntu1) ... 499s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80943 files and directories currently installed.) 499s Preparing to unpack .../libstdc++6_14.2.0-13ubuntu1_arm64.deb ... 499s Unpacking libstdc++6:arm64 (14.2.0-13ubuntu1) over (14.2.0-12ubuntu1) ... 499s Setting up libstdc++6:arm64 (14.2.0-13ubuntu1) ... 499s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80943 files and directories currently installed.) 499s Preparing to unpack .../libatomic1_14.2.0-13ubuntu1_arm64.deb ... 499s Unpacking libatomic1:arm64 (14.2.0-13ubuntu1) over (14.2.0-12ubuntu1) ... 499s Preparing to unpack .../libgcc-s1_14.2.0-13ubuntu1_arm64.deb ... 499s Unpacking libgcc-s1:arm64 (14.2.0-13ubuntu1) over (14.2.0-12ubuntu1) ... 499s Setting up libgcc-s1:arm64 (14.2.0-13ubuntu1) ... 499s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80943 files and directories currently installed.) 499s Preparing to unpack .../libzstd1_1.5.6+dfsg-2_arm64.deb ... 499s Unpacking libzstd1:arm64 (1.5.6+dfsg-2) over (1.5.6+dfsg-1) ... 499s Setting up libzstd1:arm64 (1.5.6+dfsg-2) ... 499s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80943 files and directories currently installed.) 499s Preparing to unpack .../00-vim-tiny_2%3a9.1.0967-1ubuntu1_arm64.deb ... 499s Unpacking vim-tiny (2:9.1.0967-1ubuntu1) over (2:9.1.0861-1ubuntu1) ... 499s Preparing to unpack .../01-vim-common_2%3a9.1.0967-1ubuntu1_all.deb ... 499s Unpacking vim-common (2:9.1.0967-1ubuntu1) over (2:9.1.0861-1ubuntu1) ... 499s Preparing to unpack .../02-xxd_2%3a9.1.0967-1ubuntu1_arm64.deb ... 499s Unpacking xxd (2:9.1.0967-1ubuntu1) over (2:9.1.0861-1ubuntu1) ... 500s Preparing to unpack .../03-libgprofng0_2.43.50.20250108-1ubuntu1_arm64.deb ... 500s Unpacking libgprofng0:arm64 (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 500s Preparing to unpack .../04-libctf0_2.43.50.20250108-1ubuntu1_arm64.deb ... 500s Unpacking libctf0:arm64 (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 500s Preparing to unpack .../05-libctf-nobfd0_2.43.50.20250108-1ubuntu1_arm64.deb ... 500s Unpacking libctf-nobfd0:arm64 (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 500s Preparing to unpack .../06-binutils-aarch64-linux-gnu_2.43.50.20250108-1ubuntu1_arm64.deb ... 500s Unpacking binutils-aarch64-linux-gnu (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 500s Preparing to unpack .../07-libbinutils_2.43.50.20250108-1ubuntu1_arm64.deb ... 500s Unpacking libbinutils:arm64 (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 500s Preparing to unpack .../08-binutils_2.43.50.20250108-1ubuntu1_arm64.deb ... 500s Unpacking binutils (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 500s Preparing to unpack .../09-binutils-common_2.43.50.20250108-1ubuntu1_arm64.deb ... 500s Unpacking binutils-common:arm64 (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 500s Preparing to unpack .../10-libsframe1_2.43.50.20250108-1ubuntu1_arm64.deb ... 500s Unpacking libsframe1:arm64 (2.43.50.20250108-1ubuntu1) over (2.43.50.20241230-1ubuntu1) ... 500s Preparing to unpack .../11-linux-libc-dev_6.11.0-9.9_arm64.deb ... 500s Unpacking linux-libc-dev:arm64 (6.11.0-9.9) over (6.11.0-8.8) ... 500s Preparing to unpack .../12-linux-tools-common_6.11.0-9.9_all.deb ... 500s Unpacking linux-tools-common (6.11.0-9.9) over (6.11.0-8.8) ... 500s Preparing to unpack .../13-zstd_1.5.6+dfsg-2_arm64.deb ... 500s Unpacking zstd (1.5.6+dfsg-2) over (1.5.6+dfsg-1) ... 500s Setting up binutils-common:arm64 (2.43.50.20250108-1ubuntu1) ... 500s Installing new version of config file /etc/gprofng.rc ... 500s Setting up linux-libc-dev:arm64 (6.11.0-9.9) ... 500s Setting up libctf-nobfd0:arm64 (2.43.50.20250108-1ubuntu1) ... 500s Setting up xxd (2:9.1.0967-1ubuntu1) ... 500s Setting up libsframe1:arm64 (2.43.50.20250108-1ubuntu1) ... 500s Setting up tzdata (2024b-6ubuntu1) ... 501s 501s Current default time zone: 'Etc/UTC' 501s Local time is now: Wed Jan 15 02:41:40 UTC 2025. 501s Universal Time is now: Wed Jan 15 02:41:40 UTC 2025. 501s Run 'dpkg-reconfigure tzdata' if you wish to change it. 501s 501s Setting up vim-common (2:9.1.0967-1ubuntu1) ... 501s Setting up libatomic1:arm64 (14.2.0-13ubuntu1) ... 501s Setting up libsystemd-shared:arm64 (257.1-7ubuntu1) ... 501s Setting up libbinutils:arm64 (2.43.50.20250108-1ubuntu1) ... 501s Setting up linux-tools-common (6.11.0-9.9) ... 501s Setting up libpython3.13-stdlib:arm64 (3.13.1-2) ... 501s Setting up zstd (1.5.6+dfsg-2) ... 501s Setting up libpython3-stdlib:arm64 (3.13.1-1~exp2) ... 501s Setting up libctf0:arm64 (2.43.50.20250108-1ubuntu1) ... 501s Setting up python3.13 (3.13.1-2) ... 502s Setting up python3 (3.13.1-1~exp2) ... 502s /usr/bin/py3clean:101: DeprecationWarning: glob.glob1 is deprecated and will be removed in Python 3.15. Use glob.glob and pass a directory to its root_dir argument instead. 502s for fn in glob1(directory, "%s.*" % fname): 502s Setting up systemd (257.1-7ubuntu1) ... 502s /usr/lib/tmpfiles.d/legacy.conf:14: Duplicate line for path "/run/lock", ignoring. 502s Created symlink '/run/systemd/system/tmp.mount' → '/dev/null'. 502s /usr/lib/tmpfiles.d/legacy.conf:14: Duplicate line for path "/run/lock", ignoring. 503s Setting up vim-tiny (2:9.1.0967-1ubuntu1) ... 503s Setting up libgprofng0:arm64 (2.43.50.20250108-1ubuntu1) ... 503s Setting up systemd-cryptsetup (257.1-7ubuntu1) ... 503s Setting up systemd-timesyncd (257.1-7ubuntu1) ... 503s systemd-time-wait-sync.service is a disabled or a static unit not running, not starting it. 503s Setting up udev (257.1-7ubuntu1) ... 504s Setting up systemd-resolved (257.1-7ubuntu1) ... 505s Setting up systemd-sysv (257.1-7ubuntu1) ... 505s Setting up libnss-systemd:arm64 (257.1-7ubuntu1) ... 505s Setting up binutils-aarch64-linux-gnu (2.43.50.20250108-1ubuntu1) ... 505s Setting up binutils (2.43.50.20250108-1ubuntu1) ... 505s Setting up libpam-systemd:arm64 (257.1-7ubuntu1) ... 505s Processing triggers for libc-bin (2.40-4ubuntu1) ... 505s Processing triggers for man-db (2.13.0-1) ... 507s Processing triggers for dbus (1.14.10-4ubuntu5) ... 507s Processing triggers for shared-mime-info (2.4-5) ... 507s Warning: program compiled against libxml 212 using older 209 507s Processing triggers for initramfs-tools (0.142ubuntu35) ... 507s update-initramfs: Generating /boot/initrd.img-6.11.0-8-generic 507s W: No lz4 in /usr/bin:/sbin:/bin, using gzip 524s System running in EFI mode, skipping. 524s Reading package lists... 525s Building dependency tree... 525s Reading state information... 525s Starting pkgProblemResolver with broken count: 0 525s Starting 2 pkgProblemResolver with broken count: 0 525s Done 526s The following packages will be REMOVED: 526s python3.12* python3.12-minimal* 526s 0 upgraded, 0 newly installed, 2 to remove and 2 not upgraded. 526s After this operation, 8710 kB disk space will be freed. 526s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80943 files and directories currently installed.) 526s Removing python3.12 (3.12.8-3) ... 526s Removing python3.12-minimal (3.12.8-3) ... 527s /usr/bin/py3clean:125: DeprecationWarning: glob.glob1 is deprecated and will be removed in Python 3.15. Use glob.glob and pass a directory to its root_dir argument instead. 527s for fn in glob1(directory, "%s.%s.py[co]" % (fname, magic_tag)): 527s Processing triggers for man-db (2.13.0-1) ... 527s Processing triggers for systemd (257.1-7ubuntu1) ... 528s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80915 files and directories currently installed.) 528s Purging configuration files for python3.12-minimal (3.12.8-3) ... 528s autopkgtest [02:42:07]: rebooting testbed after setup commands that affected boot 564s Reading package lists... 564s Building dependency tree... 564s Reading state information... 564s Starting pkgProblemResolver with broken count: 0 564s Starting 2 pkgProblemResolver with broken count: 0 565s Done 565s The following NEW packages will be installed: 565s gnutls-bin libavahi-client3 libavahi-common-data libavahi-common3 565s libbasicobjects0t64 libcares2 libcollection4t64 libcrack2 libdhash1t64 565s libevent-2.1-7t64 libgnutls-dane0t64 libini-config5t64 libipa-hbac0t64 565s libldb2 libnfsidmap1 libnss-sss libpam-pwquality libpam-sss 565s libpath-utils1t64 libpwquality-common libpwquality1 libref-array1t64 565s libsmbclient0 libsofthsm2 libsss-certmap0 libsss-idmap0 libsss-nss-idmap0 565s libtalloc2 libtdb1 libtevent0t64 libunbound8 libwbclient0 python3-sss 565s samba-libs softhsm2 softhsm2-common sssd sssd-ad sssd-ad-common sssd-common 565s sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy 566s 0 upgraded, 45 newly installed, 0 to remove and 2 not upgraded. 566s Need to get 10.4 MB of archives. 566s After this operation, 50.0 MB of additional disk space will be used. 566s Get:1 http://ftpmaster.internal/ubuntu plucky/main arm64 libevent-2.1-7t64 arm64 2.1.12-stable-10 [140 kB] 566s Get:2 http://ftpmaster.internal/ubuntu plucky/main arm64 libunbound8 arm64 1.20.0-1ubuntu2.1 [431 kB] 566s Get:3 http://ftpmaster.internal/ubuntu plucky/main arm64 libgnutls-dane0t64 arm64 3.8.8-2ubuntu1 [24.3 kB] 566s Get:4 http://ftpmaster.internal/ubuntu plucky/universe arm64 gnutls-bin arm64 3.8.8-2ubuntu1 [269 kB] 566s Get:5 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common-data arm64 0.8-14ubuntu1 [30.5 kB] 566s Get:6 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-common3 arm64 0.8-14ubuntu1 [23.1 kB] 566s Get:7 http://ftpmaster.internal/ubuntu plucky/main arm64 libavahi-client3 arm64 0.8-14ubuntu1 [27.3 kB] 566s Get:8 http://ftpmaster.internal/ubuntu plucky/main arm64 libbasicobjects0t64 arm64 0.6.2-3 [5882 B] 566s Get:9 http://ftpmaster.internal/ubuntu plucky/main arm64 libcares2 arm64 1.34.4-2.1 [100 kB] 566s Get:10 http://ftpmaster.internal/ubuntu plucky/main arm64 libcollection4t64 arm64 0.6.2-3 [23.6 kB] 566s Get:11 http://ftpmaster.internal/ubuntu plucky/main arm64 libcrack2 arm64 2.9.6-5.2 [28.9 kB] 566s Get:12 http://ftpmaster.internal/ubuntu plucky/main arm64 libdhash1t64 arm64 0.6.2-3 [8914 B] 566s Get:13 http://ftpmaster.internal/ubuntu plucky/main arm64 libpath-utils1t64 arm64 0.6.2-3 [9088 B] 566s Get:14 http://ftpmaster.internal/ubuntu plucky/main arm64 libref-array1t64 arm64 0.6.2-3 [7312 B] 566s Get:15 http://ftpmaster.internal/ubuntu plucky/main arm64 libini-config5t64 arm64 0.6.2-3 [44.4 kB] 566s Get:16 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libipa-hbac0t64 arm64 2.10.1-2ubuntu1 [18.4 kB] 566s Get:17 http://ftpmaster.internal/ubuntu plucky/main arm64 libtalloc2 arm64 2.4.2-1build2 [26.7 kB] 566s Get:18 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libtdb1 arm64 1.4.12-1build1 [49.0 kB] 566s Get:19 http://ftpmaster.internal/ubuntu plucky/main arm64 libtevent0t64 arm64 0.16.1-3 [42.3 kB] 566s Get:20 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libldb2 arm64 2:2.9.1+samba4.20.4+dfsg-1ubuntu5 [193 kB] 566s Get:21 http://ftpmaster.internal/ubuntu plucky/main arm64 libnfsidmap1 arm64 1:2.6.4-4ubuntu1 [48.3 kB] 566s Get:22 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality-common all 1.4.5-3build1 [7748 B] 566s Get:23 http://ftpmaster.internal/ubuntu plucky/main arm64 libpwquality1 arm64 1.4.5-3build1 [13.3 kB] 566s Get:24 http://ftpmaster.internal/ubuntu plucky/main arm64 libpam-pwquality arm64 1.4.5-3build1 [11.7 kB] 566s Get:25 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libwbclient0 arm64 2:4.20.4+dfsg-1ubuntu5 [76.7 kB] 566s Get:26 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 samba-libs arm64 2:4.20.4+dfsg-1ubuntu5 [6307 kB] 566s Get:27 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsmbclient0 arm64 2:4.20.4+dfsg-1ubuntu5 [62.8 kB] 566s Get:28 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libnss-sss arm64 2.10.1-2ubuntu1 [33.1 kB] 566s Get:29 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libpam-sss arm64 2.10.1-2ubuntu1 [50.4 kB] 566s Get:30 http://ftpmaster.internal/ubuntu plucky/universe arm64 softhsm2-common arm64 2.6.1-2.2ubuntu3 [6196 B] 566s Get:31 http://ftpmaster.internal/ubuntu plucky/universe arm64 libsofthsm2 arm64 2.6.1-2.2ubuntu3 [247 kB] 566s Get:32 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-certmap0 arm64 2.10.1-2ubuntu1 [47.7 kB] 566s Get:33 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-idmap0 arm64 2.10.1-2ubuntu1 [23.5 kB] 566s Get:34 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 libsss-nss-idmap0 arm64 2.10.1-2ubuntu1 [31.8 kB] 566s Get:35 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 python3-sss arm64 2.10.1-2ubuntu1 [46.6 kB] 566s Get:36 http://ftpmaster.internal/ubuntu plucky/universe arm64 softhsm2 arm64 2.6.1-2.2ubuntu3 [167 kB] 566s Get:37 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-common arm64 2.10.1-2ubuntu1 [1134 kB] 567s Get:38 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-ad-common arm64 2.10.1-2ubuntu1 [74.2 kB] 567s Get:39 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-krb5-common arm64 2.10.1-2ubuntu1 [90.0 kB] 567s Get:40 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-ad arm64 2.10.1-2ubuntu1 [136 kB] 567s Get:41 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-ipa arm64 2.10.1-2ubuntu1 [222 kB] 567s Get:42 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-krb5 arm64 2.10.1-2ubuntu1 [14.4 kB] 567s Get:43 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-ldap arm64 2.10.1-2ubuntu1 [31.8 kB] 567s Get:44 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd-proxy arm64 2.10.1-2ubuntu1 [44.3 kB] 567s Get:45 http://ftpmaster.internal/ubuntu plucky-proposed/main arm64 sssd arm64 2.10.1-2ubuntu1 [4118 B] 567s Fetched 10.4 MB in 1s (7420 kB/s) 567s Selecting previously unselected package libevent-2.1-7t64:arm64. 568s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 80915 files and directories currently installed.) 568s Preparing to unpack .../00-libevent-2.1-7t64_2.1.12-stable-10_arm64.deb ... 568s Unpacking libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 568s Selecting previously unselected package libunbound8:arm64. 568s Preparing to unpack .../01-libunbound8_1.20.0-1ubuntu2.1_arm64.deb ... 568s Unpacking libunbound8:arm64 (1.20.0-1ubuntu2.1) ... 568s Selecting previously unselected package libgnutls-dane0t64:arm64. 568s Preparing to unpack .../02-libgnutls-dane0t64_3.8.8-2ubuntu1_arm64.deb ... 568s Unpacking libgnutls-dane0t64:arm64 (3.8.8-2ubuntu1) ... 568s Selecting previously unselected package gnutls-bin. 568s Preparing to unpack .../03-gnutls-bin_3.8.8-2ubuntu1_arm64.deb ... 568s Unpacking gnutls-bin (3.8.8-2ubuntu1) ... 568s Selecting previously unselected package libavahi-common-data:arm64. 568s Preparing to unpack .../04-libavahi-common-data_0.8-14ubuntu1_arm64.deb ... 568s Unpacking libavahi-common-data:arm64 (0.8-14ubuntu1) ... 568s Selecting previously unselected package libavahi-common3:arm64. 568s Preparing to unpack .../05-libavahi-common3_0.8-14ubuntu1_arm64.deb ... 568s Unpacking libavahi-common3:arm64 (0.8-14ubuntu1) ... 568s Selecting previously unselected package libavahi-client3:arm64. 568s Preparing to unpack .../06-libavahi-client3_0.8-14ubuntu1_arm64.deb ... 568s Unpacking libavahi-client3:arm64 (0.8-14ubuntu1) ... 568s Selecting previously unselected package libbasicobjects0t64:arm64. 568s Preparing to unpack .../07-libbasicobjects0t64_0.6.2-3_arm64.deb ... 568s Unpacking libbasicobjects0t64:arm64 (0.6.2-3) ... 568s Selecting previously unselected package libcares2:arm64. 568s Preparing to unpack .../08-libcares2_1.34.4-2.1_arm64.deb ... 568s Unpacking libcares2:arm64 (1.34.4-2.1) ... 568s Selecting previously unselected package libcollection4t64:arm64. 568s Preparing to unpack .../09-libcollection4t64_0.6.2-3_arm64.deb ... 568s Unpacking libcollection4t64:arm64 (0.6.2-3) ... 568s Selecting previously unselected package libcrack2:arm64. 568s Preparing to unpack .../10-libcrack2_2.9.6-5.2_arm64.deb ... 568s Unpacking libcrack2:arm64 (2.9.6-5.2) ... 568s Selecting previously unselected package libdhash1t64:arm64. 568s Preparing to unpack .../11-libdhash1t64_0.6.2-3_arm64.deb ... 568s Unpacking libdhash1t64:arm64 (0.6.2-3) ... 568s Selecting previously unselected package libpath-utils1t64:arm64. 568s Preparing to unpack .../12-libpath-utils1t64_0.6.2-3_arm64.deb ... 568s Unpacking libpath-utils1t64:arm64 (0.6.2-3) ... 568s Selecting previously unselected package libref-array1t64:arm64. 568s Preparing to unpack .../13-libref-array1t64_0.6.2-3_arm64.deb ... 568s Unpacking libref-array1t64:arm64 (0.6.2-3) ... 568s Selecting previously unselected package libini-config5t64:arm64. 568s Preparing to unpack .../14-libini-config5t64_0.6.2-3_arm64.deb ... 568s Unpacking libini-config5t64:arm64 (0.6.2-3) ... 568s Selecting previously unselected package libipa-hbac0t64. 568s Preparing to unpack .../15-libipa-hbac0t64_2.10.1-2ubuntu1_arm64.deb ... 568s Unpacking libipa-hbac0t64 (2.10.1-2ubuntu1) ... 568s Selecting previously unselected package libtalloc2:arm64. 568s Preparing to unpack .../16-libtalloc2_2.4.2-1build2_arm64.deb ... 568s Unpacking libtalloc2:arm64 (2.4.2-1build2) ... 568s Selecting previously unselected package libtdb1:arm64. 568s Preparing to unpack .../17-libtdb1_1.4.12-1build1_arm64.deb ... 568s Unpacking libtdb1:arm64 (1.4.12-1build1) ... 568s Selecting previously unselected package libtevent0t64:arm64. 568s Preparing to unpack .../18-libtevent0t64_0.16.1-3_arm64.deb ... 568s Unpacking libtevent0t64:arm64 (0.16.1-3) ... 568s Selecting previously unselected package libldb2:arm64. 568s Preparing to unpack .../19-libldb2_2%3a2.9.1+samba4.20.4+dfsg-1ubuntu5_arm64.deb ... 568s Unpacking libldb2:arm64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu5) ... 568s Selecting previously unselected package libnfsidmap1:arm64. 568s Preparing to unpack .../20-libnfsidmap1_1%3a2.6.4-4ubuntu1_arm64.deb ... 568s Unpacking libnfsidmap1:arm64 (1:2.6.4-4ubuntu1) ... 568s Selecting previously unselected package libpwquality-common. 568s Preparing to unpack .../21-libpwquality-common_1.4.5-3build1_all.deb ... 568s Unpacking libpwquality-common (1.4.5-3build1) ... 568s Selecting previously unselected package libpwquality1:arm64. 568s Preparing to unpack .../22-libpwquality1_1.4.5-3build1_arm64.deb ... 568s Unpacking libpwquality1:arm64 (1.4.5-3build1) ... 568s Selecting previously unselected package libpam-pwquality:arm64. 568s Preparing to unpack .../23-libpam-pwquality_1.4.5-3build1_arm64.deb ... 568s Unpacking libpam-pwquality:arm64 (1.4.5-3build1) ... 569s Selecting previously unselected package libwbclient0:arm64. 569s Preparing to unpack .../24-libwbclient0_2%3a4.20.4+dfsg-1ubuntu5_arm64.deb ... 569s Unpacking libwbclient0:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 569s Selecting previously unselected package samba-libs:arm64. 569s Preparing to unpack .../25-samba-libs_2%3a4.20.4+dfsg-1ubuntu5_arm64.deb ... 569s Unpacking samba-libs:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 569s Selecting previously unselected package libsmbclient0:arm64. 569s Preparing to unpack .../26-libsmbclient0_2%3a4.20.4+dfsg-1ubuntu5_arm64.deb ... 569s Unpacking libsmbclient0:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 569s Selecting previously unselected package libnss-sss:arm64. 569s Preparing to unpack .../27-libnss-sss_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking libnss-sss:arm64 (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package libpam-sss:arm64. 569s Preparing to unpack .../28-libpam-sss_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking libpam-sss:arm64 (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package softhsm2-common. 569s Preparing to unpack .../29-softhsm2-common_2.6.1-2.2ubuntu3_arm64.deb ... 569s Unpacking softhsm2-common (2.6.1-2.2ubuntu3) ... 569s Selecting previously unselected package libsofthsm2. 569s Preparing to unpack .../30-libsofthsm2_2.6.1-2.2ubuntu3_arm64.deb ... 569s Unpacking libsofthsm2 (2.6.1-2.2ubuntu3) ... 569s Selecting previously unselected package libsss-certmap0. 569s Preparing to unpack .../31-libsss-certmap0_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking libsss-certmap0 (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package libsss-idmap0. 569s Preparing to unpack .../32-libsss-idmap0_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking libsss-idmap0 (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package libsss-nss-idmap0. 569s Preparing to unpack .../33-libsss-nss-idmap0_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking libsss-nss-idmap0 (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package python3-sss. 569s Preparing to unpack .../34-python3-sss_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking python3-sss (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package softhsm2. 569s Preparing to unpack .../35-softhsm2_2.6.1-2.2ubuntu3_arm64.deb ... 569s Unpacking softhsm2 (2.6.1-2.2ubuntu3) ... 569s Selecting previously unselected package sssd-common. 569s Preparing to unpack .../36-sssd-common_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking sssd-common (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package sssd-ad-common. 569s Preparing to unpack .../37-sssd-ad-common_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking sssd-ad-common (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package sssd-krb5-common. 569s Preparing to unpack .../38-sssd-krb5-common_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking sssd-krb5-common (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package sssd-ad. 569s Preparing to unpack .../39-sssd-ad_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking sssd-ad (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package sssd-ipa. 569s Preparing to unpack .../40-sssd-ipa_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking sssd-ipa (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package sssd-krb5. 569s Preparing to unpack .../41-sssd-krb5_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking sssd-krb5 (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package sssd-ldap. 569s Preparing to unpack .../42-sssd-ldap_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking sssd-ldap (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package sssd-proxy. 569s Preparing to unpack .../43-sssd-proxy_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking sssd-proxy (2.10.1-2ubuntu1) ... 569s Selecting previously unselected package sssd. 569s Preparing to unpack .../44-sssd_2.10.1-2ubuntu1_arm64.deb ... 569s Unpacking sssd (2.10.1-2ubuntu1) ... 570s Setting up libpwquality-common (1.4.5-3build1) ... 570s Setting up softhsm2-common (2.6.1-2.2ubuntu3) ... 570s Creating config file /etc/softhsm/softhsm2.conf with new version 570s Setting up libnfsidmap1:arm64 (1:2.6.4-4ubuntu1) ... 570s Setting up libsss-idmap0 (2.10.1-2ubuntu1) ... 570s Setting up libbasicobjects0t64:arm64 (0.6.2-3) ... 570s Setting up libipa-hbac0t64 (2.10.1-2ubuntu1) ... 570s Setting up libref-array1t64:arm64 (0.6.2-3) ... 570s Setting up libtdb1:arm64 (1.4.12-1build1) ... 570s Setting up libcollection4t64:arm64 (0.6.2-3) ... 570s Setting up libevent-2.1-7t64:arm64 (2.1.12-stable-10) ... 570s Setting up libwbclient0:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 570s Setting up libtalloc2:arm64 (2.4.2-1build2) ... 570s Setting up libpath-utils1t64:arm64 (0.6.2-3) ... 570s Setting up libunbound8:arm64 (1.20.0-1ubuntu2.1) ... 570s Setting up libgnutls-dane0t64:arm64 (3.8.8-2ubuntu1) ... 570s Setting up libavahi-common-data:arm64 (0.8-14ubuntu1) ... 570s Setting up libcares2:arm64 (1.34.4-2.1) ... 570s Setting up libdhash1t64:arm64 (0.6.2-3) ... 570s Setting up libcrack2:arm64 (2.9.6-5.2) ... 570s Setting up libsss-nss-idmap0 (2.10.1-2ubuntu1) ... 570s Setting up libini-config5t64:arm64 (0.6.2-3) ... 570s Setting up libtevent0t64:arm64 (0.16.1-3) ... 570s Setting up libnss-sss:arm64 (2.10.1-2ubuntu1) ... 570s Setting up gnutls-bin (3.8.8-2ubuntu1) ... 570s Setting up libsofthsm2 (2.6.1-2.2ubuntu3) ... 570s Setting up softhsm2 (2.6.1-2.2ubuntu3) ... 570s Setting up libavahi-common3:arm64 (0.8-14ubuntu1) ... 570s Setting up libsss-certmap0 (2.10.1-2ubuntu1) ... 570s Setting up libpwquality1:arm64 (1.4.5-3build1) ... 570s Setting up libldb2:arm64 (2:2.9.1+samba4.20.4+dfsg-1ubuntu5) ... 570s Setting up libavahi-client3:arm64 (0.8-14ubuntu1) ... 570s Setting up libpam-pwquality:arm64 (1.4.5-3build1) ... 570s Setting up samba-libs:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 570s Setting up python3-sss (2.10.1-2ubuntu1) ... 570s Setting up libsmbclient0:arm64 (2:4.20.4+dfsg-1ubuntu5) ... 570s Setting up libpam-sss:arm64 (2.10.1-2ubuntu1) ... 570s Setting up sssd-common (2.10.1-2ubuntu1) ... 570s Creating SSSD system user & group... 571s warn: The home directory `/var/lib/sss' already exists. Not touching this directory. 571s warn: Warning: The home directory `/var/lib/sss' does not belong to the user you are currently creating. 571s Warning: found usr.sbin.sssd in /etc/apparmor.d/force-complain, forcing complain mode 571s Warning from /etc/apparmor.d/usr.sbin.sssd (/etc/apparmor.d/usr.sbin.sssd line 63): Caching disabled for: 'usr.sbin.sssd' due to force complain 571s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-autofs.socket' → '/usr/lib/systemd/system/sssd-autofs.socket'. 571s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-nss.socket' → '/usr/lib/systemd/system/sssd-nss.socket'. 572s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pam.socket' → '/usr/lib/systemd/system/sssd-pam.socket'. 572s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-ssh.socket' → '/usr/lib/systemd/system/sssd-ssh.socket'. 572s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-sudo.socket' → '/usr/lib/systemd/system/sssd-sudo.socket'. 573s Created symlink '/etc/systemd/system/multi-user.target.wants/sssd.service' → '/usr/lib/systemd/system/sssd.service'. 573s sssd-autofs.service is a disabled or a static unit, not starting it. 573s sssd-nss.service is a disabled or a static unit, not starting it. 573s sssd-pam.service is a disabled or a static unit, not starting it. 573s sssd-ssh.service is a disabled or a static unit, not starting it. 573s sssd-sudo.service is a disabled or a static unit, not starting it. 573s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 573s Setting up sssd-proxy (2.10.1-2ubuntu1) ... 573s Setting up sssd-ad-common (2.10.1-2ubuntu1) ... 573s Created symlink '/etc/systemd/system/sssd.service.wants/sssd-pac.socket' → '/usr/lib/systemd/system/sssd-pac.socket'. 574s sssd-pac.service is a disabled or a static unit, not starting it. 574s Could not execute systemctl: at /usr/bin/deb-systemd-invoke line 148. 574s Setting up sssd-krb5-common (2.10.1-2ubuntu1) ... 574s Setting up sssd-krb5 (2.10.1-2ubuntu1) ... 574s Setting up sssd-ldap (2.10.1-2ubuntu1) ... 574s Setting up sssd-ad (2.10.1-2ubuntu1) ... 574s Setting up sssd-ipa (2.10.1-2ubuntu1) ... 574s Setting up sssd (2.10.1-2ubuntu1) ... 574s Processing triggers for man-db (2.13.0-1) ... 575s Processing triggers for libc-bin (2.40-4ubuntu1) ... 586s autopkgtest [02:43:05]: test sssd-softhism2-certificates-tests.sh: [----------------------- 586s + '[' -z ubuntu ']' 586s + required_tools=(p11tool openssl softhsm2-util) 586s + for cmd in "${required_tools[@]}" 586s + command -v p11tool 586s + for cmd in "${required_tools[@]}" 586s + command -v openssl 586s + for cmd in "${required_tools[@]}" 586s + command -v softhsm2-util 586s + PIN=053350 586s +++ head -n 1 586s +++ find /usr/lib/softhsm/libsofthsm2.so 586s ++ realpath /usr/lib/softhsm/libsofthsm2.so 586s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 586s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 586s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 586s + '[' '!' -v NO_SSSD_TESTS ']' 586s + '[' '!' -x /usr/libexec/sssd/p11_child ']' 586s + ca_db_arg=ca_db 586s ++ /usr/libexec/sssd/p11_child --help 586s + p11_child_help='Usage: p11_child [OPTION...] 586s -d, --debug-level=INT Debug level 586s --debug-timestamps=INT Add debug timestamps 586s --debug-microseconds=INT Show timestamps with microseconds 586s --dumpable=INT Allow core dumps 586s --backtrace=INT Enable debug backtrace 586s --debug-fd=INT An open file descriptor for the debug 586s logs 586s --logger=stderr|files|journald Set logger 586s --auth Run in auth mode 586s --pre Run in pre-auth mode 586s --wait_for_card Wait until card is available 586s --verification Run in verification mode 586s --pin Expect PIN on stdin 586s --keypad Expect PIN on keypad 586s --verify=STRING Tune validation 586s --ca_db=STRING CA DB to use 586s --module_name=STRING Module name for authentication 586s --token_name=STRING Token name for authentication 586s --key_id=STRING Key ID for authentication 586s --label=STRING Label for authentication 586s --certificate=STRING certificate to verify, base64 encoded 586s --uri=STRING PKCS#11 URI to restrict selection 586s --chain-id=LONG Tevent chain ID used for logging 586s purposes 586s 586s Help options: 586s -?, --help Show this help message 586s --usage Display brief usage message' 586s + echo 'Usage: p11_child [OPTION...] 586s -d, --debug-level=INT Debug level 586s --debug-timestamps=INT Add debug timestamps 586s --debug-microseconds=INT Show timestamps with microseconds 586s --dumpable=INT Allow core dumps 586s --backtrace=INT Enable debug backtrace 586s --debug-fd=INT An open file descriptor for the debug 586s logs 586s --logger=stderr|files|journald Set logger 586s --auth Run in auth mode 586s --pre Run in pre-auth mode 586s --wait_for_card Wait until card is available 586s --verification Run in verification mode 586s --pin Expect PIN on stdin 586s --keypad Expect PIN on keypad 586s --verify=STRING Tune validation 586s --ca_db=STRING CA DB to use 586s --module_name=STRING Module name for authentication 586s --token_name=STRING Token name for authentication 586s --key_id=STRING Key ID for authentication 586s --label=STRING Label for authentication 586s --certificate=STRING certificate to verify, base64 encoded 586s --uri=STRING PKCS#11 URI to restrict selection 586s --chain-id=LONG Tevent chain ID used for logging 586s purposes 586s 586s Help options: 586s -?, --help Show this help message 586s --usage Display brief usage message' 586s + grep nssdb -qs 586s + echo 'Usage: p11_child [OPTION...] 586s -d, --debug-level=INT Debug level 586s --debug-timestamps=INT Add debug timestamps 586s --debug-microseconds=INT Show timestamps with microseconds 586s --dumpable=INT Allow core dumps 586s --backtrace=INT Enable debug backtrace 586s --debug-fd=INT An open file descriptor for the debug 586s logs 586s --logger=stderr|files|journald Set logger 586s --auth Run in auth mode 586s --pre Run in pre-auth mode 586s --wait_for_card Wait until card is available 586s --verification Run in verification mode 586s --pin Expect PIN on stdin 586s --keypad Expect PIN on keypad 586s --verify=STRING Tune validation 586s --ca_db=STRING CA DB to use 586s --module_name=STRING Module name for authentication 586s --token_name=STRING Token name for authentication 586s --key_id=STRING Key ID for authentication 586s --label=STRING Label for authentication 586s --certificate=STRING certificate to verify, base64 encoded 586s --uri=STRING PKCS#11 URI to restrict selection 586s --chain-id=LONG Tevent chain ID used for logging 586s purposes 586s 586s Help options: 586s -?, --help Show this help message 586s --usage Display brief usage message' 586s + grep -qs -- --ca_db 586s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 586s ++ mktemp -d -t sssd-softhsm2-XXXXXX 586s + tmpdir=/tmp/sssd-softhsm2-usUgTg 586s + keys_size=1024 586s + [[ ! -v KEEP_TEMPORARY_FILES ]] 586s + trap 'rm -rf "$tmpdir"' EXIT 586s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 586s + echo -n 01 586s + touch /tmp/sssd-softhsm2-usUgTg/index.txt 586s + mkdir -p /tmp/sssd-softhsm2-usUgTg/new_certs 586s + cat 586s + root_ca_key_pass=pass:random-root-CA-password-16730 586s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-usUgTg/test-root-CA-key.pem -passout pass:random-root-CA-password-16730 1024 586s + openssl req -passin pass:random-root-CA-password-16730 -batch -config /tmp/sssd-softhsm2-usUgTg/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-usUgTg/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 586s + openssl x509 -noout -in /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 586s + cat 586s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-29984 586s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-29984 1024 586s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-29984 -config /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.config -key /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-16730 -sha256 -out /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-certificate-request.pem 586s + openssl req -text -noout -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-certificate-request.pem 586s Certificate Request: 586s Data: 586s Version: 1 (0x0) 586s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 586s Subject Public Key Info: 586s Public Key Algorithm: rsaEncryption 586s Public-Key: (1024 bit) 586s Modulus: 586s 00:eb:bc:ae:44:29:44:77:27:8b:e2:97:e6:2a:cd: 586s 14:70:de:52:00:a2:cf:fa:89:a4:bb:4e:e4:7c:e1: 586s af:79:d5:ac:2f:f3:8c:85:20:e0:48:b2:a3:c8:cf: 586s ac:78:7a:cf:d3:0b:99:38:68:86:9e:31:8b:b6:46: 586s 88:26:68:df:e0:33:59:9e:6e:c1:7f:83:bc:88:90: 586s ff:6f:d5:ff:54:d6:64:d8:1c:15:f8:cf:a5:a3:c4: 586s b5:9c:f0:3d:af:01:5f:7a:d3:10:56:7e:10:11:67: 586s ba:fe:db:67:4c:66:7a:3d:53:fe:52:30:a2:1c:2e: 586s 58:c4:ab:5c:6e:ab:59:eb:85 586s Exponent: 65537 (0x10001) 586s Attributes: 586s (none) 586s Requested Extensions: 586s Signature Algorithm: sha256WithRSAEncryption 586s Signature Value: 586s 54:f8:6c:c1:a0:af:01:0b:f4:f8:44:09:3f:35:3a:c4:72:ec: 586s 36:79:eb:b6:9b:fa:5a:d4:4f:55:c3:01:89:4a:bf:38:b8:4e: 586s 1d:f0:11:fd:8e:d0:40:a9:36:a7:a4:44:08:98:8e:0a:2a:93: 586s 8d:93:5e:2f:fe:78:60:a2:8d:c9:e1:25:e6:e3:b4:ad:28:19: 586s 77:01:cc:10:72:93:36:8d:01:c5:20:9c:af:a5:bb:1d:fe:a7: 586s 09:44:b9:fa:54:c7:df:76:f3:ea:10:25:a8:a3:9d:c4:63:c0: 586s 30:b2:eb:46:22:e1:11:f9:16:4e:07:3d:d3:54:a6:ac:4e:8c: 586s 3f:52 586s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-usUgTg/test-root-CA.config -passin pass:random-root-CA-password-16730 -keyfile /tmp/sssd-softhsm2-usUgTg/test-root-CA-key.pem -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 586s Using configuration from /tmp/sssd-softhsm2-usUgTg/test-root-CA.config 586s Check that the request matches the signature 586s Signature ok 586s Certificate Details: 586s Serial Number: 1 (0x1) 586s Validity 586s Not Before: Jan 15 02:43:05 2025 GMT 586s Not After : Jan 15 02:43:05 2026 GMT 586s Subject: 586s organizationName = Test Organization 586s organizationalUnitName = Test Organization Unit 586s commonName = Test Organization Intermediate CA 586s X509v3 extensions: 586s X509v3 Subject Key Identifier: 586s 08:1A:09:08:63:20:52:FC:7E:9F:2C:FD:3C:2C:F1:33:A3:42:50:E3 586s X509v3 Authority Key Identifier: 586s keyid:92:A5:1E:AF:49:BD:5C:38:F9:AF:53:0A:C8:0E:BC:59:83:C0:98:F2 586s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 586s serial:00 586s X509v3 Basic Constraints: 586s CA:TRUE 586s X509v3 Key Usage: critical 586s Digital Signature, Certificate Sign, CRL Sign 586s Certificate is to be certified until Jan 15 02:43:05 2026 GMT (365 days) 586s 586s Write out database with 1 new entries 586s Database updated 586s + openssl x509 -noout -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 586s + openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 586s /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem: OK 586s + cat 586s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-25208 586s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-25208 1024 586s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-25208 -config /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-29984 -sha256 -out /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-certificate-request.pem 586s + openssl req -text -noout -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-certificate-request.pem 586s Certificate Request: 586s Data: 586s Version: 1 (0x0) 586s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 586s Subject Public Key Info: 586s Public Key Algorithm: rsaEncryption 586s Public-Key: (1024 bit) 586s Modulus: 586s 00:c3:ff:8d:ad:ae:26:fe:de:eb:40:62:38:7b:a3: 586s 55:09:ee:0a:dc:64:1e:a2:14:29:60:c2:87:90:3d: 586s 87:c0:5b:ce:8f:85:5d:d4:8a:53:a7:32:ce:cd:d9: 586s 50:58:44:bf:fd:ac:50:23:b5:36:61:bb:6b:3c:d5: 586s da:c3:54:3e:7b:29:2f:43:32:bd:fc:cd:85:2b:5d: 586s 67:46:52:87:15:f9:88:44:6f:10:3b:b6:97:88:2a: 586s 36:c8:52:6a:a7:af:f4:be:2d:78:c6:e0:eb:75:20: 586s ca:6e:e2:0c:8a:9b:6c:c9:69:80:20:eb:df:4b:9b: 586s 7e:00:47:56:a9:15:a0:0f:03 586s Exponent: 65537 (0x10001) 586s Attributes: 586s (none) 586s Requested Extensions: 586s Signature Algorithm: sha256WithRSAEncryption 586s Signature Value: 586s 70:b6:45:d1:2d:24:7f:7b:da:51:fa:f8:59:c7:dc:ec:88:50: 586s 6f:59:6f:23:93:ae:4b:fb:5a:1d:ad:f6:30:bf:eb:1f:1f:bc: 586s 54:1b:3a:e6:03:e0:79:a9:4a:4c:1a:96:06:21:d5:6e:ab:4a: 586s 48:9e:56:7f:82:f9:58:eb:c0:83:b6:e0:2c:53:a8:bd:6d:1b: 586s 8f:37:af:91:e4:e7:3e:ab:b8:1f:5f:f1:d5:d5:9d:94:73:ec: 586s 00:59:74:59:d2:da:df:8c:76:44:65:6f:0e:9b:5e:b8:b4:a5: 586s b6:af:b9:77:26:39:03:64:1f:59:73:35:c6:46:df:55:98:72: 586s 4f:01 586s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-29984 -keyfile /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 586s Using configuration from /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.config 586s Check that the request matches the signature 586s Signature ok 586s Certificate Details: 586s Serial Number: 2 (0x2) 586s Validity 586s Not Before: Jan 15 02:43:05 2025 GMT 586s Not After : Jan 15 02:43:05 2026 GMT 586s Subject: 586s organizationName = Test Organization 586s organizationalUnitName = Test Organization Unit 586s commonName = Test Organization Sub Intermediate CA 586s X509v3 extensions: 586s X509v3 Subject Key Identifier: 586s 2B:FA:2B:4E:FA:DB:40:B8:13:BC:29:31:F7:98:A0:66:9D:5E:51:C0 586s X509v3 Authority Key Identifier: 586s keyid:08:1A:09:08:63:20:52:FC:7E:9F:2C:FD:3C:2C:F1:33:A3:42:50:E3 586s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 586s serial:01 586s X509v3 Basic Constraints: 586s CA:TRUE 586s X509v3 Key Usage: critical 586s Digital Signature, Certificate Sign, CRL Sign 586s Certificate is to be certified until Jan 15 02:43:05 2026 GMT (365 days) 586s 586s Write out database with 1 new entries 586s Database updated 586s + openssl x509 -noout -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 586s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 586s /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem: OK 586s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 586s + local cmd=openssl 586s + shift 586s + openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 586s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 586s error 20 at 0 depth lookup: unable to get local issuer certificate 586s error /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem: verification failed 586s + cat 586s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-7176 586s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-7176 1024 586s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-7176 -key /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001-request.pem 586s Certificate Request: 586s Data: 586s Version: 1 (0x0) 586s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 586s Subject Public Key Info: 586s Public Key Algorithm: rsaEncryption 586s Public-Key: (1024 bit) 586s Modulus: 586s 00:d6:7d:70:76:5a:9d:b1:d1:86:19:2f:88:d6:05: 586s ff:2f:d5:dc:88:9e:cc:c5:67:c4:0e:50:3c:6f:04: 586s a8:4d:fe:bb:00:09:71:ae:3b:24:ad:39:07:e2:02: 586s 88:44:36:98:1f:d3:20:78:a8:1f:dd:16:d6:5e:01: 586s 38:3f:c7:ba:3b:a8:5a:ce:f2:42:58:81:8e:d7:49: 586s 4e:0d:bb:ba:21:87:82:4d:50:90:86:06:d0:36:a9: 586s d5:d6:59:98:81:ec:5a:38:fd:81:23:81:ef:99:e6: 586s 2d:4c:56:08:4a:01:9a:d0:56:39:4b:bd:03:89:13: 586s 3f:86:52:f6:0a:94:b0:7a:81 586s Exponent: 65537 (0x10001) 586s Attributes: 586s Requested Extensions: 586s X509v3 Basic Constraints: 586s CA:FALSE 586s Netscape Cert Type: 586s SSL Client, S/MIME 586s Netscape Comment: 586s Test Organization Root CA trusted Certificate 586s X509v3 Subject Key Identifier: 586s CC:88:4D:B3:6C:6D:A9:DA:6A:AE:CC:05:E5:8B:82:C6:1D:CC:C2:2F 586s X509v3 Key Usage: critical 586s Digital Signature, Non Repudiation, Key Encipherment 586s X509v3 Extended Key Usage: 586s TLS Web Client Authentication, E-mail Protection 586s X509v3 Subject Alternative Name: 586s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 586s Signature Algorithm: sha256WithRSAEncryption 586s Signature Value: 586s 3e:26:e0:35:dc:ad:17:95:f8:b1:39:0a:dd:09:63:4b:74:3c: 586s 2a:f8:3b:7f:29:5d:5d:16:0e:fa:48:a7:45:ae:0a:dc:7b:54: 586s 87:d1:36:a6:2b:56:4a:8c:df:7e:d0:b4:57:06:93:7b:94:05: 586s b7:b2:04:b3:ae:f8:52:d8:39:36:8a:03:2d:fc:1b:5d:66:4a: 586s cf:ab:ad:92:6f:c8:1f:8a:aa:ca:5c:f2:ff:8c:32:5c:20:5d: 586s 8e:6c:9d:30:17:96:c7:db:3a:de:f0:c9:06:58:59:f4:b7:ee: 586s 50:10:0d:26:73:80:14:a1:4f:f6:53:8d:b3:ed:40:da:85:a1: 586s 2b:55 586s + openssl req -text -noout -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001-request.pem 586s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-usUgTg/test-root-CA.config -passin pass:random-root-CA-password-16730 -keyfile /tmp/sssd-softhsm2-usUgTg/test-root-CA-key.pem -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 586s Using configuration from /tmp/sssd-softhsm2-usUgTg/test-root-CA.config 586s Check that the request matches the signature 586s Signature ok 586s Certificate Details: 586s Serial Number: 3 (0x3) 586s Validity 586s Not Before: Jan 15 02:43:05 2025 GMT 586s Not After : Jan 15 02:43:05 2026 GMT 586s Subject: 586s organizationName = Test Organization 586s organizationalUnitName = Test Organization Unit 586s commonName = Test Organization Root Trusted Certificate 0001 586s X509v3 extensions: 586s X509v3 Authority Key Identifier: 586s 92:A5:1E:AF:49:BD:5C:38:F9:AF:53:0A:C8:0E:BC:59:83:C0:98:F2 586s X509v3 Basic Constraints: 586s CA:FALSE 586s Netscape Cert Type: 586s SSL Client, S/MIME 586s Netscape Comment: 586s Test Organization Root CA trusted Certificate 586s X509v3 Subject Key Identifier: 586s CC:88:4D:B3:6C:6D:A9:DA:6A:AE:CC:05:E5:8B:82:C6:1D:CC:C2:2F 586s X509v3 Key Usage: critical 586s Digital Signature, Non Repudiation, Key Encipherment 586s X509v3 Extended Key Usage: 586s TLS Web Client Authentication, E-mail Protection 586s X509v3 Subject Alternative Name: 586s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 586s Certificate is to be certified until Jan 15 02:43:05 2026 GMT (365 days) 586s 586s Write out database with 1 new entries 586s Database updated 586s + openssl x509 -noout -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 586s + openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 586s /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem: OK 586s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 586s + local cmd=openssl 586s + shift 586s + openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 586s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 586s error 20 at 0 depth lookup: unable to get local issuer certificate 586s error /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem: verification failed 586s + cat 586s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 586s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-23015 1024 586s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-23015 -key /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001-request.pem 586s Certificate Request: 586s Data: 586s Version: 1 (0x0) 586s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 586s Subject Public Key Info: 586s Public Key Algorithm: rsaEncryption 586s Public-Key: (1024 bit) 586s Modulus: 586s 00:bb:9e:b0:22:d7:92:4d:93:13:77:ac:90:f0:11: 586s 80:c1:8d:95:a5:3b:46:14:a5:fc:60:f1:71:9d:59: 586s 7b:90:13:60:4d:8f:9a:0c:9a:2c:ae:46:f7:99:0c: 586s c2:99:8c:5a:ae:5e:8a:b0:02:eb:d3:21:4a:e4:e6: 586s 06:e0:de:a3:4e:b1:db:f5:c3:dc:4e:2c:b4:12:27: 586s 59:e1:53:12:89:84:70:9b:1a:14:2f:5e:0c:79:8c: 586s 28:aa:1b:6a:04:48:ef:45:9b:f5:ad:48:a8:d1:d9: 586s fb:63:29:46:87:56:06:99:4a:5a:9d:2b:65:ca:47: 586s 7d:77:65:0a:ac:59:b7:d1:53 586s Exponent: 65537 (0x10001) 586s Attributes: 586s Requested Extensions: 586s X509v3 Basic Constraints: 586s CA:FALSE 586s Netscape Cert Type: 586s SSL Client, S/MIME 586s Netscape Comment: 586s Test Organization Intermediate CA trusted Certificate 586s X509v3 Subject Key Identifier: 586s CE:F1:90:9B:82:E8:16:A8:57:46:3B:1F:CA:B6:BE:F9:6D:CF:E5:87 586s X509v3 Key Usage: critical 586s Digital Signature, Non Repudiation, Key Encipherment 586s X509v3 Extended Key Usage: 586s TLS Web Client Authentication, E-mail Protection 586s X509v3 Subject Alternative Name: 586s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 586s Signature Algorithm: sha256WithRSAEncryption 586s Signature Value: 586s 9a:22:f5:c6:07:8b:13:e6:54:02:62:ce:3f:0c:6d:8b:c8:5b: 586s 68:87:04:9b:a1:ef:64:db:93:7c:e4:89:cc:92:b0:99:ed:8e: 586s 1f:0b:5a:af:ab:82:23:0b:f6:6c:ed:9b:cb:1a:c6:49:82:e2: 586s 4e:c1:cc:8b:16:ec:a7:b9:28:0d:7c:39:16:fe:da:d3:c3:66: 586s 37:9b:b0:99:1b:56:21:46:6f:28:fb:1f:8c:12:a3:3d:b4:39: 586s 5f:4b:bf:0d:52:67:2e:e1:88:4e:d9:cd:52:82:c5:ae:7a:f4: 586s 42:51:93:94:41:aa:a1:ad:30:40:95:9e:63:92:22:e1:25:e3: 586s 6b:2a 586s + openssl req -text -noout -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001-request.pem 586s + openssl ca -passin pass:random-intermediate-CA-password-29984 -config /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 586s Using configuration from /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.config 586s Check that the request matches the signature 586s Signature ok 586s Certificate Details: 586s Serial Number: 4 (0x4) 586s Validity 586s Not Before: Jan 15 02:43:05 2025 GMT 586s Not After : Jan 15 02:43:05 2026 GMT 586s Subject: 586s organizationName = Test Organization 586s organizationalUnitName = Test Organization Unit 586s commonName = Test Organization Intermediate Trusted Certificate 0001 586s X509v3 extensions: 586s X509v3 Authority Key Identifier: 586s 08:1A:09:08:63:20:52:FC:7E:9F:2C:FD:3C:2C:F1:33:A3:42:50:E3 586s X509v3 Basic Constraints: 586s CA:FALSE 586s Netscape Cert Type: 586s SSL Client, S/MIME 586s Netscape Comment: 586s Test Organization Intermediate CA trusted Certificate 586s X509v3 Subject Key Identifier: 586s CE:F1:90:9B:82:E8:16:A8:57:46:3B:1F:CA:B6:BE:F9:6D:CF:E5:87 586s X509v3 Key Usage: critical 586s Digital Signature, Non Repudiation, Key Encipherment 586s X509v3 Extended Key Usage: 586s TLS Web Client Authentication, E-mail Protection 586s X509v3 Subject Alternative Name: 586s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 586s Certificate is to be certified until Jan 15 02:43:05 2026 GMT (365 days) 586s 586s Write out database with 1 new entries 586s Database updated 586s + openssl x509 -noout -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 586s This certificate should not be trusted fully 586s + echo 'This certificate should not be trusted fully' 586s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 586s + local cmd=openssl 586s + shift 586s + openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 586s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 586s error 2 at 1 depth lookup: unable to get issuer certificate 586s error /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 586s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 586s /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem: OK 586s + cat 586s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 586s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-8796 1024 587s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-8796 -key /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 587s + openssl req -text -noout -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 587s Certificate Request: 587s Data: 587s Version: 1 (0x0) 587s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 587s Subject Public Key Info: 587s Public Key Algorithm: rsaEncryption 587s Public-Key: (1024 bit) 587s Modulus: 587s 00:c1:1c:ad:ca:c2:20:ee:10:14:5c:d2:9c:00:ea: 587s 4d:40:8c:e5:7a:0e:53:c8:b0:ea:b8:ab:18:25:4b: 587s 4f:b4:78:6a:50:7b:60:a7:ea:d7:fe:89:fc:ff:01: 587s b0:9a:0a:ca:14:e4:21:a5:06:04:42:24:27:9e:2c: 587s 4e:de:39:66:76:cf:23:08:71:75:c0:86:ad:ed:f2: 587s 53:4a:0d:a2:eb:ea:fb:5c:66:8b:06:a9:43:bb:b2: 587s 14:70:cb:bb:6c:f2:a9:03:bd:f5:34:08:df:d2:27: 587s 4a:ba:50:04:b4:85:35:db:cd:16:6a:c4:66:bb:86: 587s 11:88:de:0c:9e:e0:35:74:85 587s Exponent: 65537 (0x10001) 587s Attributes: 587s Requested Extensions: 587s X509v3 Basic Constraints: 587s CA:FALSE 587s Netscape Cert Type: 587s SSL Client, S/MIME 587s Netscape Comment: 587s Test Organization Sub Intermediate CA trusted Certificate 587s X509v3 Subject Key Identifier: 587s 2E:4C:F1:F8:CD:11:FB:A8:A7:7F:A0:6D:39:36:22:11:7B:6B:0B:60 587s X509v3 Key Usage: critical 587s Digital Signature, Non Repudiation, Key Encipherment 587s X509v3 Extended Key Usage: 587s TLS Web Client Authentication, E-mail Protection 587s X509v3 Subject Alternative Name: 587s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 587s Signature Algorithm: sha256WithRSAEncryption 587s Signature Value: 587s 66:84:e2:fe:ed:74:cc:b4:ab:57:c8:32:ac:5c:3c:ea:fc:97: 587s 24:65:5f:4a:99:0b:43:b3:f8:9f:05:7c:af:bc:1f:33:a6:6c: 587s 01:40:81:4e:1c:54:8d:b0:84:be:be:5d:16:16:7e:9b:04:2c: 587s ec:44:05:38:e4:1d:c9:f0:8e:ac:cc:22:e1:0a:16:e8:62:4a: 587s f2:da:bb:11:7f:82:c4:03:ed:0d:95:4e:ec:ef:fa:ca:49:d7: 587s a1:7a:4d:f9:f7:66:ad:59:df:3f:69:01:32:99:ce:f5:1c:fd: 587s 3a:7c:f8:3f:98:f6:4a:ba:19:d0:cb:c6:93:1f:d4:3a:a5:fd: 587s 2b:de 587s + openssl ca -passin pass:random-sub-intermediate-CA-password-25208 -config /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 587s Using configuration from /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.config 587s Check that the request matches the signature 587s Signature ok 587s Certificate Details: 587s Serial Number: 5 (0x5) 587s Validity 587s Not Before: Jan 15 02:43:06 2025 GMT 587s Not After : Jan 15 02:43:06 2026 GMT 587s Subject: 587s organizationName = Test Organization 587s organizationalUnitName = Test Organization Unit 587s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 587s X509v3 extensions: 587s X509v3 Authority Key Identifier: 587s 2B:FA:2B:4E:FA:DB:40:B8:13:BC:29:31:F7:98:A0:66:9D:5E:51:C0 587s X509v3 Basic Constraints: 587s CA:FALSE 587s Netscape Cert Type: 587s SSL Client, S/MIME 587s Netscape Comment: 587s Test Organization Sub Intermediate CA trusted Certificate 587s X509v3 Subject Key Identifier: 587s 2E:4C:F1:F8:CD:11:FB:A8:A7:7F:A0:6D:39:36:22:11:7B:6B:0B:60 587s X509v3 Key Usage: critical 587s Digital Signature, Non Repudiation, Key Encipherment 587s X509v3 Extended Key Usage: 587s TLS Web Client Authentication, E-mail Protection 587s X509v3 Subject Alternative Name: 587s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 587s Certificate is to be certified until Jan 15 02:43:06 2026 GMT (365 days) 587s 587s Write out database with 1 new entries 587s Database updated 587s + openssl x509 -noout -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 587s This certificate should not be trusted fully 587s + echo 'This certificate should not be trusted fully' 587s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 587s + local cmd=openssl 587s + shift 587s + openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 587s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 587s error 2 at 1 depth lookup: unable to get issuer certificate 587s error /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 587s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 587s + local cmd=openssl 587s + shift 587s + openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 587s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 587s error 20 at 0 depth lookup: unable to get local issuer certificate 587s error /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 587s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 587s /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 587s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 587s + local cmd=openssl 587s + shift 587s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 587s Building a the full-chain CA file... 587s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 587s error 20 at 0 depth lookup: unable to get local issuer certificate 587s error /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 587s + echo 'Building a the full-chain CA file...' 587s + cat /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 587s + cat /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 587s + cat /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 587s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 587s + openssl pkcs7 -print_certs -noout 587s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 587s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 587s 587s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 587s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 587s 587s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 587s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 587s 587s + openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 587s /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem: OK 587s + openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 587s /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem: OK 587s /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem: OK 587s + openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem /tmp/sssd-softhsm2-usUgTg/test-root-intermediate-chain-CA.pem 587s /tmp/sssd-softhsm2-usUgTg/test-root-intermediate-chain-CA.pem: OK 587s + openssl verify -CAfile /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 587s /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 587s Certificates generation completed! 587s + echo 'Certificates generation completed!' 587s + [[ -v NO_SSSD_TESTS ]] 587s + invalid_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /dev/null 587s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /dev/null 587s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 587s + local key_ring=/dev/null 587s + local verify_option= 587s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 587s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 587s + local key_cn 587s + local key_name 587s + local tokens_dir 587s + local output_cert_file 587s + token_name= 587s ++ basename /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem .pem 587s + key_name=test-root-CA-trusted-certificate-0001 587s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s ++ sed -n 's/ *commonName *= //p' 587s + key_cn='Test Organization Root Trusted Certificate 0001' 587s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 587s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 587s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 587s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 587s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 587s + token_name='Test Organization Root Tr Token' 587s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 587s + local key_file 587s + local decrypted_key 587s + mkdir -p /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 587s + key_file=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001-key.pem 587s + decrypted_key=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001-key-decrypted.pem 587s + cat 587s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 053350 --so-pin 053350 --free 587s Slot 0 has a free/uninitialized token. 587s The token has been initialized and is reassigned to slot 1611932897 587s + softhsm2-util --show-slots 587s Available slots: 587s Slot 1611932897 587s Slot info: 587s Description: SoftHSM slot ID 0x601424e1 587s Manufacturer ID: SoftHSM project 587s Hardware version: 2.6 587s Firmware version: 2.6 587s Token present: yes 587s Token info: 587s Manufacturer ID: SoftHSM project 587s Model: SoftHSM v2 587s Hardware version: 2.6 587s Firmware version: 2.6 587s Serial number: ab9919ec601424e1 587s Initialized: yes 587s User PIN init.: yes 587s Label: Test Organization Root Tr Token 587s Slot 1 587s Slot info: 587s Description: SoftHSM slot ID 0x1 587s Manufacturer ID: SoftHSM project 587s Hardware version: 2.6 587s Firmware version: 2.6 587s Token present: yes 587s Token info: 587s Manufacturer ID: SoftHSM project 587s Model: SoftHSM v2 587s Hardware version: 2.6 587s Firmware version: 2.6 587s Serial number: 587s Initialized: no 587s User PIN init.: no 587s Label: 587s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 587s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-7176 -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001-key-decrypted.pem 587s writing RSA key 587s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 587s + rm /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001-key-decrypted.pem 587s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 587s Object 0: 587s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab9919ec601424e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 587s Type: X.509 Certificate (RSA-1024) 587s Expires: Thu Jan 15 02:43:05 2026 587s Label: Test Organization Root Trusted Certificate 0001 587s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 587s 587s Test Organization Root Tr Token 587s + echo 'Test Organization Root Tr Token' 587s + '[' -n '' ']' 587s + local output_base_name=SSSD-child-4871 587s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-4871.output 587s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-4871.pem 587s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 587s [p11_child[2140]] [main] (0x0400): p11_child started. 587s [p11_child[2140]] [main] (0x2000): Running in [pre-auth] mode. 587s [p11_child[2140]] [main] (0x2000): Running with effective IDs: [0][0]. 587s [p11_child[2140]] [main] (0x2000): Running with real IDs [0][0]. 587s [p11_child[2140]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 587s [p11_child[2140]] [do_work] (0x0040): init_verification failed. 587s [p11_child[2140]] [main] (0x0020): p11_child failed (5) 587s + return 2 587s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /dev/null no_verification 587s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /dev/null no_verification 587s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 587s + local key_ring=/dev/null 587s + local verify_option=no_verification 587s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 587s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 587s + local key_cn 587s + local key_name 587s + local tokens_dir 587s + local output_cert_file 587s + token_name= 587s ++ basename /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem .pem 587s + key_name=test-root-CA-trusted-certificate-0001 587s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s ++ sed -n 's/ *commonName *= //p' 587s + key_cn='Test Organization Root Trusted Certificate 0001' 587s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 587s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 587s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 587s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 587s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 587s Test Organization Root Tr Token 587s + token_name='Test Organization Root Tr Token' 587s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 587s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 ']' 587s + echo 'Test Organization Root Tr Token' 587s + '[' -n no_verification ']' 587s + local verify_arg=--verify=no_verification 587s + local output_base_name=SSSD-child-8230 587s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-8230.output 587s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-8230.pem 587s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 587s [p11_child[2146]] [main] (0x0400): p11_child started. 587s [p11_child[2146]] [main] (0x2000): Running in [pre-auth] mode. 587s [p11_child[2146]] [main] (0x2000): Running with effective IDs: [0][0]. 587s [p11_child[2146]] [main] (0x2000): Running with real IDs [0][0]. 587s [p11_child[2146]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 587s [p11_child[2146]] [do_card] (0x4000): Module List: 587s [p11_child[2146]] [do_card] (0x4000): common name: [softhsm2]. 587s [p11_child[2146]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2146]] [do_card] (0x4000): Description [SoftHSM slot ID 0x601424e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 587s [p11_child[2146]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 587s [p11_child[2146]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x601424e1][1611932897] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2146]] [do_card] (0x4000): Login NOT required. 587s [p11_child[2146]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 587s [p11_child[2146]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 587s [p11_child[2146]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x601424e1;slot-manufacturer=SoftHSM%20project;slot-id=1611932897;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab9919ec601424e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 587s [p11_child[2146]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 587s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-8230.output 587s + echo '-----BEGIN CERTIFICATE-----' 587s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-8230.output 587s + echo '-----END CERTIFICATE-----' 587s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-8230.pem 587s Certificate: 587s Data: 587s Version: 3 (0x2) 587s Serial Number: 3 (0x3) 587s Signature Algorithm: sha256WithRSAEncryption 587s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 587s Validity 587s Not Before: Jan 15 02:43:05 2025 GMT 587s Not After : Jan 15 02:43:05 2026 GMT 587s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 587s Subject Public Key Info: 587s Public Key Algorithm: rsaEncryption 587s Public-Key: (1024 bit) 587s Modulus: 587s 00:d6:7d:70:76:5a:9d:b1:d1:86:19:2f:88:d6:05: 587s ff:2f:d5:dc:88:9e:cc:c5:67:c4:0e:50:3c:6f:04: 587s a8:4d:fe:bb:00:09:71:ae:3b:24:ad:39:07:e2:02: 587s 88:44:36:98:1f:d3:20:78:a8:1f:dd:16:d6:5e:01: 587s 38:3f:c7:ba:3b:a8:5a:ce:f2:42:58:81:8e:d7:49: 587s 4e:0d:bb:ba:21:87:82:4d:50:90:86:06:d0:36:a9: 587s d5:d6:59:98:81:ec:5a:38:fd:81:23:81:ef:99:e6: 587s 2d:4c:56:08:4a:01:9a:d0:56:39:4b:bd:03:89:13: 587s 3f:86:52:f6:0a:94:b0:7a:81 587s Exponent: 65537 (0x10001) 587s X509v3 extensions: 587s X509v3 Authority Key Identifier: 587s 92:A5:1E:AF:49:BD:5C:38:F9:AF:53:0A:C8:0E:BC:59:83:C0:98:F2 587s X509v3 Basic Constraints: 587s CA:FALSE 587s Netscape Cert Type: 587s SSL Client, S/MIME 587s Netscape Comment: 587s Test Organization Root CA trusted Certificate 587s X509v3 Subject Key Identifier: 587s CC:88:4D:B3:6C:6D:A9:DA:6A:AE:CC:05:E5:8B:82:C6:1D:CC:C2:2F 587s X509v3 Key Usage: critical 587s Digital Signature, Non Repudiation, Key Encipherment 587s X509v3 Extended Key Usage: 587s TLS Web Client Authentication, E-mail Protection 587s X509v3 Subject Alternative Name: 587s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 587s Signature Algorithm: sha256WithRSAEncryption 587s Signature Value: 587s ba:72:03:fd:b6:00:7b:c5:ff:b1:5d:03:51:fb:60:f3:1a:7b: 587s a3:9a:20:d6:8a:b6:82:31:be:b2:3e:b5:5b:ed:ae:a7:48:d8: 587s c6:1f:fc:5c:6c:6b:b6:bb:72:91:66:9a:08:78:f7:13:c6:bf: 587s 41:64:99:6f:f8:b4:b1:67:9f:94:4e:99:9b:12:b4:98:57:bf: 587s bd:f5:be:4a:95:01:ba:78:28:80:95:c3:12:9c:8d:07:7d:e7: 587s b4:bd:33:0c:98:7a:e9:00:3e:7c:1d:0a:c3:73:c3:28:bb:09: 587s a7:df:ae:1d:11:51:de:c5:f3:a5:99:51:1f:64:5b:c8:f5:80: 587s ea:8e 587s + local found_md5 expected_md5 587s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + expected_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 587s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-8230.pem 587s + found_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 587s + '[' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 '!=' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 ']' 587s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-8230-auth.output 587s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-8230-auth.output .output 587s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-8230-auth.pem 587s + echo -n 053350 587s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 587s [p11_child[2154]] [main] (0x0400): p11_child started. 587s [p11_child[2154]] [main] (0x2000): Running in [auth] mode. 587s [p11_child[2154]] [main] (0x2000): Running with effective IDs: [0][0]. 587s [p11_child[2154]] [main] (0x2000): Running with real IDs [0][0]. 587s [p11_child[2154]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 587s [p11_child[2154]] [do_card] (0x4000): Module List: 587s [p11_child[2154]] [do_card] (0x4000): common name: [softhsm2]. 587s [p11_child[2154]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2154]] [do_card] (0x4000): Description [SoftHSM slot ID 0x601424e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 587s [p11_child[2154]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 587s [p11_child[2154]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x601424e1][1611932897] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2154]] [do_card] (0x4000): Login required. 587s [p11_child[2154]] [do_card] (0x4000): Token flags [1069]. 587s [p11_child[2154]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 587s [p11_child[2154]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 587s [p11_child[2154]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x601424e1;slot-manufacturer=SoftHSM%20project;slot-id=1611932897;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab9919ec601424e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 587s [p11_child[2154]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 587s [p11_child[2154]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 587s [p11_child[2154]] [do_card] (0x4000): Certificate verified and validated. 587s [p11_child[2154]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 587s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-8230-auth.output 587s + echo '-----BEGIN CERTIFICATE-----' 587s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-8230-auth.output 587s + echo '-----END CERTIFICATE-----' 587s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-8230-auth.pem 587s Certificate: 587s Data: 587s Version: 3 (0x2) 587s Serial Number: 3 (0x3) 587s Signature Algorithm: sha256WithRSAEncryption 587s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 587s Validity 587s Not Before: Jan 15 02:43:05 2025 GMT 587s Not After : Jan 15 02:43:05 2026 GMT 587s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 587s Subject Public Key Info: 587s Public Key Algorithm: rsaEncryption 587s Public-Key: (1024 bit) 587s Modulus: 587s 00:d6:7d:70:76:5a:9d:b1:d1:86:19:2f:88:d6:05: 587s ff:2f:d5:dc:88:9e:cc:c5:67:c4:0e:50:3c:6f:04: 587s a8:4d:fe:bb:00:09:71:ae:3b:24:ad:39:07:e2:02: 587s 88:44:36:98:1f:d3:20:78:a8:1f:dd:16:d6:5e:01: 587s 38:3f:c7:ba:3b:a8:5a:ce:f2:42:58:81:8e:d7:49: 587s 4e:0d:bb:ba:21:87:82:4d:50:90:86:06:d0:36:a9: 587s d5:d6:59:98:81:ec:5a:38:fd:81:23:81:ef:99:e6: 587s 2d:4c:56:08:4a:01:9a:d0:56:39:4b:bd:03:89:13: 587s 3f:86:52:f6:0a:94:b0:7a:81 587s Exponent: 65537 (0x10001) 587s X509v3 extensions: 587s X509v3 Authority Key Identifier: 587s 92:A5:1E:AF:49:BD:5C:38:F9:AF:53:0A:C8:0E:BC:59:83:C0:98:F2 587s X509v3 Basic Constraints: 587s CA:FALSE 587s Netscape Cert Type: 587s SSL Client, S/MIME 587s Netscape Comment: 587s Test Organization Root CA trusted Certificate 587s X509v3 Subject Key Identifier: 587s CC:88:4D:B3:6C:6D:A9:DA:6A:AE:CC:05:E5:8B:82:C6:1D:CC:C2:2F 587s X509v3 Key Usage: critical 587s Digital Signature, Non Repudiation, Key Encipherment 587s X509v3 Extended Key Usage: 587s TLS Web Client Authentication, E-mail Protection 587s X509v3 Subject Alternative Name: 587s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 587s Signature Algorithm: sha256WithRSAEncryption 587s Signature Value: 587s ba:72:03:fd:b6:00:7b:c5:ff:b1:5d:03:51:fb:60:f3:1a:7b: 587s a3:9a:20:d6:8a:b6:82:31:be:b2:3e:b5:5b:ed:ae:a7:48:d8: 587s c6:1f:fc:5c:6c:6b:b6:bb:72:91:66:9a:08:78:f7:13:c6:bf: 587s 41:64:99:6f:f8:b4:b1:67:9f:94:4e:99:9b:12:b4:98:57:bf: 587s bd:f5:be:4a:95:01:ba:78:28:80:95:c3:12:9c:8d:07:7d:e7: 587s b4:bd:33:0c:98:7a:e9:00:3e:7c:1d:0a:c3:73:c3:28:bb:09: 587s a7:df:ae:1d:11:51:de:c5:f3:a5:99:51:1f:64:5b:c8:f5:80: 587s ea:8e 587s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-8230-auth.pem 587s + found_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 587s + '[' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 '!=' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 ']' 587s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 587s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 587s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 587s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 587s + local verify_option= 587s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 587s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 587s + local key_cn 587s + local key_name 587s + local tokens_dir 587s + local output_cert_file 587s + token_name= 587s ++ basename /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem .pem 587s + key_name=test-root-CA-trusted-certificate-0001 587s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s ++ sed -n 's/ *commonName *= //p' 587s + key_cn='Test Organization Root Trusted Certificate 0001' 587s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 587s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 587s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 587s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 587s Test Organization Root Tr Token 587s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 587s + token_name='Test Organization Root Tr Token' 587s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 587s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 ']' 587s + echo 'Test Organization Root Tr Token' 587s + '[' -n '' ']' 587s + local output_base_name=SSSD-child-27336 587s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-27336.output 587s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-27336.pem 587s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 587s [p11_child[2164]] [main] (0x0400): p11_child started. 587s [p11_child[2164]] [main] (0x2000): Running in [pre-auth] mode. 587s [p11_child[2164]] [main] (0x2000): Running with effective IDs: [0][0]. 587s [p11_child[2164]] [main] (0x2000): Running with real IDs [0][0]. 587s [p11_child[2164]] [do_card] (0x4000): Module List: 587s [p11_child[2164]] [do_card] (0x4000): common name: [softhsm2]. 587s [p11_child[2164]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2164]] [do_card] (0x4000): Description [SoftHSM slot ID 0x601424e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 587s [p11_child[2164]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 587s [p11_child[2164]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x601424e1][1611932897] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2164]] [do_card] (0x4000): Login NOT required. 587s [p11_child[2164]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 587s [p11_child[2164]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 587s [p11_child[2164]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 587s [p11_child[2164]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x601424e1;slot-manufacturer=SoftHSM%20project;slot-id=1611932897;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab9919ec601424e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 587s [p11_child[2164]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 587s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-27336.output 587s + echo '-----BEGIN CERTIFICATE-----' 587s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-27336.output 587s + echo '-----END CERTIFICATE-----' 587s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-27336.pem 587s Certificate: 587s Data: 587s Version: 3 (0x2) 587s Serial Number: 3 (0x3) 587s Signature Algorithm: sha256WithRSAEncryption 587s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 587s Validity 587s Not Before: Jan 15 02:43:05 2025 GMT 587s Not After : Jan 15 02:43:05 2026 GMT 587s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 587s Subject Public Key Info: 587s Public Key Algorithm: rsaEncryption 587s Public-Key: (1024 bit) 587s Modulus: 587s 00:d6:7d:70:76:5a:9d:b1:d1:86:19:2f:88:d6:05: 587s ff:2f:d5:dc:88:9e:cc:c5:67:c4:0e:50:3c:6f:04: 587s a8:4d:fe:bb:00:09:71:ae:3b:24:ad:39:07:e2:02: 587s 88:44:36:98:1f:d3:20:78:a8:1f:dd:16:d6:5e:01: 587s 38:3f:c7:ba:3b:a8:5a:ce:f2:42:58:81:8e:d7:49: 587s 4e:0d:bb:ba:21:87:82:4d:50:90:86:06:d0:36:a9: 587s d5:d6:59:98:81:ec:5a:38:fd:81:23:81:ef:99:e6: 587s 2d:4c:56:08:4a:01:9a:d0:56:39:4b:bd:03:89:13: 587s 3f:86:52:f6:0a:94:b0:7a:81 587s Exponent: 65537 (0x10001) 587s X509v3 extensions: 587s X509v3 Authority Key Identifier: 587s 92:A5:1E:AF:49:BD:5C:38:F9:AF:53:0A:C8:0E:BC:59:83:C0:98:F2 587s X509v3 Basic Constraints: 587s CA:FALSE 587s Netscape Cert Type: 587s SSL Client, S/MIME 587s Netscape Comment: 587s Test Organization Root CA trusted Certificate 587s X509v3 Subject Key Identifier: 587s CC:88:4D:B3:6C:6D:A9:DA:6A:AE:CC:05:E5:8B:82:C6:1D:CC:C2:2F 587s X509v3 Key Usage: critical 587s Digital Signature, Non Repudiation, Key Encipherment 587s X509v3 Extended Key Usage: 587s TLS Web Client Authentication, E-mail Protection 587s X509v3 Subject Alternative Name: 587s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 587s Signature Algorithm: sha256WithRSAEncryption 587s Signature Value: 587s ba:72:03:fd:b6:00:7b:c5:ff:b1:5d:03:51:fb:60:f3:1a:7b: 587s a3:9a:20:d6:8a:b6:82:31:be:b2:3e:b5:5b:ed:ae:a7:48:d8: 587s c6:1f:fc:5c:6c:6b:b6:bb:72:91:66:9a:08:78:f7:13:c6:bf: 587s 41:64:99:6f:f8:b4:b1:67:9f:94:4e:99:9b:12:b4:98:57:bf: 587s bd:f5:be:4a:95:01:ba:78:28:80:95:c3:12:9c:8d:07:7d:e7: 587s b4:bd:33:0c:98:7a:e9:00:3e:7c:1d:0a:c3:73:c3:28:bb:09: 587s a7:df:ae:1d:11:51:de:c5:f3:a5:99:51:1f:64:5b:c8:f5:80: 587s ea:8e 587s + local found_md5 expected_md5 587s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + expected_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 587s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-27336.pem 587s + found_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 587s + '[' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 '!=' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 ']' 587s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-27336-auth.output 587s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-27336-auth.output .output 587s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-27336-auth.pem 587s + echo -n 053350 587s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 587s [p11_child[2172]] [main] (0x0400): p11_child started. 587s [p11_child[2172]] [main] (0x2000): Running in [auth] mode. 587s [p11_child[2172]] [main] (0x2000): Running with effective IDs: [0][0]. 587s [p11_child[2172]] [main] (0x2000): Running with real IDs [0][0]. 587s [p11_child[2172]] [do_card] (0x4000): Module List: 587s [p11_child[2172]] [do_card] (0x4000): common name: [softhsm2]. 587s [p11_child[2172]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2172]] [do_card] (0x4000): Description [SoftHSM slot ID 0x601424e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 587s [p11_child[2172]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 587s [p11_child[2172]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x601424e1][1611932897] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2172]] [do_card] (0x4000): Login required. 587s [p11_child[2172]] [do_card] (0x4000): Token flags [1069]. 587s [p11_child[2172]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 587s [p11_child[2172]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 587s [p11_child[2172]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 587s [p11_child[2172]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x601424e1;slot-manufacturer=SoftHSM%20project;slot-id=1611932897;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab9919ec601424e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 587s [p11_child[2172]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 587s [p11_child[2172]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 587s [p11_child[2172]] [do_card] (0x4000): Certificate verified and validated. 587s [p11_child[2172]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 587s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-27336-auth.output 587s + echo '-----BEGIN CERTIFICATE-----' 587s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-27336-auth.output 587s + echo '-----END CERTIFICATE-----' 587s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-27336-auth.pem 587s Certificate: 587s Data: 587s Version: 3 (0x2) 587s Serial Number: 3 (0x3) 587s Signature Algorithm: sha256WithRSAEncryption 587s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 587s Validity 587s Not Before: Jan 15 02:43:05 2025 GMT 587s Not After : Jan 15 02:43:05 2026 GMT 587s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 587s Subject Public Key Info: 587s Public Key Algorithm: rsaEncryption 587s Public-Key: (1024 bit) 587s Modulus: 587s 00:d6:7d:70:76:5a:9d:b1:d1:86:19:2f:88:d6:05: 587s ff:2f:d5:dc:88:9e:cc:c5:67:c4:0e:50:3c:6f:04: 587s a8:4d:fe:bb:00:09:71:ae:3b:24:ad:39:07:e2:02: 587s 88:44:36:98:1f:d3:20:78:a8:1f:dd:16:d6:5e:01: 587s 38:3f:c7:ba:3b:a8:5a:ce:f2:42:58:81:8e:d7:49: 587s 4e:0d:bb:ba:21:87:82:4d:50:90:86:06:d0:36:a9: 587s d5:d6:59:98:81:ec:5a:38:fd:81:23:81:ef:99:e6: 587s 2d:4c:56:08:4a:01:9a:d0:56:39:4b:bd:03:89:13: 587s 3f:86:52:f6:0a:94:b0:7a:81 587s Exponent: 65537 (0x10001) 587s X509v3 extensions: 587s X509v3 Authority Key Identifier: 587s 92:A5:1E:AF:49:BD:5C:38:F9:AF:53:0A:C8:0E:BC:59:83:C0:98:F2 587s X509v3 Basic Constraints: 587s CA:FALSE 587s Netscape Cert Type: 587s SSL Client, S/MIME 587s Netscape Comment: 587s Test Organization Root CA trusted Certificate 587s X509v3 Subject Key Identifier: 587s CC:88:4D:B3:6C:6D:A9:DA:6A:AE:CC:05:E5:8B:82:C6:1D:CC:C2:2F 587s X509v3 Key Usage: critical 587s Digital Signature, Non Repudiation, Key Encipherment 587s X509v3 Extended Key Usage: 587s TLS Web Client Authentication, E-mail Protection 587s X509v3 Subject Alternative Name: 587s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 587s Signature Algorithm: sha256WithRSAEncryption 587s Signature Value: 587s ba:72:03:fd:b6:00:7b:c5:ff:b1:5d:03:51:fb:60:f3:1a:7b: 587s a3:9a:20:d6:8a:b6:82:31:be:b2:3e:b5:5b:ed:ae:a7:48:d8: 587s c6:1f:fc:5c:6c:6b:b6:bb:72:91:66:9a:08:78:f7:13:c6:bf: 587s 41:64:99:6f:f8:b4:b1:67:9f:94:4e:99:9b:12:b4:98:57:bf: 587s bd:f5:be:4a:95:01:ba:78:28:80:95:c3:12:9c:8d:07:7d:e7: 587s b4:bd:33:0c:98:7a:e9:00:3e:7c:1d:0a:c3:73:c3:28:bb:09: 587s a7:df:ae:1d:11:51:de:c5:f3:a5:99:51:1f:64:5b:c8:f5:80: 587s ea:8e 587s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-27336-auth.pem 587s + found_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 587s + '[' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 '!=' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 ']' 587s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem partial_chain 587s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem partial_chain 587s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 587s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 587s + local verify_option=partial_chain 587s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 587s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 587s + local key_cn 587s + local key_name 587s + local tokens_dir 587s + local output_cert_file 587s + token_name= 587s ++ basename /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem .pem 587s + key_name=test-root-CA-trusted-certificate-0001 587s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s ++ sed -n 's/ *commonName *= //p' 587s Test Organization Root Tr Token 587s + key_cn='Test Organization Root Trusted Certificate 0001' 587s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 587s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 587s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 587s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 587s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 587s + token_name='Test Organization Root Tr Token' 587s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 587s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 ']' 587s + echo 'Test Organization Root Tr Token' 587s + '[' -n partial_chain ']' 587s + local verify_arg=--verify=partial_chain 587s + local output_base_name=SSSD-child-31630 587s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-31630.output 587s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-31630.pem 587s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 587s [p11_child[2182]] [main] (0x0400): p11_child started. 587s [p11_child[2182]] [main] (0x2000): Running in [pre-auth] mode. 587s [p11_child[2182]] [main] (0x2000): Running with effective IDs: [0][0]. 587s [p11_child[2182]] [main] (0x2000): Running with real IDs [0][0]. 587s [p11_child[2182]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 587s [p11_child[2182]] [do_card] (0x4000): Module List: 587s [p11_child[2182]] [do_card] (0x4000): common name: [softhsm2]. 587s [p11_child[2182]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2182]] [do_card] (0x4000): Description [SoftHSM slot ID 0x601424e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 587s [p11_child[2182]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 587s [p11_child[2182]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x601424e1][1611932897] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2182]] [do_card] (0x4000): Login NOT required. 587s [p11_child[2182]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 587s [p11_child[2182]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 587s [p11_child[2182]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 587s [p11_child[2182]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x601424e1;slot-manufacturer=SoftHSM%20project;slot-id=1611932897;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab9919ec601424e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 587s [p11_child[2182]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 587s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-31630.output 587s + echo '-----BEGIN CERTIFICATE-----' 587s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-31630.output 587s + echo '-----END CERTIFICATE-----' 587s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-31630.pem 587s Certificate: 587s Data: 587s Version: 3 (0x2) 587s Serial Number: 3 (0x3) 587s Signature Algorithm: sha256WithRSAEncryption 587s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 587s Validity 587s Not Before: Jan 15 02:43:05 2025 GMT 587s Not After : Jan 15 02:43:05 2026 GMT 587s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 587s Subject Public Key Info: 587s Public Key Algorithm: rsaEncryption 587s Public-Key: (1024 bit) 587s Modulus: 587s 00:d6:7d:70:76:5a:9d:b1:d1:86:19:2f:88:d6:05: 587s ff:2f:d5:dc:88:9e:cc:c5:67:c4:0e:50:3c:6f:04: 587s a8:4d:fe:bb:00:09:71:ae:3b:24:ad:39:07:e2:02: 587s 88:44:36:98:1f:d3:20:78:a8:1f:dd:16:d6:5e:01: 587s 38:3f:c7:ba:3b:a8:5a:ce:f2:42:58:81:8e:d7:49: 587s 4e:0d:bb:ba:21:87:82:4d:50:90:86:06:d0:36:a9: 587s d5:d6:59:98:81:ec:5a:38:fd:81:23:81:ef:99:e6: 587s 2d:4c:56:08:4a:01:9a:d0:56:39:4b:bd:03:89:13: 587s 3f:86:52:f6:0a:94:b0:7a:81 587s Exponent: 65537 (0x10001) 587s X509v3 extensions: 587s X509v3 Authority Key Identifier: 587s 92:A5:1E:AF:49:BD:5C:38:F9:AF:53:0A:C8:0E:BC:59:83:C0:98:F2 587s X509v3 Basic Constraints: 587s CA:FALSE 587s Netscape Cert Type: 587s SSL Client, S/MIME 587s Netscape Comment: 587s Test Organization Root CA trusted Certificate 587s X509v3 Subject Key Identifier: 587s CC:88:4D:B3:6C:6D:A9:DA:6A:AE:CC:05:E5:8B:82:C6:1D:CC:C2:2F 587s X509v3 Key Usage: critical 587s Digital Signature, Non Repudiation, Key Encipherment 587s X509v3 Extended Key Usage: 587s TLS Web Client Authentication, E-mail Protection 587s X509v3 Subject Alternative Name: 587s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 587s Signature Algorithm: sha256WithRSAEncryption 587s Signature Value: 587s ba:72:03:fd:b6:00:7b:c5:ff:b1:5d:03:51:fb:60:f3:1a:7b: 587s a3:9a:20:d6:8a:b6:82:31:be:b2:3e:b5:5b:ed:ae:a7:48:d8: 587s c6:1f:fc:5c:6c:6b:b6:bb:72:91:66:9a:08:78:f7:13:c6:bf: 587s 41:64:99:6f:f8:b4:b1:67:9f:94:4e:99:9b:12:b4:98:57:bf: 587s bd:f5:be:4a:95:01:ba:78:28:80:95:c3:12:9c:8d:07:7d:e7: 587s b4:bd:33:0c:98:7a:e9:00:3e:7c:1d:0a:c3:73:c3:28:bb:09: 587s a7:df:ae:1d:11:51:de:c5:f3:a5:99:51:1f:64:5b:c8:f5:80: 587s ea:8e 587s + local found_md5 expected_md5 587s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + expected_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 587s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-31630.pem 587s + found_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 587s + '[' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 '!=' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 ']' 587s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-31630-auth.output 587s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-31630-auth.output .output 587s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-31630-auth.pem 587s + echo -n 053350 587s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 587s [p11_child[2190]] [main] (0x0400): p11_child started. 587s [p11_child[2190]] [main] (0x2000): Running in [auth] mode. 587s [p11_child[2190]] [main] (0x2000): Running with effective IDs: [0][0]. 587s [p11_child[2190]] [main] (0x2000): Running with real IDs [0][0]. 587s [p11_child[2190]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 587s [p11_child[2190]] [do_card] (0x4000): Module List: 587s [p11_child[2190]] [do_card] (0x4000): common name: [softhsm2]. 587s [p11_child[2190]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2190]] [do_card] (0x4000): Description [SoftHSM slot ID 0x601424e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 587s [p11_child[2190]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 587s [p11_child[2190]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x601424e1][1611932897] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2190]] [do_card] (0x4000): Login required. 587s [p11_child[2190]] [do_card] (0x4000): Token flags [1069]. 587s [p11_child[2190]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 587s [p11_child[2190]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 587s [p11_child[2190]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 587s [p11_child[2190]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x601424e1;slot-manufacturer=SoftHSM%20project;slot-id=1611932897;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab9919ec601424e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 587s [p11_child[2190]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 587s [p11_child[2190]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 587s [p11_child[2190]] [do_card] (0x4000): Certificate verified and validated. 587s [p11_child[2190]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 587s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-31630-auth.output 587s + echo '-----BEGIN CERTIFICATE-----' 587s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-31630-auth.output 587s + echo '-----END CERTIFICATE-----' 587s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-31630-auth.pem 587s Certificate: 587s Data: 587s Version: 3 (0x2) 587s Serial Number: 3 (0x3) 587s Signature Algorithm: sha256WithRSAEncryption 587s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 587s Validity 587s Not Before: Jan 15 02:43:05 2025 GMT 587s Not After : Jan 15 02:43:05 2026 GMT 587s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 587s Subject Public Key Info: 587s Public Key Algorithm: rsaEncryption 587s Public-Key: (1024 bit) 587s Modulus: 587s 00:d6:7d:70:76:5a:9d:b1:d1:86:19:2f:88:d6:05: 587s ff:2f:d5:dc:88:9e:cc:c5:67:c4:0e:50:3c:6f:04: 587s a8:4d:fe:bb:00:09:71:ae:3b:24:ad:39:07:e2:02: 587s 88:44:36:98:1f:d3:20:78:a8:1f:dd:16:d6:5e:01: 587s 38:3f:c7:ba:3b:a8:5a:ce:f2:42:58:81:8e:d7:49: 587s 4e:0d:bb:ba:21:87:82:4d:50:90:86:06:d0:36:a9: 587s d5:d6:59:98:81:ec:5a:38:fd:81:23:81:ef:99:e6: 587s 2d:4c:56:08:4a:01:9a:d0:56:39:4b:bd:03:89:13: 587s 3f:86:52:f6:0a:94:b0:7a:81 587s Exponent: 65537 (0x10001) 587s X509v3 extensions: 587s X509v3 Authority Key Identifier: 587s 92:A5:1E:AF:49:BD:5C:38:F9:AF:53:0A:C8:0E:BC:59:83:C0:98:F2 587s X509v3 Basic Constraints: 587s CA:FALSE 587s Netscape Cert Type: 587s SSL Client, S/MIME 587s Netscape Comment: 587s Test Organization Root CA trusted Certificate 587s X509v3 Subject Key Identifier: 587s CC:88:4D:B3:6C:6D:A9:DA:6A:AE:CC:05:E5:8B:82:C6:1D:CC:C2:2F 587s X509v3 Key Usage: critical 587s Digital Signature, Non Repudiation, Key Encipherment 587s X509v3 Extended Key Usage: 587s TLS Web Client Authentication, E-mail Protection 587s X509v3 Subject Alternative Name: 587s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 587s Signature Algorithm: sha256WithRSAEncryption 587s Signature Value: 587s ba:72:03:fd:b6:00:7b:c5:ff:b1:5d:03:51:fb:60:f3:1a:7b: 587s a3:9a:20:d6:8a:b6:82:31:be:b2:3e:b5:5b:ed:ae:a7:48:d8: 587s c6:1f:fc:5c:6c:6b:b6:bb:72:91:66:9a:08:78:f7:13:c6:bf: 587s 41:64:99:6f:f8:b4:b1:67:9f:94:4e:99:9b:12:b4:98:57:bf: 587s bd:f5:be:4a:95:01:ba:78:28:80:95:c3:12:9c:8d:07:7d:e7: 587s b4:bd:33:0c:98:7a:e9:00:3e:7c:1d:0a:c3:73:c3:28:bb:09: 587s a7:df:ae:1d:11:51:de:c5:f3:a5:99:51:1f:64:5b:c8:f5:80: 587s ea:8e 587s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-31630-auth.pem 587s + found_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 587s + '[' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 '!=' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 ']' 587s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 587s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 587s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 587s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 587s + local verify_option= 587s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 587s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 587s + local key_cn 587s + local key_name 587s + local tokens_dir 587s + local output_cert_file 587s + token_name= 587s ++ basename /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem .pem 587s + key_name=test-root-CA-trusted-certificate-0001 587s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s ++ sed -n 's/ *commonName *= //p' 587s Test Organization Root Tr Token 587s + key_cn='Test Organization Root Trusted Certificate 0001' 587s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 587s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 587s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 587s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 587s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 587s + token_name='Test Organization Root Tr Token' 587s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 587s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 ']' 587s + echo 'Test Organization Root Tr Token' 587s + '[' -n '' ']' 587s + local output_base_name=SSSD-child-16608 587s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-16608.output 587s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-16608.pem 587s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 587s [p11_child[2200]] [main] (0x0400): p11_child started. 587s [p11_child[2200]] [main] (0x2000): Running in [pre-auth] mode. 587s [p11_child[2200]] [main] (0x2000): Running with effective IDs: [0][0]. 587s [p11_child[2200]] [main] (0x2000): Running with real IDs [0][0]. 587s [p11_child[2200]] [do_card] (0x4000): Module List: 587s [p11_child[2200]] [do_card] (0x4000): common name: [softhsm2]. 587s [p11_child[2200]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2200]] [do_card] (0x4000): Description [SoftHSM slot ID 0x601424e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 587s [p11_child[2200]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 587s [p11_child[2200]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x601424e1][1611932897] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2200]] [do_card] (0x4000): Login NOT required. 587s [p11_child[2200]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 587s [p11_child[2200]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 587s [p11_child[2200]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 587s [p11_child[2200]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x601424e1;slot-manufacturer=SoftHSM%20project;slot-id=1611932897;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab9919ec601424e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 587s [p11_child[2200]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 587s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-16608.output 587s + echo '-----BEGIN CERTIFICATE-----' 587s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-16608.output 587s + echo '-----END CERTIFICATE-----' 587s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-16608.pem 587s Certificate: 587s Data: 587s Version: 3 (0x2) 587s Serial Number: 3 (0x3) 587s Signature Algorithm: sha256WithRSAEncryption 587s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 587s Validity 587s Not Before: Jan 15 02:43:05 2025 GMT 587s Not After : Jan 15 02:43:05 2026 GMT 587s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 587s Subject Public Key Info: 587s Public Key Algorithm: rsaEncryption 587s Public-Key: (1024 bit) 587s Modulus: 587s 00:d6:7d:70:76:5a:9d:b1:d1:86:19:2f:88:d6:05: 587s ff:2f:d5:dc:88:9e:cc:c5:67:c4:0e:50:3c:6f:04: 587s a8:4d:fe:bb:00:09:71:ae:3b:24:ad:39:07:e2:02: 587s 88:44:36:98:1f:d3:20:78:a8:1f:dd:16:d6:5e:01: 587s 38:3f:c7:ba:3b:a8:5a:ce:f2:42:58:81:8e:d7:49: 587s 4e:0d:bb:ba:21:87:82:4d:50:90:86:06:d0:36:a9: 587s d5:d6:59:98:81:ec:5a:38:fd:81:23:81:ef:99:e6: 587s 2d:4c:56:08:4a:01:9a:d0:56:39:4b:bd:03:89:13: 587s 3f:86:52:f6:0a:94:b0:7a:81 587s Exponent: 65537 (0x10001) 587s X509v3 extensions: 587s X509v3 Authority Key Identifier: 587s 92:A5:1E:AF:49:BD:5C:38:F9:AF:53:0A:C8:0E:BC:59:83:C0:98:F2 587s X509v3 Basic Constraints: 587s CA:FALSE 587s Netscape Cert Type: 587s SSL Client, S/MIME 587s Netscape Comment: 587s Test Organization Root CA trusted Certificate 587s X509v3 Subject Key Identifier: 587s CC:88:4D:B3:6C:6D:A9:DA:6A:AE:CC:05:E5:8B:82:C6:1D:CC:C2:2F 587s X509v3 Key Usage: critical 587s Digital Signature, Non Repudiation, Key Encipherment 587s X509v3 Extended Key Usage: 587s TLS Web Client Authentication, E-mail Protection 587s X509v3 Subject Alternative Name: 587s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 587s Signature Algorithm: sha256WithRSAEncryption 587s Signature Value: 587s ba:72:03:fd:b6:00:7b:c5:ff:b1:5d:03:51:fb:60:f3:1a:7b: 587s a3:9a:20:d6:8a:b6:82:31:be:b2:3e:b5:5b:ed:ae:a7:48:d8: 587s c6:1f:fc:5c:6c:6b:b6:bb:72:91:66:9a:08:78:f7:13:c6:bf: 587s 41:64:99:6f:f8:b4:b1:67:9f:94:4e:99:9b:12:b4:98:57:bf: 587s bd:f5:be:4a:95:01:ba:78:28:80:95:c3:12:9c:8d:07:7d:e7: 587s b4:bd:33:0c:98:7a:e9:00:3e:7c:1d:0a:c3:73:c3:28:bb:09: 587s a7:df:ae:1d:11:51:de:c5:f3:a5:99:51:1f:64:5b:c8:f5:80: 587s ea:8e 587s + local found_md5 expected_md5 587s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 587s + expected_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 587s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-16608.pem 587s + found_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 587s + '[' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 '!=' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 ']' 587s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-16608-auth.output 587s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-16608-auth.output .output 587s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-16608-auth.pem 587s + echo -n 053350 587s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 587s [p11_child[2208]] [main] (0x0400): p11_child started. 587s [p11_child[2208]] [main] (0x2000): Running in [auth] mode. 587s [p11_child[2208]] [main] (0x2000): Running with effective IDs: [0][0]. 587s [p11_child[2208]] [main] (0x2000): Running with real IDs [0][0]. 587s [p11_child[2208]] [do_card] (0x4000): Module List: 587s [p11_child[2208]] [do_card] (0x4000): common name: [softhsm2]. 587s [p11_child[2208]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2208]] [do_card] (0x4000): Description [SoftHSM slot ID 0x601424e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 587s [p11_child[2208]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 587s [p11_child[2208]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x601424e1][1611932897] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 587s [p11_child[2208]] [do_card] (0x4000): Login required. 587s [p11_child[2208]] [do_card] (0x4000): Token flags [1069]. 587s [p11_child[2208]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 587s [p11_child[2208]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 587s [p11_child[2208]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 587s [p11_child[2208]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x601424e1;slot-manufacturer=SoftHSM%20project;slot-id=1611932897;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab9919ec601424e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 587s [p11_child[2208]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 587s [p11_child[2208]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 587s [p11_child[2208]] [do_card] (0x4000): Certificate verified and validated. 587s [p11_child[2208]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 587s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-16608-auth.output 587s + echo '-----BEGIN CERTIFICATE-----' 587s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-16608-auth.output 587s + echo '-----END CERTIFICATE-----' 587s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-16608-auth.pem 588s Certificate: 588s Data: 588s Version: 3 (0x2) 588s Serial Number: 3 (0x3) 588s Signature Algorithm: sha256WithRSAEncryption 588s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 588s Validity 588s Not Before: Jan 15 02:43:05 2025 GMT 588s Not After : Jan 15 02:43:05 2026 GMT 588s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 588s Subject Public Key Info: 588s Public Key Algorithm: rsaEncryption 588s Public-Key: (1024 bit) 588s Modulus: 588s 00:d6:7d:70:76:5a:9d:b1:d1:86:19:2f:88:d6:05: 588s ff:2f:d5:dc:88:9e:cc:c5:67:c4:0e:50:3c:6f:04: 588s a8:4d:fe:bb:00:09:71:ae:3b:24:ad:39:07:e2:02: 588s 88:44:36:98:1f:d3:20:78:a8:1f:dd:16:d6:5e:01: 588s 38:3f:c7:ba:3b:a8:5a:ce:f2:42:58:81:8e:d7:49: 588s 4e:0d:bb:ba:21:87:82:4d:50:90:86:06:d0:36:a9: 588s d5:d6:59:98:81:ec:5a:38:fd:81:23:81:ef:99:e6: 588s 2d:4c:56:08:4a:01:9a:d0:56:39:4b:bd:03:89:13: 588s 3f:86:52:f6:0a:94:b0:7a:81 588s Exponent: 65537 (0x10001) 588s X509v3 extensions: 588s X509v3 Authority Key Identifier: 588s 92:A5:1E:AF:49:BD:5C:38:F9:AF:53:0A:C8:0E:BC:59:83:C0:98:F2 588s X509v3 Basic Constraints: 588s CA:FALSE 588s Netscape Cert Type: 588s SSL Client, S/MIME 588s Netscape Comment: 588s Test Organization Root CA trusted Certificate 588s X509v3 Subject Key Identifier: 588s CC:88:4D:B3:6C:6D:A9:DA:6A:AE:CC:05:E5:8B:82:C6:1D:CC:C2:2F 588s X509v3 Key Usage: critical 588s Digital Signature, Non Repudiation, Key Encipherment 588s X509v3 Extended Key Usage: 588s TLS Web Client Authentication, E-mail Protection 588s X509v3 Subject Alternative Name: 588s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 588s Signature Algorithm: sha256WithRSAEncryption 588s Signature Value: 588s ba:72:03:fd:b6:00:7b:c5:ff:b1:5d:03:51:fb:60:f3:1a:7b: 588s a3:9a:20:d6:8a:b6:82:31:be:b2:3e:b5:5b:ed:ae:a7:48:d8: 588s c6:1f:fc:5c:6c:6b:b6:bb:72:91:66:9a:08:78:f7:13:c6:bf: 588s 41:64:99:6f:f8:b4:b1:67:9f:94:4e:99:9b:12:b4:98:57:bf: 588s bd:f5:be:4a:95:01:ba:78:28:80:95:c3:12:9c:8d:07:7d:e7: 588s b4:bd:33:0c:98:7a:e9:00:3e:7c:1d:0a:c3:73:c3:28:bb:09: 588s a7:df:ae:1d:11:51:de:c5:f3:a5:99:51:1f:64:5b:c8:f5:80: 588s ea:8e 588s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-16608-auth.pem 588s + found_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 588s + '[' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 '!=' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 ']' 588s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem partial_chain 588s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem partial_chain 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 588s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 588s + local verify_option=partial_chain 588s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 588s + local key_cn 588s + local key_name 588s + local tokens_dir 588s + local output_cert_file 588s + token_name= 588s ++ basename /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem .pem 588s + key_name=test-root-CA-trusted-certificate-0001 588s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 588s ++ sed -n 's/ *commonName *= //p' 588s Test Organization Root Tr Token 588s + key_cn='Test Organization Root Trusted Certificate 0001' 588s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 588s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 588s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 588s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 588s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 588s + token_name='Test Organization Root Tr Token' 588s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 588s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 ']' 588s + echo 'Test Organization Root Tr Token' 588s + '[' -n partial_chain ']' 588s + local verify_arg=--verify=partial_chain 588s + local output_base_name=SSSD-child-29138 588s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-29138.output 588s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-29138.pem 588s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 588s [p11_child[2218]] [main] (0x0400): p11_child started. 588s [p11_child[2218]] [main] (0x2000): Running in [pre-auth] mode. 588s [p11_child[2218]] [main] (0x2000): Running with effective IDs: [0][0]. 588s [p11_child[2218]] [main] (0x2000): Running with real IDs [0][0]. 588s [p11_child[2218]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 588s [p11_child[2218]] [do_card] (0x4000): Module List: 588s [p11_child[2218]] [do_card] (0x4000): common name: [softhsm2]. 588s [p11_child[2218]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2218]] [do_card] (0x4000): Description [SoftHSM slot ID 0x601424e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 588s [p11_child[2218]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 588s [p11_child[2218]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x601424e1][1611932897] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2218]] [do_card] (0x4000): Login NOT required. 588s [p11_child[2218]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 588s [p11_child[2218]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 588s [p11_child[2218]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Root Tr Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 588s [p11_child[2218]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x601424e1;slot-manufacturer=SoftHSM%20project;slot-id=1611932897;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab9919ec601424e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 588s [p11_child[2218]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 588s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-29138.output 588s + echo '-----BEGIN CERTIFICATE-----' 588s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-29138.output 588s + echo '-----END CERTIFICATE-----' 588s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-29138.pem 588s Certificate: 588s Data: 588s Version: 3 (0x2) 588s Serial Number: 3 (0x3) 588s Signature Algorithm: sha256WithRSAEncryption 588s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 588s Validity 588s Not Before: Jan 15 02:43:05 2025 GMT 588s Not After : Jan 15 02:43:05 2026 GMT 588s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 588s Subject Public Key Info: 588s Public Key Algorithm: rsaEncryption 588s Public-Key: (1024 bit) 588s Modulus: 588s 00:d6:7d:70:76:5a:9d:b1:d1:86:19:2f:88:d6:05: 588s ff:2f:d5:dc:88:9e:cc:c5:67:c4:0e:50:3c:6f:04: 588s a8:4d:fe:bb:00:09:71:ae:3b:24:ad:39:07:e2:02: 588s 88:44:36:98:1f:d3:20:78:a8:1f:dd:16:d6:5e:01: 588s 38:3f:c7:ba:3b:a8:5a:ce:f2:42:58:81:8e:d7:49: 588s 4e:0d:bb:ba:21:87:82:4d:50:90:86:06:d0:36:a9: 588s d5:d6:59:98:81:ec:5a:38:fd:81:23:81:ef:99:e6: 588s 2d:4c:56:08:4a:01:9a:d0:56:39:4b:bd:03:89:13: 588s 3f:86:52:f6:0a:94:b0:7a:81 588s Exponent: 65537 (0x10001) 588s X509v3 extensions: 588s X509v3 Authority Key Identifier: 588s 92:A5:1E:AF:49:BD:5C:38:F9:AF:53:0A:C8:0E:BC:59:83:C0:98:F2 588s X509v3 Basic Constraints: 588s CA:FALSE 588s Netscape Cert Type: 588s SSL Client, S/MIME 588s Netscape Comment: 588s Test Organization Root CA trusted Certificate 588s X509v3 Subject Key Identifier: 588s CC:88:4D:B3:6C:6D:A9:DA:6A:AE:CC:05:E5:8B:82:C6:1D:CC:C2:2F 588s X509v3 Key Usage: critical 588s Digital Signature, Non Repudiation, Key Encipherment 588s X509v3 Extended Key Usage: 588s TLS Web Client Authentication, E-mail Protection 588s X509v3 Subject Alternative Name: 588s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 588s Signature Algorithm: sha256WithRSAEncryption 588s Signature Value: 588s ba:72:03:fd:b6:00:7b:c5:ff:b1:5d:03:51:fb:60:f3:1a:7b: 588s a3:9a:20:d6:8a:b6:82:31:be:b2:3e:b5:5b:ed:ae:a7:48:d8: 588s c6:1f:fc:5c:6c:6b:b6:bb:72:91:66:9a:08:78:f7:13:c6:bf: 588s 41:64:99:6f:f8:b4:b1:67:9f:94:4e:99:9b:12:b4:98:57:bf: 588s bd:f5:be:4a:95:01:ba:78:28:80:95:c3:12:9c:8d:07:7d:e7: 588s b4:bd:33:0c:98:7a:e9:00:3e:7c:1d:0a:c3:73:c3:28:bb:09: 588s a7:df:ae:1d:11:51:de:c5:f3:a5:99:51:1f:64:5b:c8:f5:80: 588s ea:8e 588s + local found_md5 expected_md5 588s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 588s + expected_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 588s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-29138.pem 588s + found_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 588s + '[' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 '!=' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 ']' 588s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-29138-auth.output 588s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-29138-auth.output .output 588s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-29138-auth.pem 588s + echo -n 053350 588s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Root Tr Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 588s [p11_child[2226]] [main] (0x0400): p11_child started. 588s [p11_child[2226]] [main] (0x2000): Running in [auth] mode. 588s [p11_child[2226]] [main] (0x2000): Running with effective IDs: [0][0]. 588s [p11_child[2226]] [main] (0x2000): Running with real IDs [0][0]. 588s [p11_child[2226]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 588s [p11_child[2226]] [do_card] (0x4000): Module List: 588s [p11_child[2226]] [do_card] (0x4000): common name: [softhsm2]. 588s [p11_child[2226]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2226]] [do_card] (0x4000): Description [SoftHSM slot ID 0x601424e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 588s [p11_child[2226]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 588s [p11_child[2226]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x601424e1][1611932897] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2226]] [do_card] (0x4000): Login required. 588s [p11_child[2226]] [do_card] (0x4000): Token flags [1069]. 588s [p11_child[2226]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 588s [p11_child[2226]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 588s [p11_child[2226]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Root Tr Token Test Organization Root Tr Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 588s [p11_child[2226]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x601424e1;slot-manufacturer=SoftHSM%20project;slot-id=1611932897;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=ab9919ec601424e1;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 588s [p11_child[2226]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 588s [p11_child[2226]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 588s [p11_child[2226]] [do_card] (0x4000): Certificate verified and validated. 588s [p11_child[2226]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 588s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-29138-auth.output 588s + echo '-----BEGIN CERTIFICATE-----' 588s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-29138-auth.output 588s + echo '-----END CERTIFICATE-----' 588s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-29138-auth.pem 588s Certificate: 588s Data: 588s Version: 3 (0x2) 588s Serial Number: 3 (0x3) 588s Signature Algorithm: sha256WithRSAEncryption 588s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 588s Validity 588s Not Before: Jan 15 02:43:05 2025 GMT 588s Not After : Jan 15 02:43:05 2026 GMT 588s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 588s Subject Public Key Info: 588s Public Key Algorithm: rsaEncryption 588s Public-Key: (1024 bit) 588s Modulus: 588s 00:d6:7d:70:76:5a:9d:b1:d1:86:19:2f:88:d6:05: 588s ff:2f:d5:dc:88:9e:cc:c5:67:c4:0e:50:3c:6f:04: 588s a8:4d:fe:bb:00:09:71:ae:3b:24:ad:39:07:e2:02: 588s 88:44:36:98:1f:d3:20:78:a8:1f:dd:16:d6:5e:01: 588s 38:3f:c7:ba:3b:a8:5a:ce:f2:42:58:81:8e:d7:49: 588s 4e:0d:bb:ba:21:87:82:4d:50:90:86:06:d0:36:a9: 588s d5:d6:59:98:81:ec:5a:38:fd:81:23:81:ef:99:e6: 588s 2d:4c:56:08:4a:01:9a:d0:56:39:4b:bd:03:89:13: 588s 3f:86:52:f6:0a:94:b0:7a:81 588s Exponent: 65537 (0x10001) 588s X509v3 extensions: 588s X509v3 Authority Key Identifier: 588s 92:A5:1E:AF:49:BD:5C:38:F9:AF:53:0A:C8:0E:BC:59:83:C0:98:F2 588s X509v3 Basic Constraints: 588s CA:FALSE 588s Netscape Cert Type: 588s SSL Client, S/MIME 588s Netscape Comment: 588s Test Organization Root CA trusted Certificate 588s X509v3 Subject Key Identifier: 588s CC:88:4D:B3:6C:6D:A9:DA:6A:AE:CC:05:E5:8B:82:C6:1D:CC:C2:2F 588s X509v3 Key Usage: critical 588s Digital Signature, Non Repudiation, Key Encipherment 588s X509v3 Extended Key Usage: 588s TLS Web Client Authentication, E-mail Protection 588s X509v3 Subject Alternative Name: 588s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 588s Signature Algorithm: sha256WithRSAEncryption 588s Signature Value: 588s ba:72:03:fd:b6:00:7b:c5:ff:b1:5d:03:51:fb:60:f3:1a:7b: 588s a3:9a:20:d6:8a:b6:82:31:be:b2:3e:b5:5b:ed:ae:a7:48:d8: 588s c6:1f:fc:5c:6c:6b:b6:bb:72:91:66:9a:08:78:f7:13:c6:bf: 588s 41:64:99:6f:f8:b4:b1:67:9f:94:4e:99:9b:12:b4:98:57:bf: 588s bd:f5:be:4a:95:01:ba:78:28:80:95:c3:12:9c:8d:07:7d:e7: 588s b4:bd:33:0c:98:7a:e9:00:3e:7c:1d:0a:c3:73:c3:28:bb:09: 588s a7:df:ae:1d:11:51:de:c5:f3:a5:99:51:1f:64:5b:c8:f5:80: 588s ea:8e 588s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-29138-auth.pem 588s + found_md5=Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 588s + '[' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 '!=' Modulus=D67D70765A9DB1D186192F88D605FF2FD5DC889ECCC567C40E503C6F04A84DFEBB000971AE3B24AD3907E202884436981FD32078A81FDD16D65E01383FC7BA3BA85ACEF24258818ED7494E0DBBBA2187824D50908606D036A9D5D6599881EC5A38FD812381EF99E62D4C56084A019AD056394BBD0389133F8652F60A94B07A81 ']' 588s + invalid_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 588s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 588s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 588s + local verify_option= 588s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 588s + local key_cn 588s + local key_name 588s + local tokens_dir 588s + local output_cert_file 588s + token_name= 588s ++ basename /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem .pem 588s + key_name=test-root-CA-trusted-certificate-0001 588s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 588s ++ sed -n 's/ *commonName *= //p' 588s + key_cn='Test Organization Root Trusted Certificate 0001' 588s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 588s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 588s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 588s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 588s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 588s + token_name='Test Organization Root Tr Token' 588s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 588s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 ']' 588s + echo 'Test Organization Root Tr Token' 588s + '[' -n '' ']' 588s + local output_base_name=SSSD-child-9978 588s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-9978.output 588s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-9978.pem 588s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 588s [p11_child[2236]] [main] (0x0400): p11_child started. 588s [p11_child[2236]] [main] (0x2000): Running in [pre-auth] mode. 588s [p11_child[2236]] [main] (0x2000): Running with effective IDs: [0][0]. 588s [p11_child[2236]] [main] (0x2000): Running with real IDs [0][0]. 588s Test Organization Root Tr Token 588s [p11_child[2236]] [do_card] (0x4000): Module List: 588s [p11_child[2236]] [do_card] (0x4000): common name: [softhsm2]. 588s [p11_child[2236]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2236]] [do_card] (0x4000): Description [SoftHSM slot ID 0x601424e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 588s [p11_child[2236]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 588s [p11_child[2236]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x601424e1][1611932897] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2236]] [do_card] (0x4000): Login NOT required. 588s [p11_child[2236]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 588s [p11_child[2236]] [do_verification] (0x0040): X509_verify_cert failed [0]. 588s [p11_child[2236]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 588s [p11_child[2236]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 588s [p11_child[2236]] [do_card] (0x4000): No certificate found. 588s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-9978.output 588s + return 2 588s + invalid_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem partial_chain 588s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem partial_chain 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 588s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 588s + local verify_option=partial_chain 588s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-7176 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-root-ca-trusted-cert-0001-7176 588s + local key_cn 588s + local key_name 588s + local tokens_dir 588s + local output_cert_file 588s + token_name= 588s ++ basename /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem .pem 588s + key_name=test-root-CA-trusted-certificate-0001 588s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-root-CA-trusted-certificate-0001.pem 588s ++ sed -n 's/ *commonName *= //p' 588s + key_cn='Test Organization Root Trusted Certificate 0001' 588s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 588s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 588s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf 588s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 588s Test Organization Root Tr Token 588s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 588s + token_name='Test Organization Root Tr Token' 588s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 588s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-root-CA-trusted-certificate-0001 ']' 588s + echo 'Test Organization Root Tr Token' 588s + '[' -n partial_chain ']' 588s + local verify_arg=--verify=partial_chain 588s + local output_base_name=SSSD-child-27319 588s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-27319.output 588s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-27319.pem 588s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 588s [p11_child[2243]] [main] (0x0400): p11_child started. 588s [p11_child[2243]] [main] (0x2000): Running in [pre-auth] mode. 588s [p11_child[2243]] [main] (0x2000): Running with effective IDs: [0][0]. 588s [p11_child[2243]] [main] (0x2000): Running with real IDs [0][0]. 588s [p11_child[2243]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 588s [p11_child[2243]] [do_card] (0x4000): Module List: 588s [p11_child[2243]] [do_card] (0x4000): common name: [softhsm2]. 588s [p11_child[2243]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2243]] [do_card] (0x4000): Description [SoftHSM slot ID 0x601424e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 588s [p11_child[2243]] [do_card] (0x4000): Token label [Test Organization Root Tr Token]. 588s [p11_child[2243]] [do_card] (0x4000): Found [Test Organization Root Tr Token] in slot [SoftHSM slot ID 0x601424e1][1611932897] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2243]] [do_card] (0x4000): Login NOT required. 588s [p11_child[2243]] [read_certs] (0x4000): found cert[Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] 588s [p11_child[2243]] [do_verification] (0x0040): X509_verify_cert failed [0]. 588s [p11_child[2243]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 588s [p11_child[2243]] [read_certs] (0x0040): Certificate [Test Organization Root Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root Trusted Certificate 0001] not valid, skipping. 588s [p11_child[2243]] [do_card] (0x4000): No certificate found. 588s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-27319.output 588s + return 2 588s + invalid_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /dev/null 588s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /dev/null 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local key_ring=/dev/null 588s + local verify_option= 588s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local key_cn 588s + local key_name 588s + local tokens_dir 588s + local output_cert_file 588s + token_name= 588s ++ basename /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem .pem 588s + key_name=test-intermediate-CA-trusted-certificate-0001 588s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s ++ sed -n 's/ *commonName *= //p' 588s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 588s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 588s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 588s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 588s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 588s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 588s + token_name='Test Organization Interme Token' 588s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 588s + local key_file 588s + local decrypted_key 588s + mkdir -p /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 588s + key_file=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001-key.pem 588s + decrypted_key=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 588s + cat 588s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 053350 --so-pin 053350 --free 588s + softhsm2-util --show-slots 588s Slot 0 has a free/uninitialized token. 588s The token has been initialized and is reassigned to slot 1027845505 588s Available slots: 588s Slot 1027845505 588s Slot info: 588s Description: SoftHSM slot ID 0x3d43ad81 588s Manufacturer ID: SoftHSM project 588s Hardware version: 2.6 588s Firmware version: 2.6 588s Token present: yes 588s Token info: 588s Manufacturer ID: SoftHSM project 588s Model: SoftHSM v2 588s Hardware version: 2.6 588s Firmware version: 2.6 588s Serial number: 50ff8044bd43ad81 588s Initialized: yes 588s User PIN init.: yes 588s Label: Test Organization Interme Token 588s Slot 1 588s Slot info: 588s Description: SoftHSM slot ID 0x1 588s Manufacturer ID: SoftHSM project 588s Hardware version: 2.6 588s Firmware version: 2.6 588s Token present: yes 588s Token info: 588s Manufacturer ID: SoftHSM project 588s Model: SoftHSM v2 588s Hardware version: 2.6 588s Firmware version: 2.6 588s Serial number: 588s Initialized: no 588s User PIN init.: no 588s Label: 588s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 588s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-23015 -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 588s writing RSA key 588s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 588s + rm /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 588s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 588s Object 0: 588s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=50ff8044bd43ad81;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 588s Type: X.509 Certificate (RSA-1024) 588s Expires: Thu Jan 15 02:43:05 2026 588s Label: Test Organization Intermediate Trusted Certificate 0001 588s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 588s 588s Test Organization Interme Token 588s + echo 'Test Organization Interme Token' 588s + '[' -n '' ']' 588s + local output_base_name=SSSD-child-18999 588s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-18999.output 588s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-18999.pem 588s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/dev/null 588s [p11_child[2259]] [main] (0x0400): p11_child started. 588s [p11_child[2259]] [main] (0x2000): Running in [pre-auth] mode. 588s [p11_child[2259]] [main] (0x2000): Running with effective IDs: [0][0]. 588s [p11_child[2259]] [main] (0x2000): Running with real IDs [0][0]. 588s [p11_child[2259]] [init_verification] (0x0040): X509_LOOKUP_load_file [/dev/null] failed [92274824][error:05800088:x509 certificate routines::no certificate or crl found]. 588s [p11_child[2259]] [do_work] (0x0040): init_verification failed. 588s [p11_child[2259]] [main] (0x0020): p11_child failed (5) 588s + return 2 588s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /dev/null no_verification 588s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /dev/null no_verification 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local key_ring=/dev/null 588s + local verify_option=no_verification 588s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local key_cn 588s + local key_name 588s + local tokens_dir 588s + local output_cert_file 588s + token_name= 588s ++ basename /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem .pem 588s + key_name=test-intermediate-CA-trusted-certificate-0001 588s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s ++ sed -n 's/ *commonName *= //p' 588s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 588s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 588s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 588s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 588s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 588s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 588s + token_name='Test Organization Interme Token' 588s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 588s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 588s + echo 'Test Organization Interme Token' 588s + '[' -n no_verification ']' 588s + local verify_arg=--verify=no_verification 588s + local output_base_name=SSSD-child-16397 588s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-16397.output 588s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-16397.pem 588s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=no_verification --ca_db=/dev/null 588s Test Organization Interme Token 588s [p11_child[2265]] [main] (0x0400): p11_child started. 588s [p11_child[2265]] [main] (0x2000): Running in [pre-auth] mode. 588s [p11_child[2265]] [main] (0x2000): Running with effective IDs: [0][0]. 588s [p11_child[2265]] [main] (0x2000): Running with real IDs [0][0]. 588s [p11_child[2265]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 588s [p11_child[2265]] [do_card] (0x4000): Module List: 588s [p11_child[2265]] [do_card] (0x4000): common name: [softhsm2]. 588s [p11_child[2265]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2265]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d43ad81] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 588s [p11_child[2265]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 588s [p11_child[2265]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3d43ad81][1027845505] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2265]] [do_card] (0x4000): Login NOT required. 588s [p11_child[2265]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 588s [p11_child[2265]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 588s [p11_child[2265]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d43ad81;slot-manufacturer=SoftHSM%20project;slot-id=1027845505;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=50ff8044bd43ad81;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 588s [p11_child[2265]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 588s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-16397.output 588s + echo '-----BEGIN CERTIFICATE-----' 588s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-16397.output 588s + echo '-----END CERTIFICATE-----' 588s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-16397.pem 588s + local found_md5 expected_md5 588s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s Certificate: 588s Data: 588s Version: 3 (0x2) 588s Serial Number: 4 (0x4) 588s Signature Algorithm: sha256WithRSAEncryption 588s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 588s Validity 588s Not Before: Jan 15 02:43:05 2025 GMT 588s Not After : Jan 15 02:43:05 2026 GMT 588s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 588s Subject Public Key Info: 588s Public Key Algorithm: rsaEncryption 588s Public-Key: (1024 bit) 588s Modulus: 588s 00:bb:9e:b0:22:d7:92:4d:93:13:77:ac:90:f0:11: 588s 80:c1:8d:95:a5:3b:46:14:a5:fc:60:f1:71:9d:59: 588s 7b:90:13:60:4d:8f:9a:0c:9a:2c:ae:46:f7:99:0c: 588s c2:99:8c:5a:ae:5e:8a:b0:02:eb:d3:21:4a:e4:e6: 588s 06:e0:de:a3:4e:b1:db:f5:c3:dc:4e:2c:b4:12:27: 588s 59:e1:53:12:89:84:70:9b:1a:14:2f:5e:0c:79:8c: 588s 28:aa:1b:6a:04:48:ef:45:9b:f5:ad:48:a8:d1:d9: 588s fb:63:29:46:87:56:06:99:4a:5a:9d:2b:65:ca:47: 588s 7d:77:65:0a:ac:59:b7:d1:53 588s Exponent: 65537 (0x10001) 588s X509v3 extensions: 588s X509v3 Authority Key Identifier: 588s 08:1A:09:08:63:20:52:FC:7E:9F:2C:FD:3C:2C:F1:33:A3:42:50:E3 588s X509v3 Basic Constraints: 588s CA:FALSE 588s Netscape Cert Type: 588s SSL Client, S/MIME 588s Netscape Comment: 588s Test Organization Intermediate CA trusted Certificate 588s X509v3 Subject Key Identifier: 588s CE:F1:90:9B:82:E8:16:A8:57:46:3B:1F:CA:B6:BE:F9:6D:CF:E5:87 588s X509v3 Key Usage: critical 588s Digital Signature, Non Repudiation, Key Encipherment 588s X509v3 Extended Key Usage: 588s TLS Web Client Authentication, E-mail Protection 588s X509v3 Subject Alternative Name: 588s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 588s Signature Algorithm: sha256WithRSAEncryption 588s Signature Value: 588s 26:30:9c:ad:7d:48:52:22:4d:94:7d:22:7b:08:45:5f:d8:22: 588s ee:4e:df:40:57:53:45:12:a5:ef:51:a7:38:d6:09:39:77:f1: 588s 20:77:6e:76:69:ed:33:d1:28:27:b7:d2:df:a7:be:a8:27:57: 588s a4:93:0d:f9:a0:8c:55:a2:ec:ad:d4:0d:24:d4:25:a3:55:88: 588s d6:60:dd:23:06:df:92:b5:d4:40:a7:2f:00:17:51:71:9f:77: 588s 5a:29:3b:63:39:db:f8:df:f7:92:cb:9d:1e:38:49:9d:9a:21: 588s 1a:57:04:5c:74:e6:90:af:13:b1:b2:3a:e6:5f:da:c8:fd:3f: 588s 9d:fa 588s + expected_md5=Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 588s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-16397.pem 588s + found_md5=Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 588s + '[' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 '!=' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 ']' 588s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-16397-auth.output 588s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-16397-auth.output .output 588s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-16397-auth.pem 588s + echo -n 053350 588s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/dev/null --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=no_verification --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 588s [p11_child[2273]] [main] (0x0400): p11_child started. 588s [p11_child[2273]] [main] (0x2000): Running in [auth] mode. 588s [p11_child[2273]] [main] (0x2000): Running with effective IDs: [0][0]. 588s [p11_child[2273]] [main] (0x2000): Running with real IDs [0][0]. 588s [p11_child[2273]] [parse_cert_verify_opts] (0x0020): Found 'no_verification' option, disabling verification completely. This should not be used in production. 588s [p11_child[2273]] [do_card] (0x4000): Module List: 588s [p11_child[2273]] [do_card] (0x4000): common name: [softhsm2]. 588s [p11_child[2273]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2273]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d43ad81] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 588s [p11_child[2273]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 588s [p11_child[2273]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3d43ad81][1027845505] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2273]] [do_card] (0x4000): Login required. 588s [p11_child[2273]] [do_card] (0x4000): Token flags [1069]. 588s [p11_child[2273]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 588s [p11_child[2273]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 588s [p11_child[2273]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d43ad81;slot-manufacturer=SoftHSM%20project;slot-id=1027845505;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=50ff8044bd43ad81;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 588s [p11_child[2273]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 588s [p11_child[2273]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 588s [p11_child[2273]] [do_card] (0x4000): Certificate verified and validated. 588s [p11_child[2273]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 588s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-16397-auth.output 588s + echo '-----BEGIN CERTIFICATE-----' 588s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-16397-auth.output 588s + echo '-----END CERTIFICATE-----' 588s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-16397-auth.pem 588s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-16397-auth.pem 588s Certificate: 588s Data: 588s Version: 3 (0x2) 588s Serial Number: 4 (0x4) 588s Signature Algorithm: sha256WithRSAEncryption 588s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 588s Validity 588s Not Before: Jan 15 02:43:05 2025 GMT 588s Not After : Jan 15 02:43:05 2026 GMT 588s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 588s Subject Public Key Info: 588s Public Key Algorithm: rsaEncryption 588s Public-Key: (1024 bit) 588s Modulus: 588s 00:bb:9e:b0:22:d7:92:4d:93:13:77:ac:90:f0:11: 588s 80:c1:8d:95:a5:3b:46:14:a5:fc:60:f1:71:9d:59: 588s 7b:90:13:60:4d:8f:9a:0c:9a:2c:ae:46:f7:99:0c: 588s c2:99:8c:5a:ae:5e:8a:b0:02:eb:d3:21:4a:e4:e6: 588s 06:e0:de:a3:4e:b1:db:f5:c3:dc:4e:2c:b4:12:27: 588s 59:e1:53:12:89:84:70:9b:1a:14:2f:5e:0c:79:8c: 588s 28:aa:1b:6a:04:48:ef:45:9b:f5:ad:48:a8:d1:d9: 588s fb:63:29:46:87:56:06:99:4a:5a:9d:2b:65:ca:47: 588s 7d:77:65:0a:ac:59:b7:d1:53 588s Exponent: 65537 (0x10001) 588s X509v3 extensions: 588s X509v3 Authority Key Identifier: 588s 08:1A:09:08:63:20:52:FC:7E:9F:2C:FD:3C:2C:F1:33:A3:42:50:E3 588s X509v3 Basic Constraints: 588s CA:FALSE 588s Netscape Cert Type: 588s SSL Client, S/MIME 588s Netscape Comment: 588s Test Organization Intermediate CA trusted Certificate 588s X509v3 Subject Key Identifier: 588s CE:F1:90:9B:82:E8:16:A8:57:46:3B:1F:CA:B6:BE:F9:6D:CF:E5:87 588s X509v3 Key Usage: critical 588s Digital Signature, Non Repudiation, Key Encipherment 588s X509v3 Extended Key Usage: 588s TLS Web Client Authentication, E-mail Protection 588s X509v3 Subject Alternative Name: 588s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 588s Signature Algorithm: sha256WithRSAEncryption 588s Signature Value: 588s 26:30:9c:ad:7d:48:52:22:4d:94:7d:22:7b:08:45:5f:d8:22: 588s ee:4e:df:40:57:53:45:12:a5:ef:51:a7:38:d6:09:39:77:f1: 588s 20:77:6e:76:69:ed:33:d1:28:27:b7:d2:df:a7:be:a8:27:57: 588s a4:93:0d:f9:a0:8c:55:a2:ec:ad:d4:0d:24:d4:25:a3:55:88: 588s d6:60:dd:23:06:df:92:b5:d4:40:a7:2f:00:17:51:71:9f:77: 588s 5a:29:3b:63:39:db:f8:df:f7:92:cb:9d:1e:38:49:9d:9a:21: 588s 1a:57:04:5c:74:e6:90:af:13:b1:b2:3a:e6:5f:da:c8:fd:3f: 588s 9d:fa 588s + found_md5=Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 588s + '[' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 '!=' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 ']' 588s + invalid_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 588s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 588s + local verify_option= 588s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local key_cn 588s + local key_name 588s + local tokens_dir 588s + local output_cert_file 588s + token_name= 588s ++ basename /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem .pem 588s + key_name=test-intermediate-CA-trusted-certificate-0001 588s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s ++ sed -n 's/ *commonName *= //p' 588s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 588s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 588s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 588s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 588s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 588s Test Organization Interme Token 588s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 588s + token_name='Test Organization Interme Token' 588s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 588s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 588s + echo 'Test Organization Interme Token' 588s + '[' -n '' ']' 588s + local output_base_name=SSSD-child-26059 588s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-26059.output 588s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-26059.pem 588s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 588s [p11_child[2283]] [main] (0x0400): p11_child started. 588s [p11_child[2283]] [main] (0x2000): Running in [pre-auth] mode. 588s [p11_child[2283]] [main] (0x2000): Running with effective IDs: [0][0]. 588s [p11_child[2283]] [main] (0x2000): Running with real IDs [0][0]. 588s [p11_child[2283]] [do_card] (0x4000): Module List: 588s [p11_child[2283]] [do_card] (0x4000): common name: [softhsm2]. 588s [p11_child[2283]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2283]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d43ad81] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 588s [p11_child[2283]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 588s [p11_child[2283]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3d43ad81][1027845505] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2283]] [do_card] (0x4000): Login NOT required. 588s [p11_child[2283]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 588s [p11_child[2283]] [do_verification] (0x0040): X509_verify_cert failed [0]. 588s [p11_child[2283]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 588s [p11_child[2283]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 588s [p11_child[2283]] [do_card] (0x4000): No certificate found. 588s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-26059.output 588s + return 2 588s + invalid_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem partial_chain 588s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem partial_chain 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 588s + local verify_option=partial_chain 588s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local key_cn 588s + local key_name 588s + local tokens_dir 588s + local output_cert_file 588s + token_name= 588s ++ basename /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem .pem 588s + key_name=test-intermediate-CA-trusted-certificate-0001 588s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s ++ sed -n 's/ *commonName *= //p' 588s Test Organization Interme Token 588s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 588s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 588s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 588s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 588s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 588s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 588s + token_name='Test Organization Interme Token' 588s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 588s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 588s + echo 'Test Organization Interme Token' 588s + '[' -n partial_chain ']' 588s + local verify_arg=--verify=partial_chain 588s + local output_base_name=SSSD-child-3511 588s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-3511.output 588s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-3511.pem 588s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 588s [p11_child[2290]] [main] (0x0400): p11_child started. 588s [p11_child[2290]] [main] (0x2000): Running in [pre-auth] mode. 588s [p11_child[2290]] [main] (0x2000): Running with effective IDs: [0][0]. 588s [p11_child[2290]] [main] (0x2000): Running with real IDs [0][0]. 588s [p11_child[2290]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 588s [p11_child[2290]] [do_card] (0x4000): Module List: 588s [p11_child[2290]] [do_card] (0x4000): common name: [softhsm2]. 588s [p11_child[2290]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2290]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d43ad81] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 588s [p11_child[2290]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 588s [p11_child[2290]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3d43ad81][1027845505] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2290]] [do_card] (0x4000): Login NOT required. 588s [p11_child[2290]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 588s [p11_child[2290]] [do_verification] (0x0040): X509_verify_cert failed [0]. 588s [p11_child[2290]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 588s [p11_child[2290]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 588s [p11_child[2290]] [do_card] (0x4000): No certificate found. 588s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-3511.output 588s + return 2 588s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 588s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 588s + local verify_option= 588s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 588s + local key_cn 588s + local key_name 588s + local tokens_dir 588s + local output_cert_file 588s + token_name= 588s ++ basename /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem .pem 588s + key_name=test-intermediate-CA-trusted-certificate-0001 588s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 588s ++ sed -n 's/ *commonName *= //p' 588s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 588s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 588s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 588s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 588s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 588s Test Organization Interme Token 588s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 588s + token_name='Test Organization Interme Token' 588s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 588s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 588s + echo 'Test Organization Interme Token' 588s + '[' -n '' ']' 588s + local output_base_name=SSSD-child-19696 588s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-19696.output 588s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-19696.pem 588s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 588s [p11_child[2297]] [main] (0x0400): p11_child started. 588s [p11_child[2297]] [main] (0x2000): Running in [pre-auth] mode. 588s [p11_child[2297]] [main] (0x2000): Running with effective IDs: [0][0]. 588s [p11_child[2297]] [main] (0x2000): Running with real IDs [0][0]. 588s [p11_child[2297]] [do_card] (0x4000): Module List: 588s [p11_child[2297]] [do_card] (0x4000): common name: [softhsm2]. 588s [p11_child[2297]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2297]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d43ad81] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 588s [p11_child[2297]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 588s [p11_child[2297]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3d43ad81][1027845505] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 588s [p11_child[2297]] [do_card] (0x4000): Login NOT required. 588s [p11_child[2297]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 588s [p11_child[2297]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 588s [p11_child[2297]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 588s [p11_child[2297]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d43ad81;slot-manufacturer=SoftHSM%20project;slot-id=1027845505;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=50ff8044bd43ad81;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 588s [p11_child[2297]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 588s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-19696.output 588s + echo '-----BEGIN CERTIFICATE-----' 588s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-19696.output 588s + echo '-----END CERTIFICATE-----' 588s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-19696.pem 588s Certificate: 588s Data: 588s Version: 3 (0x2) 588s Serial Number: 4 (0x4) 588s Signature Algorithm: sha256WithRSAEncryption 588s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 588s Validity 588s Not Before: Jan 15 02:43:05 2025 GMT 588s Not After : Jan 15 02:43:05 2026 GMT 588s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 588s Subject Public Key Info: 588s Public Key Algorithm: rsaEncryption 588s Public-Key: (1024 bit) 588s Modulus: 588s 00:bb:9e:b0:22:d7:92:4d:93:13:77:ac:90:f0:11: 588s 80:c1:8d:95:a5:3b:46:14:a5:fc:60:f1:71:9d:59: 588s 7b:90:13:60:4d:8f:9a:0c:9a:2c:ae:46:f7:99:0c: 588s c2:99:8c:5a:ae:5e:8a:b0:02:eb:d3:21:4a:e4:e6: 588s 06:e0:de:a3:4e:b1:db:f5:c3:dc:4e:2c:b4:12:27: 588s 59:e1:53:12:89:84:70:9b:1a:14:2f:5e:0c:79:8c: 588s 28:aa:1b:6a:04:48:ef:45:9b:f5:ad:48:a8:d1:d9: 588s fb:63:29:46:87:56:06:99:4a:5a:9d:2b:65:ca:47: 588s 7d:77:65:0a:ac:59:b7:d1:53 588s Exponent: 65537 (0x10001) 588s X509v3 extensions: 588s X509v3 Authority Key Identifier: 588s 08:1A:09:08:63:20:52:FC:7E:9F:2C:FD:3C:2C:F1:33:A3:42:50:E3 588s X509v3 Basic Constraints: 588s CA:FALSE 588s Netscape Cert Type: 588s SSL Client, S/MIME 588s Netscape Comment: 588s Test Organization Intermediate CA trusted Certificate 588s X509v3 Subject Key Identifier: 588s CE:F1:90:9B:82:E8:16:A8:57:46:3B:1F:CA:B6:BE:F9:6D:CF:E5:87 588s X509v3 Key Usage: critical 588s Digital Signature, Non Repudiation, Key Encipherment 588s X509v3 Extended Key Usage: 588s TLS Web Client Authentication, E-mail Protection 588s X509v3 Subject Alternative Name: 588s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 588s Signature Algorithm: sha256WithRSAEncryption 588s Signature Value: 588s 26:30:9c:ad:7d:48:52:22:4d:94:7d:22:7b:08:45:5f:d8:22: 588s ee:4e:df:40:57:53:45:12:a5:ef:51:a7:38:d6:09:39:77:f1: 588s 20:77:6e:76:69:ed:33:d1:28:27:b7:d2:df:a7:be:a8:27:57: 588s a4:93:0d:f9:a0:8c:55:a2:ec:ad:d4:0d:24:d4:25:a3:55:88: 588s d6:60:dd:23:06:df:92:b5:d4:40:a7:2f:00:17:51:71:9f:77: 588s 5a:29:3b:63:39:db:f8:df:f7:92:cb:9d:1e:38:49:9d:9a:21: 588s 1a:57:04:5c:74:e6:90:af:13:b1:b2:3a:e6:5f:da:c8:fd:3f: 588s 9d:fa 588s + local found_md5 expected_md5 588s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 589s + expected_md5=Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 589s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-19696.pem 589s + found_md5=Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 589s + '[' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 '!=' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 ']' 589s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-19696-auth.output 589s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-19696-auth.output .output 589s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-19696-auth.pem 589s + echo -n 053350 589s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 589s [p11_child[2305]] [main] (0x0400): p11_child started. 589s [p11_child[2305]] [main] (0x2000): Running in [auth] mode. 589s [p11_child[2305]] [main] (0x2000): Running with effective IDs: [0][0]. 589s [p11_child[2305]] [main] (0x2000): Running with real IDs [0][0]. 589s [p11_child[2305]] [do_card] (0x4000): Module List: 589s [p11_child[2305]] [do_card] (0x4000): common name: [softhsm2]. 589s [p11_child[2305]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2305]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d43ad81] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 589s [p11_child[2305]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 589s [p11_child[2305]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3d43ad81][1027845505] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2305]] [do_card] (0x4000): Login required. 589s [p11_child[2305]] [do_card] (0x4000): Token flags [1069]. 589s [p11_child[2305]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 589s [p11_child[2305]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 589s [p11_child[2305]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 589s [p11_child[2305]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d43ad81;slot-manufacturer=SoftHSM%20project;slot-id=1027845505;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=50ff8044bd43ad81;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 589s [p11_child[2305]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 589s [p11_child[2305]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 589s [p11_child[2305]] [do_card] (0x4000): Certificate verified and validated. 589s [p11_child[2305]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 589s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-19696-auth.output 589s + echo '-----BEGIN CERTIFICATE-----' 589s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-19696-auth.output 589s + echo '-----END CERTIFICATE-----' 589s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-19696-auth.pem 589s Certificate: 589s Data: 589s Version: 3 (0x2) 589s Serial Number: 4 (0x4) 589s Signature Algorithm: sha256WithRSAEncryption 589s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 589s Validity 589s Not Before: Jan 15 02:43:05 2025 GMT 589s Not After : Jan 15 02:43:05 2026 GMT 589s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 589s Subject Public Key Info: 589s Public Key Algorithm: rsaEncryption 589s Public-Key: (1024 bit) 589s Modulus: 589s 00:bb:9e:b0:22:d7:92:4d:93:13:77:ac:90:f0:11: 589s 80:c1:8d:95:a5:3b:46:14:a5:fc:60:f1:71:9d:59: 589s 7b:90:13:60:4d:8f:9a:0c:9a:2c:ae:46:f7:99:0c: 589s c2:99:8c:5a:ae:5e:8a:b0:02:eb:d3:21:4a:e4:e6: 589s 06:e0:de:a3:4e:b1:db:f5:c3:dc:4e:2c:b4:12:27: 589s 59:e1:53:12:89:84:70:9b:1a:14:2f:5e:0c:79:8c: 589s 28:aa:1b:6a:04:48:ef:45:9b:f5:ad:48:a8:d1:d9: 589s fb:63:29:46:87:56:06:99:4a:5a:9d:2b:65:ca:47: 589s 7d:77:65:0a:ac:59:b7:d1:53 589s Exponent: 65537 (0x10001) 589s X509v3 extensions: 589s X509v3 Authority Key Identifier: 589s 08:1A:09:08:63:20:52:FC:7E:9F:2C:FD:3C:2C:F1:33:A3:42:50:E3 589s X509v3 Basic Constraints: 589s CA:FALSE 589s Netscape Cert Type: 589s SSL Client, S/MIME 589s Netscape Comment: 589s Test Organization Intermediate CA trusted Certificate 589s X509v3 Subject Key Identifier: 589s CE:F1:90:9B:82:E8:16:A8:57:46:3B:1F:CA:B6:BE:F9:6D:CF:E5:87 589s X509v3 Key Usage: critical 589s Digital Signature, Non Repudiation, Key Encipherment 589s X509v3 Extended Key Usage: 589s TLS Web Client Authentication, E-mail Protection 589s X509v3 Subject Alternative Name: 589s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 589s Signature Algorithm: sha256WithRSAEncryption 589s Signature Value: 589s 26:30:9c:ad:7d:48:52:22:4d:94:7d:22:7b:08:45:5f:d8:22: 589s ee:4e:df:40:57:53:45:12:a5:ef:51:a7:38:d6:09:39:77:f1: 589s 20:77:6e:76:69:ed:33:d1:28:27:b7:d2:df:a7:be:a8:27:57: 589s a4:93:0d:f9:a0:8c:55:a2:ec:ad:d4:0d:24:d4:25:a3:55:88: 589s d6:60:dd:23:06:df:92:b5:d4:40:a7:2f:00:17:51:71:9f:77: 589s 5a:29:3b:63:39:db:f8:df:f7:92:cb:9d:1e:38:49:9d:9a:21: 589s 1a:57:04:5c:74:e6:90:af:13:b1:b2:3a:e6:5f:da:c8:fd:3f: 589s 9d:fa 589s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-19696-auth.pem 589s + found_md5=Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 589s + '[' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 '!=' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 ']' 589s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem partial_chain 589s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem partial_chain 589s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 589s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 589s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 589s + local verify_option=partial_chain 589s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 589s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 589s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 589s + local key_cn 589s + local key_name 589s + local tokens_dir 589s + local output_cert_file 589s + token_name= 589s ++ basename /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem .pem 589s + key_name=test-intermediate-CA-trusted-certificate-0001 589s ++ sed -n 's/ *commonName *= //p' 589s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 589s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 589s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 589s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 589s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 589s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 589s Test Organization Interme Token 589s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 589s + token_name='Test Organization Interme Token' 589s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 589s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 589s + echo 'Test Organization Interme Token' 589s + '[' -n partial_chain ']' 589s + local verify_arg=--verify=partial_chain 589s + local output_base_name=SSSD-child-29464 589s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-29464.output 589s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-29464.pem 589s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 589s [p11_child[2315]] [main] (0x0400): p11_child started. 589s [p11_child[2315]] [main] (0x2000): Running in [pre-auth] mode. 589s [p11_child[2315]] [main] (0x2000): Running with effective IDs: [0][0]. 589s [p11_child[2315]] [main] (0x2000): Running with real IDs [0][0]. 589s [p11_child[2315]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 589s [p11_child[2315]] [do_card] (0x4000): Module List: 589s [p11_child[2315]] [do_card] (0x4000): common name: [softhsm2]. 589s [p11_child[2315]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2315]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d43ad81] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 589s [p11_child[2315]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 589s [p11_child[2315]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3d43ad81][1027845505] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2315]] [do_card] (0x4000): Login NOT required. 589s [p11_child[2315]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 589s [p11_child[2315]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 589s [p11_child[2315]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 589s [p11_child[2315]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d43ad81;slot-manufacturer=SoftHSM%20project;slot-id=1027845505;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=50ff8044bd43ad81;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 589s [p11_child[2315]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 589s Certificate: 589s Data: 589s Version: 3 (0x2) 589s Serial Number: 4 (0x4) 589s Signature Algorithm: sha256WithRSAEncryption 589s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 589s Validity 589s Not Before: Jan 15 02:43:05 2025 GMT 589s Not After : Jan 15 02:43:05 2026 GMT 589s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 589s Subject Public Key Info: 589s Public Key Algorithm: rsaEncryption 589s Public-Key: (1024 bit) 589s Modulus: 589s 00:bb:9e:b0:22:d7:92:4d:93:13:77:ac:90:f0:11: 589s 80:c1:8d:95:a5:3b:46:14:a5:fc:60:f1:71:9d:59: 589s 7b:90:13:60:4d:8f:9a:0c:9a:2c:ae:46:f7:99:0c: 589s c2:99:8c:5a:ae:5e:8a:b0:02:eb:d3:21:4a:e4:e6: 589s 06:e0:de:a3:4e:b1:db:f5:c3:dc:4e:2c:b4:12:27: 589s 59:e1:53:12:89:84:70:9b:1a:14:2f:5e:0c:79:8c: 589s 28:aa:1b:6a:04:48:ef:45:9b:f5:ad:48:a8:d1:d9: 589s fb:63:29:46:87:56:06:99:4a:5a:9d:2b:65:ca:47: 589s 7d:77:65:0a:ac:59:b7:d1:53 589s Exponent: 65537 (0x10001) 589s X509v3 extensions: 589s X509v3 Authority Key Identifier: 589s 08:1A:09:08:63:20:52:FC:7E:9F:2C:FD:3C:2C:F1:33:A3:42:50:E3 589s X509v3 Basic Constraints: 589s CA:FALSE 589s Netscape Cert Type: 589s SSL Client, S/MIME 589s Netscape Comment: 589s Test Organization Intermediate CA trusted Certificate 589s X509v3 Subject Key Identifier: 589s CE:F1:90:9B:82:E8:16:A8:57:46:3B:1F:CA:B6:BE:F9:6D:CF:E5:87 589s X509v3 Key Usage: critical 589s Digital Signature, Non Repudiation, Key Encipherment 589s X509v3 Extended Key Usage: 589s TLS Web Client Authentication, E-mail Protection 589s X509v3 Subject Alternative Name: 589s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 589s Signature Algorithm: sha256WithRSAEncryption 589s Signature Value: 589s 26:30:9c:ad:7d:48:52:22:4d:94:7d:22:7b:08:45:5f:d8:22: 589s ee:4e:df:40:57:53:45:12:a5:ef:51:a7:38:d6:09:39:77:f1: 589s 20:77:6e:76:69:ed:33:d1:28:27:b7:d2:df:a7:be:a8:27:57: 589s a4:93:0d:f9:a0:8c:55:a2:ec:ad:d4:0d:24:d4:25:a3:55:88: 589s d6:60:dd:23:06:df:92:b5:d4:40:a7:2f:00:17:51:71:9f:77: 589s 5a:29:3b:63:39:db:f8:df:f7:92:cb:9d:1e:38:49:9d:9a:21: 589s 1a:57:04:5c:74:e6:90:af:13:b1:b2:3a:e6:5f:da:c8:fd:3f: 589s 9d:fa 589s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-29464.output 589s + echo '-----BEGIN CERTIFICATE-----' 589s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-29464.output 589s + echo '-----END CERTIFICATE-----' 589s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-29464.pem 589s + local found_md5 expected_md5 589s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 589s + expected_md5=Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 589s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-29464.pem 589s + found_md5=Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 589s + '[' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 '!=' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 ']' 589s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-29464-auth.output 589s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-29464-auth.output .output 589s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-29464-auth.pem 589s + echo -n 053350 589s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 589s [p11_child[2323]] [main] (0x0400): p11_child started. 589s [p11_child[2323]] [main] (0x2000): Running in [auth] mode. 589s [p11_child[2323]] [main] (0x2000): Running with effective IDs: [0][0]. 589s [p11_child[2323]] [main] (0x2000): Running with real IDs [0][0]. 589s [p11_child[2323]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 589s [p11_child[2323]] [do_card] (0x4000): Module List: 589s [p11_child[2323]] [do_card] (0x4000): common name: [softhsm2]. 589s [p11_child[2323]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2323]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d43ad81] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 589s [p11_child[2323]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 589s [p11_child[2323]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3d43ad81][1027845505] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2323]] [do_card] (0x4000): Login required. 589s [p11_child[2323]] [do_card] (0x4000): Token flags [1069]. 589s [p11_child[2323]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 589s [p11_child[2323]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 589s [p11_child[2323]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 589s [p11_child[2323]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d43ad81;slot-manufacturer=SoftHSM%20project;slot-id=1027845505;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=50ff8044bd43ad81;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 589s [p11_child[2323]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 589s [p11_child[2323]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 589s [p11_child[2323]] [do_card] (0x4000): Certificate verified and validated. 589s [p11_child[2323]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 589s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-29464-auth.output 589s + echo '-----BEGIN CERTIFICATE-----' 589s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-29464-auth.output 589s + echo '-----END CERTIFICATE-----' 589s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-29464-auth.pem 589s Certificate: 589s Data: 589s Version: 3 (0x2) 589s Serial Number: 4 (0x4) 589s Signature Algorithm: sha256WithRSAEncryption 589s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 589s Validity 589s Not Before: Jan 15 02:43:05 2025 GMT 589s Not After : Jan 15 02:43:05 2026 GMT 589s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 589s Subject Public Key Info: 589s Public Key Algorithm: rsaEncryption 589s Public-Key: (1024 bit) 589s Modulus: 589s 00:bb:9e:b0:22:d7:92:4d:93:13:77:ac:90:f0:11: 589s 80:c1:8d:95:a5:3b:46:14:a5:fc:60:f1:71:9d:59: 589s 7b:90:13:60:4d:8f:9a:0c:9a:2c:ae:46:f7:99:0c: 589s c2:99:8c:5a:ae:5e:8a:b0:02:eb:d3:21:4a:e4:e6: 589s 06:e0:de:a3:4e:b1:db:f5:c3:dc:4e:2c:b4:12:27: 589s 59:e1:53:12:89:84:70:9b:1a:14:2f:5e:0c:79:8c: 589s 28:aa:1b:6a:04:48:ef:45:9b:f5:ad:48:a8:d1:d9: 589s fb:63:29:46:87:56:06:99:4a:5a:9d:2b:65:ca:47: 589s 7d:77:65:0a:ac:59:b7:d1:53 589s Exponent: 65537 (0x10001) 589s X509v3 extensions: 589s X509v3 Authority Key Identifier: 589s 08:1A:09:08:63:20:52:FC:7E:9F:2C:FD:3C:2C:F1:33:A3:42:50:E3 589s X509v3 Basic Constraints: 589s CA:FALSE 589s Netscape Cert Type: 589s SSL Client, S/MIME 589s Netscape Comment: 589s Test Organization Intermediate CA trusted Certificate 589s X509v3 Subject Key Identifier: 589s CE:F1:90:9B:82:E8:16:A8:57:46:3B:1F:CA:B6:BE:F9:6D:CF:E5:87 589s X509v3 Key Usage: critical 589s Digital Signature, Non Repudiation, Key Encipherment 589s X509v3 Extended Key Usage: 589s TLS Web Client Authentication, E-mail Protection 589s X509v3 Subject Alternative Name: 589s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 589s Signature Algorithm: sha256WithRSAEncryption 589s Signature Value: 589s 26:30:9c:ad:7d:48:52:22:4d:94:7d:22:7b:08:45:5f:d8:22: 589s ee:4e:df:40:57:53:45:12:a5:ef:51:a7:38:d6:09:39:77:f1: 589s 20:77:6e:76:69:ed:33:d1:28:27:b7:d2:df:a7:be:a8:27:57: 589s a4:93:0d:f9:a0:8c:55:a2:ec:ad:d4:0d:24:d4:25:a3:55:88: 589s d6:60:dd:23:06:df:92:b5:d4:40:a7:2f:00:17:51:71:9f:77: 589s 5a:29:3b:63:39:db:f8:df:f7:92:cb:9d:1e:38:49:9d:9a:21: 589s 1a:57:04:5c:74:e6:90:af:13:b1:b2:3a:e6:5f:da:c8:fd:3f: 589s 9d:fa 589s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-29464-auth.pem 589s + found_md5=Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 589s + '[' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 '!=' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 ']' 589s + invalid_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 589s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 589s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 589s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 589s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 589s + local verify_option= 589s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 589s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 589s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 589s + local key_cn 589s + local key_name 589s + local tokens_dir 589s + local output_cert_file 589s + token_name= 589s ++ basename /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem .pem 589s + key_name=test-intermediate-CA-trusted-certificate-0001 589s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 589s ++ sed -n 's/ *commonName *= //p' 589s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 589s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 589s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 589s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 589s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 589s Test Organization Interme Token 589s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 589s + token_name='Test Organization Interme Token' 589s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 589s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 589s + echo 'Test Organization Interme Token' 589s + '[' -n '' ']' 589s + local output_base_name=SSSD-child-18813 589s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-18813.output 589s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-18813.pem 589s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 589s [p11_child[2333]] [main] (0x0400): p11_child started. 589s [p11_child[2333]] [main] (0x2000): Running in [pre-auth] mode. 589s [p11_child[2333]] [main] (0x2000): Running with effective IDs: [0][0]. 589s [p11_child[2333]] [main] (0x2000): Running with real IDs [0][0]. 589s [p11_child[2333]] [do_card] (0x4000): Module List: 589s [p11_child[2333]] [do_card] (0x4000): common name: [softhsm2]. 589s [p11_child[2333]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2333]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d43ad81] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 589s [p11_child[2333]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 589s [p11_child[2333]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3d43ad81][1027845505] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2333]] [do_card] (0x4000): Login NOT required. 589s [p11_child[2333]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 589s [p11_child[2333]] [do_verification] (0x0040): X509_verify_cert failed [0]. 589s [p11_child[2333]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 589s [p11_child[2333]] [read_certs] (0x0040): Certificate [Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] not valid, skipping. 589s [p11_child[2333]] [do_card] (0x4000): No certificate found. 589s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-18813.output 589s + return 2 589s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem partial_chain 589s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem partial_chain 589s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 589s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 589s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 589s + local verify_option=partial_chain 589s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-23015 589s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 589s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-23015 589s + local key_cn 589s + local key_name 589s + local tokens_dir 589s + local output_cert_file 589s + token_name= 589s ++ basename /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem .pem 589s + key_name=test-intermediate-CA-trusted-certificate-0001 589s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 589s ++ sed -n 's/ *commonName *= //p' 589s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 589s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 589s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 589s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 589s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 589s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 589s + token_name='Test Organization Interme Token' 589s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 589s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-intermediate-CA-trusted-certificate-0001 ']' 589s + echo 'Test Organization Interme Token' 589s + '[' -n partial_chain ']' 589s + local verify_arg=--verify=partial_chain 589s + local output_base_name=SSSD-child-23326 589s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-23326.output 589s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-23326.pem 589s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem 589s Test Organization Interme Token 589s [p11_child[2340]] [main] (0x0400): p11_child started. 589s [p11_child[2340]] [main] (0x2000): Running in [pre-auth] mode. 589s [p11_child[2340]] [main] (0x2000): Running with effective IDs: [0][0]. 589s [p11_child[2340]] [main] (0x2000): Running with real IDs [0][0]. 589s [p11_child[2340]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 589s [p11_child[2340]] [do_card] (0x4000): Module List: 589s [p11_child[2340]] [do_card] (0x4000): common name: [softhsm2]. 589s [p11_child[2340]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2340]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d43ad81] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 589s [p11_child[2340]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 589s [p11_child[2340]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3d43ad81][1027845505] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2340]] [do_card] (0x4000): Login NOT required. 589s [p11_child[2340]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 589s [p11_child[2340]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 589s [p11_child[2340]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Interme Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 589s [p11_child[2340]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d43ad81;slot-manufacturer=SoftHSM%20project;slot-id=1027845505;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=50ff8044bd43ad81;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 589s [p11_child[2340]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 589s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-23326.output 589s + echo '-----BEGIN CERTIFICATE-----' 589s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-23326.output 589s + echo '-----END CERTIFICATE-----' 589s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-23326.pem 589s + local found_md5 expected_md5 589s Certificate: 589s Data: 589s Version: 3 (0x2) 589s Serial Number: 4 (0x4) 589s Signature Algorithm: sha256WithRSAEncryption 589s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 589s Validity 589s Not Before: Jan 15 02:43:05 2025 GMT 589s Not After : Jan 15 02:43:05 2026 GMT 589s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 589s Subject Public Key Info: 589s Public Key Algorithm: rsaEncryption 589s Public-Key: (1024 bit) 589s Modulus: 589s 00:bb:9e:b0:22:d7:92:4d:93:13:77:ac:90:f0:11: 589s 80:c1:8d:95:a5:3b:46:14:a5:fc:60:f1:71:9d:59: 589s 7b:90:13:60:4d:8f:9a:0c:9a:2c:ae:46:f7:99:0c: 589s c2:99:8c:5a:ae:5e:8a:b0:02:eb:d3:21:4a:e4:e6: 589s 06:e0:de:a3:4e:b1:db:f5:c3:dc:4e:2c:b4:12:27: 589s 59:e1:53:12:89:84:70:9b:1a:14:2f:5e:0c:79:8c: 589s 28:aa:1b:6a:04:48:ef:45:9b:f5:ad:48:a8:d1:d9: 589s fb:63:29:46:87:56:06:99:4a:5a:9d:2b:65:ca:47: 589s 7d:77:65:0a:ac:59:b7:d1:53 589s Exponent: 65537 (0x10001) 589s X509v3 extensions: 589s X509v3 Authority Key Identifier: 589s 08:1A:09:08:63:20:52:FC:7E:9F:2C:FD:3C:2C:F1:33:A3:42:50:E3 589s X509v3 Basic Constraints: 589s CA:FALSE 589s Netscape Cert Type: 589s SSL Client, S/MIME 589s Netscape Comment: 589s Test Organization Intermediate CA trusted Certificate 589s X509v3 Subject Key Identifier: 589s CE:F1:90:9B:82:E8:16:A8:57:46:3B:1F:CA:B6:BE:F9:6D:CF:E5:87 589s X509v3 Key Usage: critical 589s Digital Signature, Non Repudiation, Key Encipherment 589s X509v3 Extended Key Usage: 589s TLS Web Client Authentication, E-mail Protection 589s X509v3 Subject Alternative Name: 589s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 589s Signature Algorithm: sha256WithRSAEncryption 589s Signature Value: 589s 26:30:9c:ad:7d:48:52:22:4d:94:7d:22:7b:08:45:5f:d8:22: 589s ee:4e:df:40:57:53:45:12:a5:ef:51:a7:38:d6:09:39:77:f1: 589s 20:77:6e:76:69:ed:33:d1:28:27:b7:d2:df:a7:be:a8:27:57: 589s a4:93:0d:f9:a0:8c:55:a2:ec:ad:d4:0d:24:d4:25:a3:55:88: 589s d6:60:dd:23:06:df:92:b5:d4:40:a7:2f:00:17:51:71:9f:77: 589s 5a:29:3b:63:39:db:f8:df:f7:92:cb:9d:1e:38:49:9d:9a:21: 589s 1a:57:04:5c:74:e6:90:af:13:b1:b2:3a:e6:5f:da:c8:fd:3f: 589s 9d:fa 589s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-intermediate-CA-trusted-certificate-0001.pem 589s + expected_md5=Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 589s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-23326.pem 589s + found_md5=Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 589s + '[' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 '!=' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 ']' 589s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-23326-auth.output 589s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-23326-auth.output .output 589s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-23326-auth.pem 589s + echo -n 053350 589s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-usUgTg/test-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Interme Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 589s [p11_child[2348]] [main] (0x0400): p11_child started. 589s [p11_child[2348]] [main] (0x2000): Running in [auth] mode. 589s [p11_child[2348]] [main] (0x2000): Running with effective IDs: [0][0]. 589s [p11_child[2348]] [main] (0x2000): Running with real IDs [0][0]. 589s [p11_child[2348]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 589s [p11_child[2348]] [do_card] (0x4000): Module List: 589s [p11_child[2348]] [do_card] (0x4000): common name: [softhsm2]. 589s [p11_child[2348]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2348]] [do_card] (0x4000): Description [SoftHSM slot ID 0x3d43ad81] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 589s [p11_child[2348]] [do_card] (0x4000): Token label [Test Organization Interme Token]. 589s [p11_child[2348]] [do_card] (0x4000): Found [Test Organization Interme Token] in slot [SoftHSM slot ID 0x3d43ad81][1027845505] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2348]] [do_card] (0x4000): Login required. 589s [p11_child[2348]] [do_card] (0x4000): Token flags [1069]. 589s [p11_child[2348]] [read_certs] (0x4000): found cert[Test Organization Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Intermediate Trusted Certificate 0001] 589s [p11_child[2348]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 589s [p11_child[2348]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Interme Token Test Organization Interme Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 589s [p11_child[2348]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x3d43ad81;slot-manufacturer=SoftHSM%20project;slot-id=1027845505;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=50ff8044bd43ad81;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 589s [p11_child[2348]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 589s [p11_child[2348]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 589s [p11_child[2348]] [do_card] (0x4000): Certificate verified and validated. 589s [p11_child[2348]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 589s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-23326-auth.output 589s + echo '-----BEGIN CERTIFICATE-----' 589s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-23326-auth.output 589s + echo '-----END CERTIFICATE-----' 589s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-23326-auth.pem 589s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-23326-auth.pem 589s Certificate: 589s Data: 589s Version: 3 (0x2) 589s Serial Number: 4 (0x4) 589s Signature Algorithm: sha256WithRSAEncryption 589s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 589s Validity 589s Not Before: Jan 15 02:43:05 2025 GMT 589s Not After : Jan 15 02:43:05 2026 GMT 589s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 589s Subject Public Key Info: 589s Public Key Algorithm: rsaEncryption 589s Public-Key: (1024 bit) 589s Modulus: 589s 00:bb:9e:b0:22:d7:92:4d:93:13:77:ac:90:f0:11: 589s 80:c1:8d:95:a5:3b:46:14:a5:fc:60:f1:71:9d:59: 589s 7b:90:13:60:4d:8f:9a:0c:9a:2c:ae:46:f7:99:0c: 589s c2:99:8c:5a:ae:5e:8a:b0:02:eb:d3:21:4a:e4:e6: 589s 06:e0:de:a3:4e:b1:db:f5:c3:dc:4e:2c:b4:12:27: 589s 59:e1:53:12:89:84:70:9b:1a:14:2f:5e:0c:79:8c: 589s 28:aa:1b:6a:04:48:ef:45:9b:f5:ad:48:a8:d1:d9: 589s fb:63:29:46:87:56:06:99:4a:5a:9d:2b:65:ca:47: 589s 7d:77:65:0a:ac:59:b7:d1:53 589s Exponent: 65537 (0x10001) 589s X509v3 extensions: 589s X509v3 Authority Key Identifier: 589s 08:1A:09:08:63:20:52:FC:7E:9F:2C:FD:3C:2C:F1:33:A3:42:50:E3 589s X509v3 Basic Constraints: 589s CA:FALSE 589s Netscape Cert Type: 589s SSL Client, S/MIME 589s Netscape Comment: 589s Test Organization Intermediate CA trusted Certificate 589s X509v3 Subject Key Identifier: 589s CE:F1:90:9B:82:E8:16:A8:57:46:3B:1F:CA:B6:BE:F9:6D:CF:E5:87 589s X509v3 Key Usage: critical 589s Digital Signature, Non Repudiation, Key Encipherment 589s X509v3 Extended Key Usage: 589s TLS Web Client Authentication, E-mail Protection 589s X509v3 Subject Alternative Name: 589s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 589s Signature Algorithm: sha256WithRSAEncryption 589s Signature Value: 589s 26:30:9c:ad:7d:48:52:22:4d:94:7d:22:7b:08:45:5f:d8:22: 589s ee:4e:df:40:57:53:45:12:a5:ef:51:a7:38:d6:09:39:77:f1: 589s 20:77:6e:76:69:ed:33:d1:28:27:b7:d2:df:a7:be:a8:27:57: 589s a4:93:0d:f9:a0:8c:55:a2:ec:ad:d4:0d:24:d4:25:a3:55:88: 589s d6:60:dd:23:06:df:92:b5:d4:40:a7:2f:00:17:51:71:9f:77: 589s 5a:29:3b:63:39:db:f8:df:f7:92:cb:9d:1e:38:49:9d:9a:21: 589s 1a:57:04:5c:74:e6:90:af:13:b1:b2:3a:e6:5f:da:c8:fd:3f: 589s 9d:fa 589s + found_md5=Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 589s + '[' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 '!=' Modulus=BB9EB022D7924D931377AC90F01180C18D95A53B4614A5FC60F1719D597B9013604D8F9A0C9A2CAE46F7990CC2998C5AAE5E8AB002EBD3214AE4E606E0DEA34EB1DBF5C3DC4E2CB4122759E153128984709B1A142F5E0C798C28AA1B6A0448EF459BF5AD48A8D1D9FB632946875606994A5A9D2B65CA477D77650AAC59B7D153 ']' 589s + invalid_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 589s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 589s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 589s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 589s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 589s + local verify_option= 589s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 589s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 589s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 589s + local key_cn 589s + local key_name 589s + local tokens_dir 589s + local output_cert_file 589s + token_name= 589s ++ basename /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 589s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 589s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 589s ++ sed -n 's/ *commonName *= //p' 589s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 589s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 589s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 589s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 589s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 589s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 589s + token_name='Test Organization Sub Int Token' 589s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 589s + local key_file 589s + local decrypted_key 589s + mkdir -p /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 589s + key_file=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 589s + decrypted_key=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 589s + cat 589s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 053350 --so-pin 053350 --free 589s Slot 0 has a free/uninitialized token. 589s The token has been initialized and is reassigned to slot 2134775521 589s + softhsm2-util --show-slots 589s Available slots: 589s Slot 2134775521 589s Slot info: 589s Description: SoftHSM slot ID 0x7f3e16e1 589s Manufacturer ID: SoftHSM project 589s Hardware version: 2.6 589s Firmware version: 2.6 589s Token present: yes 589s Token info: 589s Manufacturer ID: SoftHSM project 589s Model: SoftHSM v2 589s Hardware version: 2.6 589s Firmware version: 2.6 589s Serial number: 8e89125e7f3e16e1 589s Initialized: yes 589s User PIN init.: yes 589s Label: Test Organization Sub Int Token 589s Slot 1 589s Slot info: 589s Description: SoftHSM slot ID 0x1 589s Manufacturer ID: SoftHSM project 589s Hardware version: 2.6 589s Firmware version: 2.6 589s Token present: yes 589s Token info: 589s Manufacturer ID: SoftHSM project 589s Model: SoftHSM v2 589s Hardware version: 2.6 589s Firmware version: 2.6 589s Serial number: 589s Initialized: no 589s User PIN init.: no 589s Label: 589s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 589s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-8796 -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 589s writing RSA key 589s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=053350 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 589s + rm /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 589s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 589s Object 0: 589s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8e89125e7f3e16e1;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 589s Type: X.509 Certificate (RSA-1024) 589s Expires: Thu Jan 15 02:43:06 2026 589s Label: Test Organization Sub Intermediate Trusted Certificate 0001 589s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 589s 589s Test Organization Sub Int Token 589s + echo 'Test Organization Sub Int Token' 589s + '[' -n '' ']' 589s + local output_base_name=SSSD-child-31807 589s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-31807.output 589s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-31807.pem 589s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 589s [p11_child[2367]] [main] (0x0400): p11_child started. 589s [p11_child[2367]] [main] (0x2000): Running in [pre-auth] mode. 589s [p11_child[2367]] [main] (0x2000): Running with effective IDs: [0][0]. 589s [p11_child[2367]] [main] (0x2000): Running with real IDs [0][0]. 589s [p11_child[2367]] [do_card] (0x4000): Module List: 589s [p11_child[2367]] [do_card] (0x4000): common name: [softhsm2]. 589s [p11_child[2367]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2367]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7f3e16e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 589s [p11_child[2367]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 589s [p11_child[2367]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7f3e16e1][2134775521] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2367]] [do_card] (0x4000): Login NOT required. 589s [p11_child[2367]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 589s [p11_child[2367]] [do_verification] (0x0040): X509_verify_cert failed [0]. 589s [p11_child[2367]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 589s [p11_child[2367]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 589s [p11_child[2367]] [do_card] (0x4000): No certificate found. 589s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-31807.output 589s + return 2 589s + invalid_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem partial_chain 589s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-root-CA.pem partial_chain 589s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 589s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 589s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 589s + local verify_option=partial_chain 589s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 589s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 589s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 589s + local key_cn 589s + local key_name 589s + local tokens_dir 589s + local output_cert_file 589s + token_name= 589s ++ basename /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 589s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 589s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 589s ++ sed -n 's/ *commonName *= //p' 589s Test Organization Sub Int Token 589s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 589s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 589s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 589s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 589s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 589s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 589s + token_name='Test Organization Sub Int Token' 589s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 589s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 589s + echo 'Test Organization Sub Int Token' 589s + '[' -n partial_chain ']' 589s + local verify_arg=--verify=partial_chain 589s + local output_base_name=SSSD-child-9239 589s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-9239.output 589s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-9239.pem 589s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-usUgTg/test-root-CA.pem 589s [p11_child[2374]] [main] (0x0400): p11_child started. 589s [p11_child[2374]] [main] (0x2000): Running in [pre-auth] mode. 589s [p11_child[2374]] [main] (0x2000): Running with effective IDs: [0][0]. 589s [p11_child[2374]] [main] (0x2000): Running with real IDs [0][0]. 589s [p11_child[2374]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 589s [p11_child[2374]] [do_card] (0x4000): Module List: 589s [p11_child[2374]] [do_card] (0x4000): common name: [softhsm2]. 589s [p11_child[2374]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2374]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7f3e16e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 589s [p11_child[2374]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 589s [p11_child[2374]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7f3e16e1][2134775521] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2374]] [do_card] (0x4000): Login NOT required. 589s [p11_child[2374]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 589s [p11_child[2374]] [do_verification] (0x0040): X509_verify_cert failed [0]. 589s [p11_child[2374]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 589s [p11_child[2374]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 589s [p11_child[2374]] [do_card] (0x4000): No certificate found. 589s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-9239.output 589s + return 2 589s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 589s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 589s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 589s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 589s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 589s + local verify_option= 589s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 589s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 589s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 589s + local key_cn 589s + local key_name 589s + local tokens_dir 589s + local output_cert_file 589s + token_name= 589s ++ basename /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 589s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 589s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 589s ++ sed -n 's/ *commonName *= //p' 589s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 589s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 589s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 589s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 589s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 589s Test Organization Sub Int Token 589s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 589s + token_name='Test Organization Sub Int Token' 589s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 589s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 589s + echo 'Test Organization Sub Int Token' 589s + '[' -n '' ']' 589s + local output_base_name=SSSD-child-30894 589s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-30894.output 589s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-30894.pem 589s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 589s [p11_child[2381]] [main] (0x0400): p11_child started. 589s [p11_child[2381]] [main] (0x2000): Running in [pre-auth] mode. 589s [p11_child[2381]] [main] (0x2000): Running with effective IDs: [0][0]. 589s [p11_child[2381]] [main] (0x2000): Running with real IDs [0][0]. 589s [p11_child[2381]] [do_card] (0x4000): Module List: 589s [p11_child[2381]] [do_card] (0x4000): common name: [softhsm2]. 589s [p11_child[2381]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2381]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7f3e16e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 589s [p11_child[2381]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 589s [p11_child[2381]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7f3e16e1][2134775521] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2381]] [do_card] (0x4000): Login NOT required. 589s [p11_child[2381]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 589s [p11_child[2381]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 589s [p11_child[2381]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 589s [p11_child[2381]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7f3e16e1;slot-manufacturer=SoftHSM%20project;slot-id=2134775521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8e89125e7f3e16e1;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 589s [p11_child[2381]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 589s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-30894.output 589s + echo '-----BEGIN CERTIFICATE-----' 589s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-30894.output 589s + echo '-----END CERTIFICATE-----' 589s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-30894.pem 589s Certificate: 589s Data: 589s Version: 3 (0x2) 589s Serial Number: 5 (0x5) 589s Signature Algorithm: sha256WithRSAEncryption 589s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 589s Validity 589s Not Before: Jan 15 02:43:06 2025 GMT 589s Not After : Jan 15 02:43:06 2026 GMT 589s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 589s Subject Public Key Info: 589s Public Key Algorithm: rsaEncryption 589s Public-Key: (1024 bit) 589s Modulus: 589s 00:c1:1c:ad:ca:c2:20:ee:10:14:5c:d2:9c:00:ea: 589s 4d:40:8c:e5:7a:0e:53:c8:b0:ea:b8:ab:18:25:4b: 589s 4f:b4:78:6a:50:7b:60:a7:ea:d7:fe:89:fc:ff:01: 589s b0:9a:0a:ca:14:e4:21:a5:06:04:42:24:27:9e:2c: 589s 4e:de:39:66:76:cf:23:08:71:75:c0:86:ad:ed:f2: 589s 53:4a:0d:a2:eb:ea:fb:5c:66:8b:06:a9:43:bb:b2: 589s 14:70:cb:bb:6c:f2:a9:03:bd:f5:34:08:df:d2:27: 589s 4a:ba:50:04:b4:85:35:db:cd:16:6a:c4:66:bb:86: 589s 11:88:de:0c:9e:e0:35:74:85 589s Exponent: 65537 (0x10001) 589s X509v3 extensions: 589s X509v3 Authority Key Identifier: 589s 2B:FA:2B:4E:FA:DB:40:B8:13:BC:29:31:F7:98:A0:66:9D:5E:51:C0 589s X509v3 Basic Constraints: 589s CA:FALSE 589s Netscape Cert Type: 589s SSL Client, S/MIME 589s Netscape Comment: 589s Test Organization Sub Intermediate CA trusted Certificate 589s X509v3 Subject Key Identifier: 589s 2E:4C:F1:F8:CD:11:FB:A8:A7:7F:A0:6D:39:36:22:11:7B:6B:0B:60 589s X509v3 Key Usage: critical 589s Digital Signature, Non Repudiation, Key Encipherment 589s X509v3 Extended Key Usage: 589s TLS Web Client Authentication, E-mail Protection 589s X509v3 Subject Alternative Name: 589s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 589s Signature Algorithm: sha256WithRSAEncryption 589s Signature Value: 589s b2:9d:f7:3d:92:cb:ac:4f:11:05:08:75:69:40:6b:c9:36:55: 589s 96:ac:b6:5c:75:cd:ff:57:54:e6:f3:f7:73:ad:ab:e6:ee:58: 589s 17:0d:fe:95:ee:77:85:40:c9:9e:59:76:39:46:dd:2a:04:94: 589s b8:35:52:02:bc:9a:40:c7:6a:6c:e3:82:d0:14:b5:e4:d5:95: 589s f5:80:2b:e9:6f:18:66:0f:2a:7a:80:03:47:68:23:de:78:fc: 589s 4d:b2:ac:9c:8f:26:bd:48:a6:52:6b:b7:db:e2:c2:67:b8:64: 589s a4:70:38:e0:cc:d9:9f:e7:65:c7:96:4b:11:22:82:e7:94:66: 589s 89:21 589s + local found_md5 expected_md5 589s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 589s + expected_md5=Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 589s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-30894.pem 589s + found_md5=Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 589s + '[' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 '!=' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 ']' 589s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-30894-auth.output 589s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-30894-auth.output .output 589s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-30894-auth.pem 589s + echo -n 053350 589s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 '' --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 589s [p11_child[2389]] [main] (0x0400): p11_child started. 589s [p11_child[2389]] [main] (0x2000): Running in [auth] mode. 589s [p11_child[2389]] [main] (0x2000): Running with effective IDs: [0][0]. 589s [p11_child[2389]] [main] (0x2000): Running with real IDs [0][0]. 589s [p11_child[2389]] [do_card] (0x4000): Module List: 589s [p11_child[2389]] [do_card] (0x4000): common name: [softhsm2]. 589s [p11_child[2389]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2389]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7f3e16e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 589s [p11_child[2389]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 589s [p11_child[2389]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7f3e16e1][2134775521] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 589s [p11_child[2389]] [do_card] (0x4000): Login required. 589s [p11_child[2389]] [do_card] (0x4000): Token flags [1069]. 589s [p11_child[2389]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 589s [p11_child[2389]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 589s [p11_child[2389]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 589s [p11_child[2389]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7f3e16e1;slot-manufacturer=SoftHSM%20project;slot-id=2134775521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8e89125e7f3e16e1;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 589s [p11_child[2389]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 589s [p11_child[2389]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 589s [p11_child[2389]] [do_card] (0x4000): Certificate verified and validated. 589s [p11_child[2389]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 589s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-30894-auth.output 589s + echo '-----BEGIN CERTIFICATE-----' 589s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-30894-auth.output 589s + echo '-----END CERTIFICATE-----' 589s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-30894-auth.pem 589s Certificate: 589s Data: 589s Version: 3 (0x2) 589s Serial Number: 5 (0x5) 589s Signature Algorithm: sha256WithRSAEncryption 589s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 589s Validity 589s Not Before: Jan 15 02:43:06 2025 GMT 589s Not After : Jan 15 02:43:06 2026 GMT 589s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 589s Subject Public Key Info: 589s Public Key Algorithm: rsaEncryption 589s Public-Key: (1024 bit) 589s Modulus: 589s 00:c1:1c:ad:ca:c2:20:ee:10:14:5c:d2:9c:00:ea: 589s 4d:40:8c:e5:7a:0e:53:c8:b0:ea:b8:ab:18:25:4b: 589s 4f:b4:78:6a:50:7b:60:a7:ea:d7:fe:89:fc:ff:01: 589s b0:9a:0a:ca:14:e4:21:a5:06:04:42:24:27:9e:2c: 589s 4e:de:39:66:76:cf:23:08:71:75:c0:86:ad:ed:f2: 589s 53:4a:0d:a2:eb:ea:fb:5c:66:8b:06:a9:43:bb:b2: 589s 14:70:cb:bb:6c:f2:a9:03:bd:f5:34:08:df:d2:27: 589s 4a:ba:50:04:b4:85:35:db:cd:16:6a:c4:66:bb:86: 589s 11:88:de:0c:9e:e0:35:74:85 589s Exponent: 65537 (0x10001) 589s X509v3 extensions: 589s X509v3 Authority Key Identifier: 589s 2B:FA:2B:4E:FA:DB:40:B8:13:BC:29:31:F7:98:A0:66:9D:5E:51:C0 589s X509v3 Basic Constraints: 589s CA:FALSE 589s Netscape Cert Type: 589s SSL Client, S/MIME 589s Netscape Comment: 589s Test Organization Sub Intermediate CA trusted Certificate 589s X509v3 Subject Key Identifier: 589s 2E:4C:F1:F8:CD:11:FB:A8:A7:7F:A0:6D:39:36:22:11:7B:6B:0B:60 589s X509v3 Key Usage: critical 589s Digital Signature, Non Repudiation, Key Encipherment 589s X509v3 Extended Key Usage: 589s TLS Web Client Authentication, E-mail Protection 589s X509v3 Subject Alternative Name: 589s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 589s Signature Algorithm: sha256WithRSAEncryption 589s Signature Value: 589s b2:9d:f7:3d:92:cb:ac:4f:11:05:08:75:69:40:6b:c9:36:55: 589s 96:ac:b6:5c:75:cd:ff:57:54:e6:f3:f7:73:ad:ab:e6:ee:58: 589s 17:0d:fe:95:ee:77:85:40:c9:9e:59:76:39:46:dd:2a:04:94: 589s b8:35:52:02:bc:9a:40:c7:6a:6c:e3:82:d0:14:b5:e4:d5:95: 589s f5:80:2b:e9:6f:18:66:0f:2a:7a:80:03:47:68:23:de:78:fc: 589s 4d:b2:ac:9c:8f:26:bd:48:a6:52:6b:b7:db:e2:c2:67:b8:64: 589s a4:70:38:e0:cc:d9:9f:e7:65:c7:96:4b:11:22:82:e7:94:66: 589s 89:21 589s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-30894-auth.pem 590s + found_md5=Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 590s + '[' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 '!=' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 ']' 590s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem partial_chain 590s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem partial_chain 590s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 590s + local verify_option=partial_chain 590s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local key_cn 590s + local key_name 590s + local tokens_dir 590s + local output_cert_file 590s + token_name= 590s ++ basename /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 590s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 590s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s ++ sed -n 's/ *commonName *= //p' 590s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 590s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 590s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 590s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 590s Test Organization Sub Int Token 590s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 590s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 590s + token_name='Test Organization Sub Int Token' 590s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 590s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 590s + echo 'Test Organization Sub Int Token' 590s + '[' -n partial_chain ']' 590s + local verify_arg=--verify=partial_chain 590s + local output_base_name=SSSD-child-5868 590s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-5868.output 590s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-5868.pem 590s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem 590s [p11_child[2399]] [main] (0x0400): p11_child started. 590s [p11_child[2399]] [main] (0x2000): Running in [pre-auth] mode. 590s [p11_child[2399]] [main] (0x2000): Running with effective IDs: [0][0]. 590s [p11_child[2399]] [main] (0x2000): Running with real IDs [0][0]. 590s [p11_child[2399]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 590s [p11_child[2399]] [do_card] (0x4000): Module List: 590s [p11_child[2399]] [do_card] (0x4000): common name: [softhsm2]. 590s [p11_child[2399]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2399]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7f3e16e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 590s [p11_child[2399]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 590s [p11_child[2399]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7f3e16e1][2134775521] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2399]] [do_card] (0x4000): Login NOT required. 590s [p11_child[2399]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 590s [p11_child[2399]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 590s [p11_child[2399]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 590s [p11_child[2399]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7f3e16e1;slot-manufacturer=SoftHSM%20project;slot-id=2134775521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8e89125e7f3e16e1;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 590s [p11_child[2399]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 590s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-5868.output 590s + echo '-----BEGIN CERTIFICATE-----' 590s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-5868.output 590s + echo '-----END CERTIFICATE-----' 590s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-5868.pem 590s Certificate: 590s Data: 590s Version: 3 (0x2) 590s Serial Number: 5 (0x5) 590s Signature Algorithm: sha256WithRSAEncryption 590s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 590s Validity 590s Not Before: Jan 15 02:43:06 2025 GMT 590s Not After : Jan 15 02:43:06 2026 GMT 590s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 590s Subject Public Key Info: 590s Public Key Algorithm: rsaEncryption 590s Public-Key: (1024 bit) 590s Modulus: 590s 00:c1:1c:ad:ca:c2:20:ee:10:14:5c:d2:9c:00:ea: 590s 4d:40:8c:e5:7a:0e:53:c8:b0:ea:b8:ab:18:25:4b: 590s 4f:b4:78:6a:50:7b:60:a7:ea:d7:fe:89:fc:ff:01: 590s b0:9a:0a:ca:14:e4:21:a5:06:04:42:24:27:9e:2c: 590s 4e:de:39:66:76:cf:23:08:71:75:c0:86:ad:ed:f2: 590s 53:4a:0d:a2:eb:ea:fb:5c:66:8b:06:a9:43:bb:b2: 590s 14:70:cb:bb:6c:f2:a9:03:bd:f5:34:08:df:d2:27: 590s 4a:ba:50:04:b4:85:35:db:cd:16:6a:c4:66:bb:86: 590s 11:88:de:0c:9e:e0:35:74:85 590s Exponent: 65537 (0x10001) 590s X509v3 extensions: 590s X509v3 Authority Key Identifier: 590s 2B:FA:2B:4E:FA:DB:40:B8:13:BC:29:31:F7:98:A0:66:9D:5E:51:C0 590s X509v3 Basic Constraints: 590s CA:FALSE 590s Netscape Cert Type: 590s SSL Client, S/MIME 590s Netscape Comment: 590s Test Organization Sub Intermediate CA trusted Certificate 590s X509v3 Subject Key Identifier: 590s 2E:4C:F1:F8:CD:11:FB:A8:A7:7F:A0:6D:39:36:22:11:7B:6B:0B:60 590s X509v3 Key Usage: critical 590s Digital Signature, Non Repudiation, Key Encipherment 590s X509v3 Extended Key Usage: 590s TLS Web Client Authentication, E-mail Protection 590s X509v3 Subject Alternative Name: 590s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 590s Signature Algorithm: sha256WithRSAEncryption 590s Signature Value: 590s b2:9d:f7:3d:92:cb:ac:4f:11:05:08:75:69:40:6b:c9:36:55: 590s 96:ac:b6:5c:75:cd:ff:57:54:e6:f3:f7:73:ad:ab:e6:ee:58: 590s 17:0d:fe:95:ee:77:85:40:c9:9e:59:76:39:46:dd:2a:04:94: 590s b8:35:52:02:bc:9a:40:c7:6a:6c:e3:82:d0:14:b5:e4:d5:95: 590s f5:80:2b:e9:6f:18:66:0f:2a:7a:80:03:47:68:23:de:78:fc: 590s 4d:b2:ac:9c:8f:26:bd:48:a6:52:6b:b7:db:e2:c2:67:b8:64: 590s a4:70:38:e0:cc:d9:9f:e7:65:c7:96:4b:11:22:82:e7:94:66: 590s 89:21 590s + local found_md5 expected_md5 590s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + expected_md5=Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 590s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-5868.pem 590s + found_md5=Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 590s + '[' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 '!=' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 ']' 590s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-5868-auth.output 590s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-5868-auth.output .output 590s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-5868-auth.pem 590s + echo -n 053350 590s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-usUgTg/test-full-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 590s [p11_child[2407]] [main] (0x0400): p11_child started. 590s [p11_child[2407]] [main] (0x2000): Running in [auth] mode. 590s [p11_child[2407]] [main] (0x2000): Running with effective IDs: [0][0]. 590s [p11_child[2407]] [main] (0x2000): Running with real IDs [0][0]. 590s [p11_child[2407]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 590s [p11_child[2407]] [do_card] (0x4000): Module List: 590s [p11_child[2407]] [do_card] (0x4000): common name: [softhsm2]. 590s [p11_child[2407]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2407]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7f3e16e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 590s [p11_child[2407]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 590s [p11_child[2407]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7f3e16e1][2134775521] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2407]] [do_card] (0x4000): Login required. 590s [p11_child[2407]] [do_card] (0x4000): Token flags [1069]. 590s [p11_child[2407]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 590s [p11_child[2407]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 590s [p11_child[2407]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 590s [p11_child[2407]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7f3e16e1;slot-manufacturer=SoftHSM%20project;slot-id=2134775521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8e89125e7f3e16e1;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 590s [p11_child[2407]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 590s [p11_child[2407]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 590s [p11_child[2407]] [do_card] (0x4000): Certificate verified and validated. 590s [p11_child[2407]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 590s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-5868-auth.output 590s + echo '-----BEGIN CERTIFICATE-----' 590s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-5868-auth.output 590s + echo '-----END CERTIFICATE-----' 590s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-5868-auth.pem 590s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-5868-auth.pem 590s Certificate: 590s Data: 590s Version: 3 (0x2) 590s Serial Number: 5 (0x5) 590s Signature Algorithm: sha256WithRSAEncryption 590s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 590s Validity 590s Not Before: Jan 15 02:43:06 2025 GMT 590s Not After : Jan 15 02:43:06 2026 GMT 590s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 590s Subject Public Key Info: 590s Public Key Algorithm: rsaEncryption 590s Public-Key: (1024 bit) 590s Modulus: 590s 00:c1:1c:ad:ca:c2:20:ee:10:14:5c:d2:9c:00:ea: 590s 4d:40:8c:e5:7a:0e:53:c8:b0:ea:b8:ab:18:25:4b: 590s 4f:b4:78:6a:50:7b:60:a7:ea:d7:fe:89:fc:ff:01: 590s b0:9a:0a:ca:14:e4:21:a5:06:04:42:24:27:9e:2c: 590s 4e:de:39:66:76:cf:23:08:71:75:c0:86:ad:ed:f2: 590s 53:4a:0d:a2:eb:ea:fb:5c:66:8b:06:a9:43:bb:b2: 590s 14:70:cb:bb:6c:f2:a9:03:bd:f5:34:08:df:d2:27: 590s 4a:ba:50:04:b4:85:35:db:cd:16:6a:c4:66:bb:86: 590s 11:88:de:0c:9e:e0:35:74:85 590s Exponent: 65537 (0x10001) 590s X509v3 extensions: 590s X509v3 Authority Key Identifier: 590s 2B:FA:2B:4E:FA:DB:40:B8:13:BC:29:31:F7:98:A0:66:9D:5E:51:C0 590s X509v3 Basic Constraints: 590s CA:FALSE 590s Netscape Cert Type: 590s SSL Client, S/MIME 590s Netscape Comment: 590s Test Organization Sub Intermediate CA trusted Certificate 590s X509v3 Subject Key Identifier: 590s 2E:4C:F1:F8:CD:11:FB:A8:A7:7F:A0:6D:39:36:22:11:7B:6B:0B:60 590s X509v3 Key Usage: critical 590s Digital Signature, Non Repudiation, Key Encipherment 590s X509v3 Extended Key Usage: 590s TLS Web Client Authentication, E-mail Protection 590s X509v3 Subject Alternative Name: 590s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 590s Signature Algorithm: sha256WithRSAEncryption 590s Signature Value: 590s b2:9d:f7:3d:92:cb:ac:4f:11:05:08:75:69:40:6b:c9:36:55: 590s 96:ac:b6:5c:75:cd:ff:57:54:e6:f3:f7:73:ad:ab:e6:ee:58: 590s 17:0d:fe:95:ee:77:85:40:c9:9e:59:76:39:46:dd:2a:04:94: 590s b8:35:52:02:bc:9a:40:c7:6a:6c:e3:82:d0:14:b5:e4:d5:95: 590s f5:80:2b:e9:6f:18:66:0f:2a:7a:80:03:47:68:23:de:78:fc: 590s 4d:b2:ac:9c:8f:26:bd:48:a6:52:6b:b7:db:e2:c2:67:b8:64: 590s a4:70:38:e0:cc:d9:9f:e7:65:c7:96:4b:11:22:82:e7:94:66: 590s 89:21 590s + found_md5=Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 590s + '[' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 '!=' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 ']' 590s + invalid_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 590s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 590s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 590s + local verify_option= 590s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local key_cn 590s + local key_name 590s + local tokens_dir 590s + local output_cert_file 590s + token_name= 590s ++ basename /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 590s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 590s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s ++ sed -n 's/ *commonName *= //p' 590s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 590s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 590s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 590s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 590s Test Organization Sub Int Token 590s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 590s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 590s + token_name='Test Organization Sub Int Token' 590s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 590s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 590s + echo 'Test Organization Sub Int Token' 590s + '[' -n '' ']' 590s + local output_base_name=SSSD-child-26289 590s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-26289.output 590s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-26289.pem 590s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so '' --ca_db=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 590s [p11_child[2417]] [main] (0x0400): p11_child started. 590s [p11_child[2417]] [main] (0x2000): Running in [pre-auth] mode. 590s [p11_child[2417]] [main] (0x2000): Running with effective IDs: [0][0]. 590s [p11_child[2417]] [main] (0x2000): Running with real IDs [0][0]. 590s [p11_child[2417]] [do_card] (0x4000): Module List: 590s [p11_child[2417]] [do_card] (0x4000): common name: [softhsm2]. 590s [p11_child[2417]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2417]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7f3e16e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 590s [p11_child[2417]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 590s [p11_child[2417]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7f3e16e1][2134775521] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2417]] [do_card] (0x4000): Login NOT required. 590s [p11_child[2417]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 590s [p11_child[2417]] [do_verification] (0x0040): X509_verify_cert failed [0]. 590s [p11_child[2417]] [do_verification] (0x0040): X509_verify_cert failed [2][unable to get issuer certificate]. 590s [p11_child[2417]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 590s [p11_child[2417]] [do_card] (0x4000): No certificate found. 590s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-26289.output 590s + return 2 590s + invalid_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-root-intermediate-chain-CA.pem partial_chain 590s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-root-intermediate-chain-CA.pem partial_chain 590s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-root-intermediate-chain-CA.pem 590s + local verify_option=partial_chain 590s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local key_cn 590s + local key_name 590s + local tokens_dir 590s + local output_cert_file 590s + token_name= 590s ++ basename /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 590s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 590s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s ++ sed -n 's/ *commonName *= //p' 590s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 590s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 590s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 590s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 590s Test Organization Sub Int Token 590s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 590s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 590s + token_name='Test Organization Sub Int Token' 590s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 590s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 590s + echo 'Test Organization Sub Int Token' 590s + '[' -n partial_chain ']' 590s + local verify_arg=--verify=partial_chain 590s + local output_base_name=SSSD-child-19645 590s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-19645.output 590s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-19645.pem 590s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-usUgTg/test-root-intermediate-chain-CA.pem 590s [p11_child[2424]] [main] (0x0400): p11_child started. 590s [p11_child[2424]] [main] (0x2000): Running in [pre-auth] mode. 590s [p11_child[2424]] [main] (0x2000): Running with effective IDs: [0][0]. 590s [p11_child[2424]] [main] (0x2000): Running with real IDs [0][0]. 590s [p11_child[2424]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 590s [p11_child[2424]] [do_card] (0x4000): Module List: 590s [p11_child[2424]] [do_card] (0x4000): common name: [softhsm2]. 590s [p11_child[2424]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2424]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7f3e16e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 590s [p11_child[2424]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 590s [p11_child[2424]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7f3e16e1][2134775521] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2424]] [do_card] (0x4000): Login NOT required. 590s [p11_child[2424]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 590s [p11_child[2424]] [do_verification] (0x0040): X509_verify_cert failed [0]. 590s [p11_child[2424]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate]. 590s [p11_child[2424]] [read_certs] (0x0040): Certificate [Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] not valid, skipping. 590s [p11_child[2424]] [do_card] (0x4000): No certificate found. 590s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-19645.output 590s + return 2 590s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem partial_chain 590s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem partial_chain 590s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 590s + local verify_option=partial_chain 590s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local key_cn 590s + local key_name 590s + local tokens_dir 590s + local output_cert_file 590s + token_name= 590s ++ basename /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 590s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 590s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s ++ sed -n 's/ *commonName *= //p' 590s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 590s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 590s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 590s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 590s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 590s Test Organization Sub Int Token 590s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 590s + token_name='Test Organization Sub Int Token' 590s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 590s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 590s + echo 'Test Organization Sub Int Token' 590s + '[' -n partial_chain ']' 590s + local verify_arg=--verify=partial_chain 590s + local output_base_name=SSSD-child-3872 590s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-3872.output 590s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-3872.pem 590s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem 590s [p11_child[2431]] [main] (0x0400): p11_child started. 590s [p11_child[2431]] [main] (0x2000): Running in [pre-auth] mode. 590s [p11_child[2431]] [main] (0x2000): Running with effective IDs: [0][0]. 590s [p11_child[2431]] [main] (0x2000): Running with real IDs [0][0]. 590s [p11_child[2431]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 590s [p11_child[2431]] [do_card] (0x4000): Module List: 590s [p11_child[2431]] [do_card] (0x4000): common name: [softhsm2]. 590s [p11_child[2431]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2431]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7f3e16e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 590s [p11_child[2431]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 590s [p11_child[2431]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7f3e16e1][2134775521] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2431]] [do_card] (0x4000): Login NOT required. 590s [p11_child[2431]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 590s [p11_child[2431]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 590s [p11_child[2431]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 590s [p11_child[2431]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7f3e16e1;slot-manufacturer=SoftHSM%20project;slot-id=2134775521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8e89125e7f3e16e1;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 590s [p11_child[2431]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 590s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-3872.output 590s + echo '-----BEGIN CERTIFICATE-----' 590s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-3872.output 590s + echo '-----END CERTIFICATE-----' 590s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-3872.pem 590s Certificate: 590s Data: 590s Version: 3 (0x2) 590s Serial Number: 5 (0x5) 590s Signature Algorithm: sha256WithRSAEncryption 590s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 590s Validity 590s Not Before: Jan 15 02:43:06 2025 GMT 590s Not After : Jan 15 02:43:06 2026 GMT 590s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 590s Subject Public Key Info: 590s Public Key Algorithm: rsaEncryption 590s Public-Key: (1024 bit) 590s Modulus: 590s 00:c1:1c:ad:ca:c2:20:ee:10:14:5c:d2:9c:00:ea: 590s 4d:40:8c:e5:7a:0e:53:c8:b0:ea:b8:ab:18:25:4b: 590s 4f:b4:78:6a:50:7b:60:a7:ea:d7:fe:89:fc:ff:01: 590s b0:9a:0a:ca:14:e4:21:a5:06:04:42:24:27:9e:2c: 590s 4e:de:39:66:76:cf:23:08:71:75:c0:86:ad:ed:f2: 590s 53:4a:0d:a2:eb:ea:fb:5c:66:8b:06:a9:43:bb:b2: 590s 14:70:cb:bb:6c:f2:a9:03:bd:f5:34:08:df:d2:27: 590s 4a:ba:50:04:b4:85:35:db:cd:16:6a:c4:66:bb:86: 590s 11:88:de:0c:9e:e0:35:74:85 590s Exponent: 65537 (0x10001) 590s X509v3 extensions: 590s X509v3 Authority Key Identifier: 590s 2B:FA:2B:4E:FA:DB:40:B8:13:BC:29:31:F7:98:A0:66:9D:5E:51:C0 590s X509v3 Basic Constraints: 590s CA:FALSE 590s Netscape Cert Type: 590s SSL Client, S/MIME 590s Netscape Comment: 590s Test Organization Sub Intermediate CA trusted Certificate 590s X509v3 Subject Key Identifier: 590s 2E:4C:F1:F8:CD:11:FB:A8:A7:7F:A0:6D:39:36:22:11:7B:6B:0B:60 590s X509v3 Key Usage: critical 590s Digital Signature, Non Repudiation, Key Encipherment 590s X509v3 Extended Key Usage: 590s TLS Web Client Authentication, E-mail Protection 590s X509v3 Subject Alternative Name: 590s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 590s Signature Algorithm: sha256WithRSAEncryption 590s Signature Value: 590s b2:9d:f7:3d:92:cb:ac:4f:11:05:08:75:69:40:6b:c9:36:55: 590s 96:ac:b6:5c:75:cd:ff:57:54:e6:f3:f7:73:ad:ab:e6:ee:58: 590s 17:0d:fe:95:ee:77:85:40:c9:9e:59:76:39:46:dd:2a:04:94: 590s b8:35:52:02:bc:9a:40:c7:6a:6c:e3:82:d0:14:b5:e4:d5:95: 590s f5:80:2b:e9:6f:18:66:0f:2a:7a:80:03:47:68:23:de:78:fc: 590s 4d:b2:ac:9c:8f:26:bd:48:a6:52:6b:b7:db:e2:c2:67:b8:64: 590s a4:70:38:e0:cc:d9:9f:e7:65:c7:96:4b:11:22:82:e7:94:66: 590s 89:21 590s + local found_md5 expected_md5 590s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + expected_md5=Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 590s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-3872.pem 590s + found_md5=Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 590s + '[' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 '!=' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 ']' 590s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-3872-auth.output 590s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-3872-auth.output .output 590s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-3872-auth.pem 590s + echo -n 053350 590s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 590s [p11_child[2439]] [main] (0x0400): p11_child started. 590s [p11_child[2439]] [main] (0x2000): Running in [auth] mode. 590s [p11_child[2439]] [main] (0x2000): Running with effective IDs: [0][0]. 590s [p11_child[2439]] [main] (0x2000): Running with real IDs [0][0]. 590s [p11_child[2439]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 590s [p11_child[2439]] [do_card] (0x4000): Module List: 590s [p11_child[2439]] [do_card] (0x4000): common name: [softhsm2]. 590s [p11_child[2439]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2439]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7f3e16e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 590s [p11_child[2439]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 590s [p11_child[2439]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7f3e16e1][2134775521] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2439]] [do_card] (0x4000): Login required. 590s [p11_child[2439]] [do_card] (0x4000): Token flags [1069]. 590s [p11_child[2439]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 590s [p11_child[2439]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 590s [p11_child[2439]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 590s [p11_child[2439]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7f3e16e1;slot-manufacturer=SoftHSM%20project;slot-id=2134775521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8e89125e7f3e16e1;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 590s [p11_child[2439]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 590s [p11_child[2439]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 590s [p11_child[2439]] [do_card] (0x4000): Certificate verified and validated. 590s [p11_child[2439]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 590s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-3872-auth.output 590s + echo '-----BEGIN CERTIFICATE-----' 590s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-3872-auth.output 590s + echo '-----END CERTIFICATE-----' 590s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-3872-auth.pem 590s Certificate: 590s Data: 590s Version: 3 (0x2) 590s Serial Number: 5 (0x5) 590s Signature Algorithm: sha256WithRSAEncryption 590s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 590s Validity 590s Not Before: Jan 15 02:43:06 2025 GMT 590s Not After : Jan 15 02:43:06 2026 GMT 590s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 590s Subject Public Key Info: 590s Public Key Algorithm: rsaEncryption 590s Public-Key: (1024 bit) 590s Modulus: 590s 00:c1:1c:ad:ca:c2:20:ee:10:14:5c:d2:9c:00:ea: 590s 4d:40:8c:e5:7a:0e:53:c8:b0:ea:b8:ab:18:25:4b: 590s 4f:b4:78:6a:50:7b:60:a7:ea:d7:fe:89:fc:ff:01: 590s b0:9a:0a:ca:14:e4:21:a5:06:04:42:24:27:9e:2c: 590s 4e:de:39:66:76:cf:23:08:71:75:c0:86:ad:ed:f2: 590s 53:4a:0d:a2:eb:ea:fb:5c:66:8b:06:a9:43:bb:b2: 590s 14:70:cb:bb:6c:f2:a9:03:bd:f5:34:08:df:d2:27: 590s 4a:ba:50:04:b4:85:35:db:cd:16:6a:c4:66:bb:86: 590s 11:88:de:0c:9e:e0:35:74:85 590s Exponent: 65537 (0x10001) 590s X509v3 extensions: 590s X509v3 Authority Key Identifier: 590s 2B:FA:2B:4E:FA:DB:40:B8:13:BC:29:31:F7:98:A0:66:9D:5E:51:C0 590s X509v3 Basic Constraints: 590s CA:FALSE 590s Netscape Cert Type: 590s SSL Client, S/MIME 590s Netscape Comment: 590s Test Organization Sub Intermediate CA trusted Certificate 590s X509v3 Subject Key Identifier: 590s 2E:4C:F1:F8:CD:11:FB:A8:A7:7F:A0:6D:39:36:22:11:7B:6B:0B:60 590s X509v3 Key Usage: critical 590s Digital Signature, Non Repudiation, Key Encipherment 590s X509v3 Extended Key Usage: 590s TLS Web Client Authentication, E-mail Protection 590s X509v3 Subject Alternative Name: 590s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 590s Signature Algorithm: sha256WithRSAEncryption 590s Signature Value: 590s b2:9d:f7:3d:92:cb:ac:4f:11:05:08:75:69:40:6b:c9:36:55: 590s 96:ac:b6:5c:75:cd:ff:57:54:e6:f3:f7:73:ad:ab:e6:ee:58: 590s 17:0d:fe:95:ee:77:85:40:c9:9e:59:76:39:46:dd:2a:04:94: 590s b8:35:52:02:bc:9a:40:c7:6a:6c:e3:82:d0:14:b5:e4:d5:95: 590s f5:80:2b:e9:6f:18:66:0f:2a:7a:80:03:47:68:23:de:78:fc: 590s 4d:b2:ac:9c:8f:26:bd:48:a6:52:6b:b7:db:e2:c2:67:b8:64: 590s a4:70:38:e0:cc:d9:9f:e7:65:c7:96:4b:11:22:82:e7:94:66: 590s 89:21 590s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-3872-auth.pem 590s + found_md5=Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 590s + '[' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 '!=' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 ']' 590s + valid_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-intermediate-sub-chain-CA.pem partial_chain 590s + check_certificate /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 /tmp/sssd-softhsm2-usUgTg/test-intermediate-sub-chain-CA.pem partial_chain 590s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local key_ring=/tmp/sssd-softhsm2-usUgTg/test-intermediate-sub-chain-CA.pem 590s + local verify_option=partial_chain 590s + prepare_softhsm2_card /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local certificate=/tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-8796 590s + local key_cn 590s + local key_name 590s + local tokens_dir 590s + local output_cert_file 590s + token_name= 590s ++ basename /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 590s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 590s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s ++ sed -n 's/ *commonName *= //p' 590s Test Organization Sub Int Token 590s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 590s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 590s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 590s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 590s ++ basename /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 590s + tokens_dir=/tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 590s + token_name='Test Organization Sub Int Token' 590s + '[' '!' -e /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 590s + '[' '!' -d /tmp/sssd-softhsm2-usUgTg/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 ']' 590s + echo 'Test Organization Sub Int Token' 590s + '[' -n partial_chain ']' 590s + local verify_arg=--verify=partial_chain 590s + local output_base_name=SSSD-child-21403 590s + local output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-21403.output 590s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-21403.pem 590s + /usr/libexec/sssd/p11_child --pre -d 10 --logger=stderr --debug-fd=2 --module_name=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --verify=partial_chain --ca_db=/tmp/sssd-softhsm2-usUgTg/test-intermediate-sub-chain-CA.pem 590s [p11_child[2449]] [main] (0x0400): p11_child started. 590s [p11_child[2449]] [main] (0x2000): Running in [pre-auth] mode. 590s [p11_child[2449]] [main] (0x2000): Running with effective IDs: [0][0]. 590s [p11_child[2449]] [main] (0x2000): Running with real IDs [0][0]. 590s [p11_child[2449]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 590s [p11_child[2449]] [do_card] (0x4000): Module List: 590s [p11_child[2449]] [do_card] (0x4000): common name: [softhsm2]. 590s [p11_child[2449]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2449]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7f3e16e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 590s [p11_child[2449]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 590s [p11_child[2449]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7f3e16e1][2134775521] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2449]] [do_card] (0x4000): Login NOT required. 590s [p11_child[2449]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 590s [p11_child[2449]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 590s [p11_child[2449]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so (null) Test Organization Sub Int Token (null) - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 590s [p11_child[2449]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7f3e16e1;slot-manufacturer=SoftHSM%20project;slot-id=2134775521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8e89125e7f3e16e1;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 590s [p11_child[2449]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 590s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-21403.output 590s + echo '-----BEGIN CERTIFICATE-----' 590s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-21403.output 590s + echo '-----END CERTIFICATE-----' 590s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-21403.pem 590s Certificate: 590s Data: 590s Version: 3 (0x2) 590s Serial Number: 5 (0x5) 590s Signature Algorithm: sha256WithRSAEncryption 590s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 590s Validity 590s Not Before: Jan 15 02:43:06 2025 GMT 590s Not After : Jan 15 02:43:06 2026 GMT 590s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 590s Subject Public Key Info: 590s Public Key Algorithm: rsaEncryption 590s Public-Key: (1024 bit) 590s Modulus: 590s 00:c1:1c:ad:ca:c2:20:ee:10:14:5c:d2:9c:00:ea: 590s 4d:40:8c:e5:7a:0e:53:c8:b0:ea:b8:ab:18:25:4b: 590s 4f:b4:78:6a:50:7b:60:a7:ea:d7:fe:89:fc:ff:01: 590s b0:9a:0a:ca:14:e4:21:a5:06:04:42:24:27:9e:2c: 590s 4e:de:39:66:76:cf:23:08:71:75:c0:86:ad:ed:f2: 590s 53:4a:0d:a2:eb:ea:fb:5c:66:8b:06:a9:43:bb:b2: 590s 14:70:cb:bb:6c:f2:a9:03:bd:f5:34:08:df:d2:27: 590s 4a:ba:50:04:b4:85:35:db:cd:16:6a:c4:66:bb:86: 590s 11:88:de:0c:9e:e0:35:74:85 590s Exponent: 65537 (0x10001) 590s X509v3 extensions: 590s X509v3 Authority Key Identifier: 590s 2B:FA:2B:4E:FA:DB:40:B8:13:BC:29:31:F7:98:A0:66:9D:5E:51:C0 590s X509v3 Basic Constraints: 590s CA:FALSE 590s Netscape Cert Type: 590s SSL Client, S/MIME 590s Netscape Comment: 590s Test Organization Sub Intermediate CA trusted Certificate 590s X509v3 Subject Key Identifier: 590s 2E:4C:F1:F8:CD:11:FB:A8:A7:7F:A0:6D:39:36:22:11:7B:6B:0B:60 590s X509v3 Key Usage: critical 590s Digital Signature, Non Repudiation, Key Encipherment 590s X509v3 Extended Key Usage: 590s TLS Web Client Authentication, E-mail Protection 590s X509v3 Subject Alternative Name: 590s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 590s Signature Algorithm: sha256WithRSAEncryption 590s Signature Value: 590s b2:9d:f7:3d:92:cb:ac:4f:11:05:08:75:69:40:6b:c9:36:55: 590s 96:ac:b6:5c:75:cd:ff:57:54:e6:f3:f7:73:ad:ab:e6:ee:58: 590s 17:0d:fe:95:ee:77:85:40:c9:9e:59:76:39:46:dd:2a:04:94: 590s b8:35:52:02:bc:9a:40:c7:6a:6c:e3:82:d0:14:b5:e4:d5:95: 590s f5:80:2b:e9:6f:18:66:0f:2a:7a:80:03:47:68:23:de:78:fc: 590s 4d:b2:ac:9c:8f:26:bd:48:a6:52:6b:b7:db:e2:c2:67:b8:64: 590s a4:70:38:e0:cc:d9:9f:e7:65:c7:96:4b:11:22:82:e7:94:66: 590s 89:21 590s + local found_md5 expected_md5 590s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/test-sub-intermediate-CA-trusted-certificate-0001.pem 590s + expected_md5=Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 590s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-21403.pem 590s + found_md5=Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 590s + '[' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 '!=' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 ']' 590s + output_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-21403-auth.output 590s ++ basename /tmp/sssd-softhsm2-usUgTg/SSSD-child-21403-auth.output .output 590s + output_cert_file=/tmp/sssd-softhsm2-usUgTg/SSSD-child-21403-auth.pem 590s + echo -n 053350 590s + /usr/libexec/sssd/p11_child --auth -d 10 --debug-fd=2 --ca_db=/tmp/sssd-softhsm2-usUgTg/test-intermediate-sub-chain-CA.pem --pin --key_id 00112233445566778899FFAABBCCDDEEFF012345 --verify=partial_chain --token_name 'Test Organization Sub Int Token' --module_name /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 590s [p11_child[2457]] [main] (0x0400): p11_child started. 590s [p11_child[2457]] [main] (0x2000): Running in [auth] mode. 590s [p11_child[2457]] [main] (0x2000): Running with effective IDs: [0][0]. 590s [p11_child[2457]] [main] (0x2000): Running with real IDs [0][0]. 590s [p11_child[2457]] [parse_cert_verify_opts] (0x4000): Found 'partial_chain' option, verification will not fail if a complete chain cannot be built to a self-signed trust-anchor, provided it is possible to construct a chain to a trusted certificate that might not be self-signed. 590s [p11_child[2457]] [do_card] (0x4000): Module List: 590s [p11_child[2457]] [do_card] (0x4000): common name: [softhsm2]. 590s [p11_child[2457]] [do_card] (0x4000): dll name: [/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2457]] [do_card] (0x4000): Description [SoftHSM slot ID 0x7f3e16e1] Manufacturer [SoftHSM project] flags [3] removable [true] token present [true]. 590s [p11_child[2457]] [do_card] (0x4000): Token label [Test Organization Sub Int Token]. 590s [p11_child[2457]] [do_card] (0x4000): Found [Test Organization Sub Int Token] in slot [SoftHSM slot ID 0x7f3e16e1][2134775521] of module [0][/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so]. 590s [p11_child[2457]] [do_card] (0x4000): Login required. 590s [p11_child[2457]] [do_card] (0x4000): Token flags [1069]. 590s [p11_child[2457]] [read_certs] (0x4000): found cert[Test Organization Sub Intermediate Trusted Certificate 0001][/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Sub Intermediate Trusted Certificate 0001] 590s [p11_child[2457]] [do_ocsp] (0x0020): No OCSP URL in certificate and no default responder defined, skipping OCSP check. 590s [p11_child[2457]] [do_card] (0x4000): /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so Test Organization Sub Int Token Test Organization Sub Int Token 00112233445566778899FFAABBCCDDEEFF012345 - no label given- 00112233445566778899FFAABBCCDDEEFF012345. 590s [p11_child[2457]] [do_card] (0x4000): uri: pkcs11:library-description=Implementation%20of%20PKCS11;library-manufacturer=SoftHSM;library-version=2.6;slot-description=SoftHSM%20slot%20ID%200x7f3e16e1;slot-manufacturer=SoftHSM%20project;slot-id=2134775521;model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=8e89125e7f3e16e1;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4226]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4357]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4229]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4234]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4230]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4225]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4356]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4231]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4224]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8457]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8458]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [304]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [307]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4355]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [310]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [312]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [306]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4354]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [305]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [290]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4353]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [293]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [289]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4352]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [288]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [33]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [32]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8193]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [17]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [16]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [8192]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [18]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [19]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [20]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [21]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [22]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4176]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4161]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4181]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4160]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [4183]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [848]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [528]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [529]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [5]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [1]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [0]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [9]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [13]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [3]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [6]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [14]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [597]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [598]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [70]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [71]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [592]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [593]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [64]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [67]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [608]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [609]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [65]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [68]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [624]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [625]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [66]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [69]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [544]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x4000): Found mechanism [545]. 590s [p11_child[2457]] [get_preferred_rsa_mechanism] (0x0200): Using PKCS#11 mechanism [66][CKM_SHA512_RSA_PKCS] with message digest [sha512]. 590s [p11_child[2457]] [sign_data] (0x4000): Found RSA key using mechanism [66]. 590s [p11_child[2457]] [do_card] (0x4000): Certificate verified and validated. 590s [p11_child[2457]] [do_card] (0x4000): Found certificate has key id [00112233445566778899FFAABBCCDDEEFF012345]. 590s + grep -qs 00112233445566778899FFAABBCCDDEEFF012345 /tmp/sssd-softhsm2-usUgTg/SSSD-child-21403-auth.output 590s + echo '-----BEGIN CERTIFICATE-----' 590s + tail -n1 /tmp/sssd-softhsm2-usUgTg/SSSD-child-21403-auth.output 590s + echo '-----END CERTIFICATE-----' 590s + openssl x509 -text -noout -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-21403-auth.pem 590s Certificate: 590s Data: 590s Version: 3 (0x2) 590s Serial Number: 5 (0x5) 590s Signature Algorithm: sha256WithRSAEncryption 590s Issuer: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 590s Validity 590s Not Before: Jan 15 02:43:06 2025 GMT 590s Not After : Jan 15 02:43:06 2026 GMT 590s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 590s Subject Public Key Info: 590s Public Key Algorithm: rsaEncryption 590s Public-Key: (1024 bit) 590s Modulus: 590s 00:c1:1c:ad:ca:c2:20:ee:10:14:5c:d2:9c:00:ea: 590s 4d:40:8c:e5:7a:0e:53:c8:b0:ea:b8:ab:18:25:4b: 590s 4f:b4:78:6a:50:7b:60:a7:ea:d7:fe:89:fc:ff:01: 590s b0:9a:0a:ca:14:e4:21:a5:06:04:42:24:27:9e:2c: 590s 4e:de:39:66:76:cf:23:08:71:75:c0:86:ad:ed:f2: 590s 53:4a:0d:a2:eb:ea:fb:5c:66:8b:06:a9:43:bb:b2: 590s 14:70:cb:bb:6c:f2:a9:03:bd:f5:34:08:df:d2:27: 590s 4a:ba:50:04:b4:85:35:db:cd:16:6a:c4:66:bb:86: 590s 11:88:de:0c:9e:e0:35:74:85 590s Exponent: 65537 (0x10001) 590s X509v3 extensions: 590s X509v3 Authority Key Identifier: 590s 2B:FA:2B:4E:FA:DB:40:B8:13:BC:29:31:F7:98:A0:66:9D:5E:51:C0 590s X509v3 Basic Constraints: 590s CA:FALSE 590s Netscape Cert Type: 590s SSL Client, S/MIME 590s Netscape Comment: 590s Test Organization Sub Intermediate CA trusted Certificate 590s X509v3 Subject Key Identifier: 590s 2E:4C:F1:F8:CD:11:FB:A8:A7:7F:A0:6D:39:36:22:11:7B:6B:0B:60 590s X509v3 Key Usage: critical 590s Digital Signature, Non Repudiation, Key Encipherment 590s X509v3 Extended Key Usage: 590s TLS Web Client Authentication, E-mail Protection 590s X509v3 Subject Alternative Name: 590s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 590s Signature Algorithm: sha256WithRSAEncryption 590s Signature Value: 590s b2:9d:f7:3d:92:cb:ac:4f:11:05:08:75:69:40:6b:c9:36:55: 590s 96:ac:b6:5c:75:cd:ff:57:54:e6:f3:f7:73:ad:ab:e6:ee:58: 590s 17:0d:fe:95:ee:77:85:40:c9:9e:59:76:39:46:dd:2a:04:94: 590s b8:35:52:02:bc:9a:40:c7:6a:6c:e3:82:d0:14:b5:e4:d5:95: 590s f5:80:2b:e9:6f:18:66:0f:2a:7a:80:03:47:68:23:de:78:fc: 590s 4d:b2:ac:9c:8f:26:bd:48:a6:52:6b:b7:db:e2:c2:67:b8:64: 590s a4:70:38:e0:cc:d9:9f:e7:65:c7:96:4b:11:22:82:e7:94:66: 590s 89:21 590s ++ openssl x509 -noout -modulus -in /tmp/sssd-softhsm2-usUgTg/SSSD-child-21403-auth.pem 590s 590s Test completed, Root CA and intermediate issued certificates verified! 590s + found_md5=Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 590s + '[' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 '!=' Modulus=C11CADCAC220EE10145CD29C00EA4D408CE57A0E53C8B0EAB8AB18254B4FB4786A507B60A7EAD7FE89FCFF01B09A0ACA14E421A506044224279E2C4EDE396676CF23087175C086ADEDF2534A0DA2EBEAFB5C668B06A943BBB21470CBBB6CF2A903BDF53408DFD2274ABA5004B48535DBCD166AC466BB861188DE0C9EE0357485 ']' 590s + set +x 590s autopkgtest [02:43:09]: test sssd-softhism2-certificates-tests.sh: -----------------------] 591s sssd-softhism2-certificates-tests.sh PASS 591s autopkgtest [02:43:10]: test sssd-softhism2-certificates-tests.sh: - - - - - - - - - - results - - - - - - - - - - 592s autopkgtest [02:43:11]: test sssd-smart-card-pam-auth-configs: preparing testbed 592s Reading package lists... 592s Building dependency tree... 592s Reading state information... 593s Starting pkgProblemResolver with broken count: 0 593s Starting 2 pkgProblemResolver with broken count: 0 593s Done 594s The following NEW packages will be installed: 594s pamtester 594s 0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded. 594s Need to get 12.3 kB of archives. 594s After this operation, 36.9 kB of additional disk space will be used. 594s Get:1 http://ftpmaster.internal/ubuntu plucky/universe arm64 pamtester arm64 0.1.2-4 [12.3 kB] 594s Fetched 12.3 kB in 0s (75.3 kB/s) 594s Selecting previously unselected package pamtester. 594s (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 81502 files and directories currently installed.) 594s Preparing to unpack .../pamtester_0.1.2-4_arm64.deb ... 594s Unpacking pamtester (0.1.2-4) ... 594s Setting up pamtester (0.1.2-4) ... 594s Processing triggers for man-db (2.13.0-1) ... 596s autopkgtest [02:43:15]: test sssd-smart-card-pam-auth-configs: env OFFLINE_MODE=1 bash debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 596s autopkgtest [02:43:15]: test sssd-smart-card-pam-auth-configs: [----------------------- 596s + '[' -z ubuntu ']' 596s + export DEBIAN_FRONTEND=noninteractive 596s + DEBIAN_FRONTEND=noninteractive 596s + required_tools=(pamtester softhsm2-util sssd) 596s + [[ ! -v OFFLINE_MODE ]] 596s + for cmd in "${required_tools[@]}" 596s + command -v pamtester 596s + for cmd in "${required_tools[@]}" 596s + command -v softhsm2-util 596s + for cmd in "${required_tools[@]}" 596s + command -v sssd 596s + PIN=123456 596s ++ mktemp -d -t sssd-softhsm2-certs-XXXXXX 596s + tmpdir=/tmp/sssd-softhsm2-certs-8e52g6 596s + backupsdir= 596s + alternative_pam_configs=(sss-smart-card-optional sss-smart-card-required) 596s + declare -a restore_paths 596s + declare -a delete_paths 596s + trap handle_exit EXIT 596s ++ dirname debian/tests/sssd-smart-card-pam-auth-configs-tester.sh 596s + tester=debian/tests/sssd-softhism2-certificates-tests.sh 596s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 596s + '[' '!' -e debian/tests/sssd-softhism2-certificates-tests.sh ']' 596s + export PIN TEST_TMPDIR=/tmp/sssd-softhsm2-certs-8e52g6 GENERATE_SMART_CARDS=1 KEEP_TEMPORARY_FILES=1 NO_SSSD_TESTS=1 596s + TEST_TMPDIR=/tmp/sssd-softhsm2-certs-8e52g6 596s + GENERATE_SMART_CARDS=1 596s + KEEP_TEMPORARY_FILES=1 596s + NO_SSSD_TESTS=1 596s + bash debian/tests/sssd-softhism2-certificates-tests.sh 596s + '[' -z ubuntu ']' 596s + required_tools=(p11tool openssl softhsm2-util) 596s + for cmd in "${required_tools[@]}" 596s + command -v p11tool 596s + for cmd in "${required_tools[@]}" 596s + command -v openssl 596s + for cmd in "${required_tools[@]}" 596s + command -v softhsm2-util 596s + PIN=123456 596s +++ find /usr/lib/softhsm/libsofthsm2.so 596s +++ head -n 1 596s ++ realpath /usr/lib/softhsm/libsofthsm2.so 596s + SOFTHSM2_MODULE=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so 596s + SSSD_P11_CHILD=/usr/libexec/sssd/p11_child 596s + TOKEN_ID=00112233445566778899FFAABBCCDDEEFF012345 596s + '[' '!' -v NO_SSSD_TESTS ']' 596s + '[' '!' -e /usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so ']' 596s + tmpdir=/tmp/sssd-softhsm2-certs-8e52g6 596s + keys_size=1024 596s + [[ ! -v KEEP_TEMPORARY_FILES ]] 596s + trap 'set +x; echo -e "\nUnexpected failure!!!"' ERR 596s + echo -n 01 596s + touch /tmp/sssd-softhsm2-certs-8e52g6/index.txt 596s + mkdir -p /tmp/sssd-softhsm2-certs-8e52g6/new_certs 596s + cat 596s + root_ca_key_pass=pass:random-root-CA-password-3807 596s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-key.pem -passout pass:random-root-CA-password-3807 1024 596s + openssl req -passin pass:random-root-CA-password-3807 -batch -config /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.config -x509 -new -nodes -key /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-key.pem -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.pem 596s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.pem 596s + cat 596s + intermediate_ca_key_pass=pass:random-intermediate-CA-password-19829 596s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-19829 1024 596s + openssl req -batch -new -nodes -passin pass:random-intermediate-CA-password-19829 -config /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-key.pem -passout pass:random-root-CA-password-3807 -sha256 -out /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-certificate-request.pem 596s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-certificate-request.pem 596s Certificate Request: 596s Data: 596s Version: 1 (0x0) 596s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 596s Subject Public Key Info: 596s Public Key Algorithm: rsaEncryption 596s Public-Key: (1024 bit) 596s Modulus: 596s 00:a3:be:55:0b:4e:c9:f6:3e:26:70:2e:0e:34:c5: 596s 4c:c6:a7:dd:2f:90:9e:10:8a:23:ed:1f:99:ba:a7: 596s c4:20:5d:4a:df:74:09:4c:42:8a:09:d2:86:c3:47: 596s 86:75:66:fd:6f:30:d9:a6:1f:87:b4:fe:3b:05:5b: 596s c7:69:b4:1a:a0:ca:d9:4d:b3:9b:e1:23:29:01:5f: 596s 78:b9:c1:7c:b1:e1:34:f0:99:77:84:0c:e8:c3:44: 596s a3:3e:a4:fa:d6:9e:f7:c6:84:f6:36:c9:d2:97:5c: 596s b0:c2:ae:fc:9c:c7:1a:cc:a6:5a:be:57:53:3f:a5: 596s 00:c1:fb:42:45:87:13:72:b3 596s Exponent: 65537 (0x10001) 596s Attributes: 596s (none) 596s Requested Extensions: 596s Signature Algorithm: sha256WithRSAEncryption 596s Signature Value: 596s 82:0d:95:74:38:23:69:e0:f7:9a:1f:0b:5e:77:51:5a:54:dd: 596s b4:10:86:d8:2c:8b:ef:6e:39:68:ce:54:8e:6d:f1:8e:30:c8: 596s 9a:11:28:34:38:cb:87:c2:4c:a8:7e:c4:ef:ac:37:27:28:2c: 596s c2:8f:cc:75:f3:d0:4e:ff:9e:95:38:83:d0:42:31:78:25:93: 596s 16:e4:ba:11:db:8f:a3:b6:3e:a7:18:c3:cf:59:ee:c4:4d:23: 596s 42:47:98:ce:8c:08:76:8b:46:4f:26:78:a3:a5:b7:aa:22:20: 596s c4:72:b4:44:b1:b2:4c:77:59:36:cb:38:72:8d:23:03:2c:a0: 596s 69:03 596s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.config -passin pass:random-root-CA-password-3807 -keyfile /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem 596s Using configuration from /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.config 596s Check that the request matches the signature 596s Signature ok 596s Certificate Details: 596s Serial Number: 1 (0x1) 596s Validity 596s Not Before: Jan 15 02:43:15 2025 GMT 596s Not After : Jan 15 02:43:15 2026 GMT 596s Subject: 596s organizationName = Test Organization 596s organizationalUnitName = Test Organization Unit 596s commonName = Test Organization Intermediate CA 596s X509v3 extensions: 596s X509v3 Subject Key Identifier: 596s 39:88:CF:00:B1:DC:94:91:38:24:68:99:22:D7:AE:15:81:24:1A:9A 596s X509v3 Authority Key Identifier: 596s keyid:84:06:05:DE:36:BC:9F:0B:BF:AF:CD:9A:82:FF:51:B7:76:7B:63:6D 596s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 596s serial:00 596s X509v3 Basic Constraints: 596s CA:TRUE 596s X509v3 Key Usage: critical 596s Digital Signature, Certificate Sign, CRL Sign 596s Certificate is to be certified until Jan 15 02:43:15 2026 GMT (365 days) 596s 596s Write out database with 1 new entries 596s Database updated 596s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem 596s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem 596s /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem: OK 596s + cat 596s + sub_intermediate_ca_key_pass=pass:random-sub-intermediate-CA-password-23062 596s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-key.pem -passout pass:random-sub-intermediate-CA-password-23062 1024 596s + openssl req -batch -new -nodes -passin pass:random-sub-intermediate-CA-password-23062 -config /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.config -key /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-key.pem -passout pass:random-intermediate-CA-password-19829 -sha256 -out /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-certificate-request.pem 596s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-certificate-request.pem 596s Certificate Request: 596s Data: 596s Version: 1 (0x0) 596s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 596s Subject Public Key Info: 596s Public Key Algorithm: rsaEncryption 596s Public-Key: (1024 bit) 596s Modulus: 596s 00:d0:2c:45:9a:68:1b:4c:fe:38:ca:f5:d6:da:b9: 596s d4:e5:08:ac:75:b5:03:7d:2c:af:dd:9c:37:30:c2: 596s d5:8b:c2:0c:74:e1:8c:c0:fb:50:80:43:81:0d:7a: 596s cf:71:fa:72:4a:6b:2b:b6:86:0c:88:b6:6b:3a:f9: 596s 9b:c5:fb:b7:d2:9b:03:b9:b2:d9:6c:02:c2:f3:2a: 596s 6b:4f:94:9c:91:6c:b5:2e:d5:48:e6:1b:cc:93:35: 596s 4b:a4:a2:7a:5a:8e:18:fe:30:93:82:0d:2c:19:61: 596s 07:06:5b:c8:37:82:80:7c:2e:db:6d:8b:e9:8b:dd: 596s ee:28:e1:9f:60:82:b5:38:35 596s Exponent: 65537 (0x10001) 596s Attributes: 596s (none) 596s Requested Extensions: 596s Signature Algorithm: sha256WithRSAEncryption 596s Signature Value: 596s 0a:6e:e9:e8:e6:60:36:09:e8:02:49:6c:df:f5:57:51:3d:a8: 596s a0:d7:fb:85:ec:fd:d0:e7:bc:c8:d4:0c:59:f7:58:20:aa:e5: 596s 91:3a:3a:f1:13:07:a8:cf:46:79:ea:7c:18:b0:f0:0e:ff:74: 596s 52:29:3a:9d:ed:7d:d5:0d:58:c3:71:6b:53:18:5c:e9:e6:f9: 596s 4a:2b:bf:cb:17:ac:18:18:ed:28:6e:38:71:c9:bd:1b:b3:b6: 596s b0:9e:57:ea:c2:81:0e:d9:8e:08:2d:71:72:46:bc:7d:8d:a6: 596s b1:be:16:65:98:a1:cb:70:8e:51:74:95:ee:3d:86:3c:dc:9c: 596s d7:3c 596s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.config -passin pass:random-intermediate-CA-password-19829 -keyfile /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-certificate-request.pem -days 365 -extensions v3_intermediate_ca -out /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem 596s Using configuration from /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.config 596s Check that the request matches the signature 596s Signature ok 596s Certificate Details: 596s Serial Number: 2 (0x2) 596s Validity 596s Not Before: Jan 15 02:43:15 2025 GMT 596s Not After : Jan 15 02:43:15 2026 GMT 596s Subject: 596s organizationName = Test Organization 596s organizationalUnitName = Test Organization Unit 596s commonName = Test Organization Sub Intermediate CA 596s X509v3 extensions: 596s X509v3 Subject Key Identifier: 596s B7:AA:98:D2:84:3D:E1:89:09:69:EE:71:F4:4D:3E:0E:55:CC:4F:8D 596s X509v3 Authority Key Identifier: 596s keyid:39:88:CF:00:B1:DC:94:91:38:24:68:99:22:D7:AE:15:81:24:1A:9A 596s DirName:/O=Test Organization/OU=Test Organization Unit/CN=Test Organization Root CA 596s serial:01 596s X509v3 Basic Constraints: 596s CA:TRUE 596s X509v3 Key Usage: critical 596s Digital Signature, Certificate Sign, CRL Sign 596s Certificate is to be certified until Jan 15 02:43:15 2026 GMT (365 days) 596s 596s Write out database with 1 new entries 596s Database updated 596s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem 596s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem 596s /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem: OK 596s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem 596s + local cmd=openssl 596s + shift 596s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem 596s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 596s error 20 at 0 depth lookup: unable to get local issuer certificate 596s error /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem: verification failed 596s + cat 596s + root_ca_trusted_cert_0001_key_pass=pass:random-root-ca-trusted-cert-0001-26440 596s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001-key.pem -passout pass:random-root-ca-trusted-cert-0001-26440 1024 596s + openssl req -new -nodes -reqexts req_exts -passin pass:random-root-ca-trusted-cert-0001-26440 -key /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001-request.pem 596s Certificate Request: 596s Data: 596s Version: 1 (0x0) 596s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 596s Subject Public Key Info: 596s Public Key Algorithm: rsaEncryption 596s Public-Key: (1024 bit) 596s Modulus: 596s 00:ba:85:c7:d7:ba:c3:ed:92:32:ee:1c:92:b4:7f: 596s 90:23:a4:27:35:4e:a0:9f:52:28:da:0b:dc:02:10: 596s 45:52:72:e8:24:b9:08:4d:3e:25:93:df:92:92:14: 596s 8e:23:fb:70:d7:9f:7f:ac:d8:e2:78:f1:f4:3f:2f: 596s b2:c6:02:5c:14:3b:23:e8:ad:15:f5:93:e3:cd:75: 596s 0e:05:6d:02:6d:9e:bb:b3:b7:09:40:cc:aa:cb:ea: 596s 1e:e0:18:96:0e:45:65:2c:1a:b6:4a:13:f0:ab:fc: 596s 73:c2:81:6c:72:13:ce:46:0b:49:a2:69:3a:af:cf: 596s 66:63:00:01:b4:e0:ae:06:bb 596s Exponent: 65537 (0x10001) 596s Attributes: 596s Requested Extensions: 596s X509v3 Basic Constraints: 596s CA:FALSE 596s Netscape Cert Type: 596s SSL Client, S/MIME 596s Netscape Comment: 596s Test Organization Root CA trusted Certificate 596s X509v3 Subject Key Identifier: 596s A6:FD:BE:4B:C7:7D:B5:B8:2E:F7:11:6E:89:A0:1A:D7:E6:35:73:BE 596s X509v3 Key Usage: critical 596s Digital Signature, Non Repudiation, Key Encipherment 596s X509v3 Extended Key Usage: 596s TLS Web Client Authentication, E-mail Protection 596s X509v3 Subject Alternative Name: 596s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 596s Signature Algorithm: sha256WithRSAEncryption 596s Signature Value: 596s 41:3e:04:75:c3:c0:bb:01:78:d3:62:9e:d3:ec:83:a1:a1:71: 596s 7c:bf:fb:29:75:06:b1:98:80:29:31:21:8c:f0:0c:b6:fa:f6: 596s 89:f3:34:a8:56:b9:3b:55:66:de:40:eb:a2:24:51:d9:ef:fe: 596s 99:03:b3:e2:e6:37:f0:3c:6c:97:ab:98:67:90:60:5f:81:77: 596s 91:df:04:6f:68:e1:c4:7c:1a:84:4a:53:03:b3:92:a7:eb:ea: 596s ee:5c:19:88:cb:8b:1e:79:c5:1f:c8:5c:1f:b8:56:49:54:e1: 596s bb:8a:81:21:61:6b:19:8f:21:8a:56:e8:8f:f8:40:bf:54:da: 596s cd:77 596s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001-request.pem 596s + openssl ca -batch -notext -config /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.config -passin pass:random-root-CA-password-3807 -keyfile /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-key.pem -in /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem 596s Using configuration from /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.config 596s Check that the request matches the signature 596s Signature ok 596s Certificate Details: 596s Serial Number: 3 (0x3) 596s Validity 596s Not Before: Jan 15 02:43:15 2025 GMT 596s Not After : Jan 15 02:43:15 2026 GMT 596s Subject: 596s organizationName = Test Organization 596s organizationalUnitName = Test Organization Unit 596s commonName = Test Organization Root Trusted Certificate 0001 596s X509v3 extensions: 596s X509v3 Authority Key Identifier: 596s 84:06:05:DE:36:BC:9F:0B:BF:AF:CD:9A:82:FF:51:B7:76:7B:63:6D 596s X509v3 Basic Constraints: 596s CA:FALSE 596s Netscape Cert Type: 596s SSL Client, S/MIME 596s Netscape Comment: 596s Test Organization Root CA trusted Certificate 596s X509v3 Subject Key Identifier: 596s A6:FD:BE:4B:C7:7D:B5:B8:2E:F7:11:6E:89:A0:1A:D7:E6:35:73:BE 596s X509v3 Key Usage: critical 596s Digital Signature, Non Repudiation, Key Encipherment 596s X509v3 Extended Key Usage: 596s TLS Web Client Authentication, E-mail Protection 596s X509v3 Subject Alternative Name: 596s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 596s Certificate is to be certified until Jan 15 02:43:15 2026 GMT (365 days) 596s 596s Write out database with 1 new entries 596s Database updated 596s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem 596s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem 596s /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem: OK 596s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem 596s + local cmd=openssl 596s + shift 596s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem 596s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root Trusted Certificate 0001 596s error 20 at 0 depth lookup: unable to get local issuer certificate 596s error /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem: verification failed 596s + cat 596s + intermediate_ca_trusted_cert_0001_key_pass=pass:random-intermediate-ca-trusted-cert-0001-4318 596s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-intermediate-ca-trusted-cert-0001-4318 1024 596s + openssl req -new -nodes -reqexts req_exts -passin pass:random-intermediate-ca-trusted-cert-0001-4318 -key /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001-request.pem 596s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001-request.pem 596s Certificate Request: 596s Data: 596s Version: 1 (0x0) 596s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate Trusted Certificate 0001 596s Subject Public Key Info: 596s Public Key Algorithm: rsaEncryption 596s Public-Key: (1024 bit) 596s Modulus: 596s 00:d1:79:16:d8:73:36:1a:89:f6:9b:17:27:20:fb: 596s ff:2e:e2:32:97:3c:f4:31:5b:03:14:ed:01:f6:86: 596s 9c:1e:2d:70:88:74:1f:b0:44:7c:e0:9c:b9:12:28: 596s b2:58:35:2c:65:39:de:9a:b3:7a:c9:8b:df:b5:dc: 596s 31:a4:8f:cc:2e:c9:d9:5a:89:a7:b6:75:a0:80:da: 596s a5:65:7d:09:9b:63:60:d0:d2:8e:e3:99:32:fe:12: 596s f5:2a:a5:8b:7d:8e:6a:97:1f:6e:ab:18:1c:14:28: 596s 5e:92:8b:4b:0e:b8:ea:c9:f4:75:ed:ec:f9:21:1f: 596s 6d:fb:3e:9c:d5:f4:b2:e6:71 596s Exponent: 65537 (0x10001) 596s Attributes: 596s Requested Extensions: 596s X509v3 Basic Constraints: 596s CA:FALSE 596s Netscape Cert Type: 596s SSL Client, S/MIME 596s Netscape Comment: 596s Test Organization Intermediate CA trusted Certificate 596s X509v3 Subject Key Identifier: 596s 61:3D:94:00:1C:49:18:74:EA:ED:DB:FA:50:B7:17:8C:7C:BA:07:4D 596s X509v3 Key Usage: critical 596s Digital Signature, Non Repudiation, Key Encipherment 596s X509v3 Extended Key Usage: 596s TLS Web Client Authentication, E-mail Protection 596s X509v3 Subject Alternative Name: 596s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 596s Signature Algorithm: sha256WithRSAEncryption 596s Signature Value: 596s 21:de:05:77:3d:02:15:5d:bc:f3:06:9b:b4:7a:84:3e:57:f1: 596s c7:15:eb:22:79:e6:32:44:bb:ff:13:12:2f:95:9d:7e:5a:b1: 596s c3:71:7a:ed:6c:64:55:24:31:df:b4:58:30:2e:17:4d:0e:ab: 596s f9:63:ae:a6:00:4d:d6:39:24:9f:fd:c8:75:32:39:c6:ea:90: 596s 9b:17:5f:71:53:06:ed:b1:b2:8d:9f:da:fa:be:64:86:32:ab: 596s 4f:4c:a2:12:19:a4:75:8f:d8:bf:24:c1:76:94:d0:66:d5:5d: 596s f6:5c:57:5d:ac:6c:56:70:e9:4b:52:e2:aa:43:c0:5b:de:e8: 596s 4b:cf 596s + openssl ca -passin pass:random-intermediate-CA-password-19829 -config /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem 596s Using configuration from /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.config 596s Check that the request matches the signature 596s Signature ok 596s Certificate Details: 596s Serial Number: 4 (0x4) 596s Validity 596s Not Before: Jan 15 02:43:15 2025 GMT 596s Not After : Jan 15 02:43:15 2026 GMT 596s Subject: 596s organizationName = Test Organization 596s organizationalUnitName = Test Organization Unit 596s commonName = Test Organization Intermediate Trusted Certificate 0001 596s X509v3 extensions: 596s X509v3 Authority Key Identifier: 596s 39:88:CF:00:B1:DC:94:91:38:24:68:99:22:D7:AE:15:81:24:1A:9A 596s X509v3 Basic Constraints: 596s CA:FALSE 596s Netscape Cert Type: 596s SSL Client, S/MIME 596s Netscape Comment: 596s Test Organization Intermediate CA trusted Certificate 596s X509v3 Subject Key Identifier: 596s 61:3D:94:00:1C:49:18:74:EA:ED:DB:FA:50:B7:17:8C:7C:BA:07:4D 596s X509v3 Key Usage: critical 596s Digital Signature, Non Repudiation, Key Encipherment 596s X509v3 Extended Key Usage: 596s TLS Web Client Authentication, E-mail Protection 596s X509v3 Subject Alternative Name: 596s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 596s Certificate is to be certified until Jan 15 02:43:15 2026 GMT (365 days) 596s 596s Write out database with 1 new entries 596s Database updated 596s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem 596s This certificate should not be trusted fully 596s + echo 'This certificate should not be trusted fully' 596s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem 596s + local cmd=openssl 596s + shift 596s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem 596s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 596s error 2 at 1 depth lookup: unable to get issuer certificate 596s error /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem: verification failed 596s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem 596s /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem: OK 596s + cat 596s + sub_intermediate_ca_trusted_cert_0001_key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-19084 596s + openssl genrsa -aes256 -out /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -passout pass:random-sub-intermediate-ca-trusted-cert-0001-19084 1024 597s + openssl req -new -nodes -reqexts req_exts -passin pass:random-sub-intermediate-ca-trusted-cert-0001-19084 -key /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -config /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.config -out /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 597s Certificate Request: 597s Data: 597s Version: 1 (0x0) 597s Subject: O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 597s Subject Public Key Info: 597s Public Key Algorithm: rsaEncryption 597s Public-Key: (1024 bit) 597s Modulus: 597s 00:c6:1a:e8:62:ce:b9:12:07:f3:13:3b:a9:23:db: 597s 7c:94:73:fc:7d:18:a0:83:3b:03:27:57:a3:12:d5: 597s 4e:0e:ec:d2:83:1a:7d:63:45:8e:7b:47:d9:2d:c3: 597s 66:b7:d1:be:76:aa:42:1e:eb:7b:ed:aa:30:e9:ee: 597s 3b:2b:53:c3:86:84:e2:bb:d5:1f:88:b3:88:26:d8: 597s a5:dd:95:6b:ec:11:33:ed:50:b3:75:f4:41:fb:d8: 597s 12:a8:bf:16:85:39:ef:a9:da:93:a7:41:3b:60:7b: 597s d6:fd:9f:df:57:61:b1:42:ac:a3:66:31:8b:11:a4: 597s 48:c6:58:72:81:dd:7f:67:7d 597s Exponent: 65537 (0x10001) 597s Attributes: 597s Requested Extensions: 597s X509v3 Basic Constraints: 597s CA:FALSE 597s Netscape Cert Type: 597s SSL Client, S/MIME 597s Netscape Comment: 597s Test Organization Sub Intermediate CA trusted Certificate 597s X509v3 Subject Key Identifier: 597s 0F:CC:DC:A2:8E:E4:DB:00:4B:9E:F0:67:50:06:4D:C0:CC:5D:18:40 597s X509v3 Key Usage: critical 597s Digital Signature, Non Repudiation, Key Encipherment 597s X509v3 Extended Key Usage: 597s TLS Web Client Authentication, E-mail Protection 597s X509v3 Subject Alternative Name: 597s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 597s Signature Algorithm: sha256WithRSAEncryption 597s Signature Value: 597s ad:6a:30:94:0b:ce:0a:ce:2c:a4:c4:1b:b7:a5:1f:09:dc:29: 597s be:22:65:cf:c4:df:8d:4e:94:3b:10:9c:1b:df:a1:e9:c8:00: 597s af:81:83:11:e6:14:2a:ee:83:43:7e:4c:4a:b0:57:92:83:45: 597s d4:4b:18:3d:af:31:f6:99:af:25:8a:10:4f:0c:54:e4:67:62: 597s c6:9c:ae:80:4c:15:01:45:f1:6a:26:77:82:2e:8f:d1:56:a4: 597s 47:f1:ef:b6:71:ab:a5:07:58:da:00:64:6b:b1:20:68:e9:42: 597s 69:8e:44:ef:54:f0:db:ff:b6:c2:f0:b0:e3:6a:99:91:79:c2: 597s ff:16 597s + openssl req -text -noout -in /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001-request.pem 597s + openssl ca -passin pass:random-sub-intermediate-CA-password-23062 -config /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.config -batch -notext -keyfile /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-key.pem -in /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001-request.pem -days 365 -extensions usr_cert -out /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem 597s Using configuration from /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.config 597s Check that the request matches the signature 597s Signature ok 597s Certificate Details: 597s Serial Number: 5 (0x5) 597s Validity 597s Not Before: Jan 15 02:43:16 2025 GMT 597s Not After : Jan 15 02:43:16 2026 GMT 597s Subject: 597s organizationName = Test Organization 597s organizationalUnitName = Test Organization Unit 597s commonName = Test Organization Sub Intermediate Trusted Certificate 0001 597s X509v3 extensions: 597s X509v3 Authority Key Identifier: 597s B7:AA:98:D2:84:3D:E1:89:09:69:EE:71:F4:4D:3E:0E:55:CC:4F:8D 597s X509v3 Basic Constraints: 597s CA:FALSE 597s Netscape Cert Type: 597s SSL Client, S/MIME 597s Netscape Comment: 597s Test Organization Sub Intermediate CA trusted Certificate 597s X509v3 Subject Key Identifier: 597s 0F:CC:DC:A2:8E:E4:DB:00:4B:9E:F0:67:50:06:4D:C0:CC:5D:18:40 597s X509v3 Key Usage: critical 597s Digital Signature, Non Repudiation, Key Encipherment 597s X509v3 Extended Key Usage: 597s TLS Web Client Authentication, E-mail Protection 597s X509v3 Subject Alternative Name: 597s email:mail@3v1n0.net, URI:https://github.com/3v1n0/ 597s Certificate is to be certified until Jan 15 02:43:16 2026 GMT (365 days) 597s 597s Write out database with 1 new entries 597s Database updated 597s + openssl x509 -noout -in /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem 597s This certificate should not be trusted fully 597s + echo 'This certificate should not be trusted fully' 597s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem 597s + local cmd=openssl 597s + shift 597s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem 597s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 597s error 2 at 1 depth lookup: unable to get issuer certificate 597s error /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 597s + expect_fail openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem 597s + local cmd=openssl 597s + shift 597s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem 597s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 597s error 20 at 0 depth lookup: unable to get local issuer certificate 597s error /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 597s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem 597s + expect_fail openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem 597s + local cmd=openssl 597s + shift 597s + openssl verify -partial_chain -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem 597s /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 597s Building a the full-chain CA file... 597s O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate Trusted Certificate 0001 597s error 20 at 0 depth lookup: unable to get local issuer certificate 597s error /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem: verification failed 597s + echo 'Building a the full-chain CA file...' 597s + cat /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem 597s + cat /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem 597s + cat /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem 597s + openssl crl2pkcs7 -nocrl -certfile /tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem 597s + openssl pkcs7 -print_certs -noout 597s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 597s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 597s 597s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 597s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Root CA 597s 597s subject=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Sub Intermediate CA 597s issuer=O=Test Organization, OU=Test Organization Unit, CN=Test Organization Intermediate CA 597s 597s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem 597s /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA.pem: OK 597s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem 597s /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem: OK 597s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem 597s /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem: OK 597s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-root-intermediate-chain-CA.pem 597s /tmp/sssd-softhsm2-certs-8e52g6/test-root-intermediate-chain-CA.pem: OK 597s + openssl verify -CAfile /tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem 597s /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem: OK 597s Certificates generation completed! 597s + echo 'Certificates generation completed!' 597s + [[ -v NO_SSSD_TESTS ]] 597s + [[ -v GENERATE_SMART_CARDS ]] 597s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem pass:random-root-ca-trusted-cert-0001-26440 597s + local certificate=/tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem 597s + local key_pass=pass:random-root-ca-trusted-cert-0001-26440 597s + local key_cn 597s + local key_name 597s + local tokens_dir 597s + local output_cert_file 597s + token_name= 597s ++ basename /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem .pem 597s + key_name=test-root-CA-trusted-certificate-0001 597s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem 597s ++ sed -n 's/ *commonName *= //p' 597s + key_cn='Test Organization Root Trusted Certificate 0001' 597s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 597s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-root-CA-trusted-certificate-0001.conf 597s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-root-CA-trusted-certificate-0001.conf 597s ++ basename /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-root-CA-trusted-certificate-0001.conf .conf 597s + tokens_dir=/tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-root-CA-trusted-certificate-0001 597s + token_name='Test Organization Root Tr Token' 597s + '[' '!' -e /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-root-CA-trusted-certificate-0001.conf ']' 597s + local key_file 597s + local decrypted_key 597s + mkdir -p /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-root-CA-trusted-certificate-0001 597s + key_file=/tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001-key.pem 597s + decrypted_key=/tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001-key-decrypted.pem 597s + cat 597s + softhsm2-util --init-token --label 'Test Organization Root Tr Token' --pin 123456 --so-pin 123456 --free 597s Slot 0 has a free/uninitialized token. 597s The token has been initialized and is reassigned to slot 1268271477 597s + softhsm2-util --show-slots 597s Available slots: 597s Slot 1268271477 597s Slot info: 597s Description: SoftHSM slot ID 0x4b984975 597s Manufacturer ID: SoftHSM project 597s Hardware version: 2.6 597s Firmware version: 2.6 597s Token present: yes 597s Token info: 597s Manufacturer ID: SoftHSM project 597s Model: SoftHSM v2 597s Hardware version: 2.6 597s Firmware version: 2.6 597s Serial number: 249b4b4dcb984975 597s Initialized: yes 597s User PIN init.: yes 597s Label: Test Organization Root Tr Token 597s Slot 1 597s Slot info: 597s Description: SoftHSM slot ID 0x1 597s Manufacturer ID: SoftHSM project 597s Hardware version: 2.6 597s Firmware version: 2.6 597s Token present: yes 597s Token info: 597s Manufacturer ID: SoftHSM project 597s Model: SoftHSM v2 597s Hardware version: 2.6 597s Firmware version: 2.6 597s Serial number: 597s Initialized: no 597s User PIN init.: no 597s Label: 597s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 597s + openssl rsa -passin pass:random-root-ca-trusted-cert-0001-26440 -in /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001-key-decrypted.pem 597s writing RSA key 597s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Root Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 597s + rm /tmp/sssd-softhsm2-certs-8e52g6/test-root-CA-trusted-certificate-0001-key-decrypted.pem 597s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 597s Object 0: 597s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=249b4b4dcb984975;token=Test%20Organization%20Root%20Tr%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Root%20Trusted%20Certificate%200001;type=cert 597s Type: X.509 Certificate (RSA-1024) 597s Expires: Thu Jan 15 02:43:15 2026 597s Label: Test Organization Root Trusted Certificate 0001 597s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 597s 597s + echo 'Test Organization Root Tr Token' 597s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem pass:random-intermediate-ca-trusted-cert-0001-4318 597s + local certificate=/tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem 597s + local key_pass=pass:random-intermediate-ca-trusted-cert-0001-4318 597s + local key_cn 597s + local key_name 597s + local tokens_dir 597s + local output_cert_file 597s + token_name= 597s Test Organization Root Tr Token 597s ++ basename /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem .pem 597s + key_name=test-intermediate-CA-trusted-certificate-0001 597s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem 597s ++ sed -n 's/ *commonName *= //p' 597s + key_cn='Test Organization Intermediate Trusted Certificate 0001' 597s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 597s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 597s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf 597s ++ basename /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf .conf 597s + tokens_dir=/tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-intermediate-CA-trusted-certificate-0001 597s + token_name='Test Organization Interme Token' 597s + '[' '!' -e /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-intermediate-CA-trusted-certificate-0001.conf ']' 597s + local key_file 597s + local decrypted_key 597s + mkdir -p /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-intermediate-CA-trusted-certificate-0001 597s + key_file=/tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001-key.pem 597s + decrypted_key=/tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 597s + cat 597s + softhsm2-util --init-token --label 'Test Organization Interme Token' --pin 123456 --so-pin 123456 --free 597s Slot 0 has a free/uninitialized token. 597s The token has been initialized and is reassigned to slot 171675860 597s + softhsm2-util --show-slots 597s Available slots: 597s Slot 171675860 597s Slot info: 597s Description: SoftHSM slot ID 0xa3b90d4 597s Manufacturer ID: SoftHSM project 597s Hardware version: 2.6 597s Firmware version: 2.6 597s Token present: yes 597s Token info: 597s Manufacturer ID: SoftHSM project 597s Model: SoftHSM v2 597s Hardware version: 2.6 597s Firmware version: 2.6 597s Serial number: 88a505008a3b90d4 597s Initialized: yes 597s User PIN init.: yes 597s Label: Test Organization Interme Token 597s Slot 1 597s Slot info: 597s Description: SoftHSM slot ID 0x1 597s Manufacturer ID: SoftHSM project 597s Hardware version: 2.6 597s Firmware version: 2.6 597s Token present: yes 597s Token info: 597s Manufacturer ID: SoftHSM project 597s Model: SoftHSM v2 597s Hardware version: 2.6 597s Firmware version: 2.6 597s Serial number: 597s Initialized: no 597s User PIN init.: no 597s Label: 597s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 597s + openssl rsa -passin pass:random-intermediate-ca-trusted-cert-0001-4318 -in /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 597s writing RSA key 597s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 597s + rm /tmp/sssd-softhsm2-certs-8e52g6/test-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 597s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 597s Object 0: 597s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=88a505008a3b90d4;token=Test%20Organization%20Interme%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Intermediate%20Trusted%20Certificate%200001;type=cert 597s Type: X.509 Certificate (RSA-1024) 597s Expires: Thu Jan 15 02:43:15 2026 597s Label: Test Organization Intermediate Trusted Certificate 0001 597s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 597s 597s Test Organization Interme Token 597s + echo 'Test Organization Interme Token' 597s + prepare_softhsm2_card /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem pass:random-sub-intermediate-ca-trusted-cert-0001-19084 597s + local certificate=/tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem 597s + local key_pass=pass:random-sub-intermediate-ca-trusted-cert-0001-19084 597s + local key_cn 597s + local key_name 597s + local tokens_dir 597s + local output_cert_file 597s + token_name= 597s ++ basename /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem .pem 597s + key_name=test-sub-intermediate-CA-trusted-certificate-0001 597s ++ openssl x509 -noout -subject -nameopt multiline -in /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem 597s ++ sed -n 's/ *commonName *= //p' 597s + key_cn='Test Organization Sub Intermediate Trusted Certificate 0001' 597s + '[' -v SOFTHSM2_ISOLATED_CONFIGS ']' 597s + export SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 597s + SOFTHSM2_CONF=/tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 597s ++ basename /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf .conf 597s + tokens_dir=/tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 597s + token_name='Test Organization Sub Int Token' 597s + '[' '!' -e /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf ']' 597s + local key_file 597s + local decrypted_key 597s + mkdir -p /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001 597s + key_file=/tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001-key.pem 597s + decrypted_key=/tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 597s + cat 597s + softhsm2-util --init-token --label 'Test Organization Sub Int Token' --pin 123456 --so-pin 123456 --free 597s Slot 0 has a free/uninitialized token. 597s The token has been initialized and is reassigned to slot 1214546827 597s + softhsm2-util --show-slots 597s Available slots: 597s Slot 1214546827 597s Slot info: 597s Description: SoftHSM slot ID 0x4864838b 597s Manufacturer ID: SoftHSM project 597s Hardware version: 2.6 597s Firmware version: 2.6 597s Token present: yes 597s Token info: 597s Manufacturer ID: SoftHSM project 597s Model: SoftHSM v2 597s Hardware version: 2.6 597s Firmware version: 2.6 597s Serial number: 16fd9613c864838b 597s Initialized: yes 597s User PIN init.: yes 597s Label: Test Organization Sub Int Token 597s Slot 1 597s Slot info: 597s Description: SoftHSM slot ID 0x1 597s Manufacturer ID: SoftHSM project 597s Hardware version: 2.6 597s Firmware version: 2.6 597s Token present: yes 597s Token info: 597s Manufacturer ID: SoftHSM project 597s Model: SoftHSM v2 597s Hardware version: 2.6 597s Firmware version: 2.6 597s Serial number: 597s Initialized: no 597s User PIN init.: no 597s Label: 597s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --no-mark-private --load-certificate=/tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001' --id 00112233445566778899FFAABBCCDDEEFF012345 597s + openssl rsa -passin pass:random-sub-intermediate-ca-trusted-cert-0001-19084 -in /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001-key.pem -out /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 597s writing RSA key 597s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --write --load-privkey=/tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem --login --set-pin=123456 --label 'Test Organization Sub Intermediate Trusted Certificate 0001 Key' --id 00112233445566778899FFAABBCCDDEEFF012345 597s + rm /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA-trusted-certificate-0001-key-decrypted.pem 597s + p11tool --provider=/usr/lib/aarch64-linux-gnu/softhsm/libsofthsm2.so --list-all 597s Object 0: 597s URL: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=16fd9613c864838b;token=Test%20Organization%20Sub%20Int%20Token;id=%00%11%22%33%44%55%66%77%88%99%FF%AA%BB%CC%DD%EE%FF%01%23%45;object=Test%20Organization%20Sub%20Intermediate%20Trusted%20Certificate%200001;type=cert 597s Type: X.509 Certificate (RSA-1024) 597s Expires: Thu Jan 15 02:43:16 2026 597s Label: Test Organization Sub Intermediate Trusted Certificate 0001 597s ID: 00:11:22:33:44:55:66:77:88:99:ff:aa:bb:cc:dd:ee:ff:01:23:45 597s 597s + echo 'Test Organization Sub Int Token' 597s Test Organization Sub Int Token 597s + echo 'Certificates generation completed!' 597s Certificates generation completed! 597s + exit 0 597s + find /tmp/sssd-softhsm2-certs-8e52g6 -type d -exec chmod 777 '{}' ';' 597s + find /tmp/sssd-softhsm2-certs-8e52g6 -type f -exec chmod 666 '{}' ';' 597s + backup_file /etc/sssd/sssd.conf 597s + '[' -z '' ']' 597s ++ mktemp -d -t sssd-softhsm2-backups-XXXXXX 597s + backupsdir=/tmp/sssd-softhsm2-backups-CRix6J 597s + '[' -e /etc/sssd/sssd.conf ']' 597s + delete_paths+=("$1") 597s + rm -f /etc/sssd/sssd.conf 597s ++ runuser -u ubuntu -- sh -c 'echo ~' 597s + user_home=/home/ubuntu 597s + mkdir -p /home/ubuntu 597s + chown ubuntu:ubuntu /home/ubuntu 597s ++ runuser -u ubuntu -- sh -c 'echo ${XDG_CONFIG_HOME:-~/.config}' 597s + user_config=/home/ubuntu/.config 597s + system_config=/etc 597s + softhsm2_conf_paths=("${AUTOPKGTEST_NORMAL_USER}:$user_config/softhsm2/softhsm2.conf" "root:$system_config/softhsm/softhsm2.conf") 597s + for path_pair in "${softhsm2_conf_paths[@]}" 597s + IFS=: 597s + read -r -a path 597s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 597s + backup_file /home/ubuntu/.config/softhsm2/softhsm2.conf 597s + '[' -z /tmp/sssd-softhsm2-backups-CRix6J ']' 597s + '[' -e /home/ubuntu/.config/softhsm2/softhsm2.conf ']' 597s + delete_paths+=("$1") 597s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 597s + for path_pair in "${softhsm2_conf_paths[@]}" 597s + IFS=: 597s + read -r -a path 597s + path=/etc/softhsm/softhsm2.conf 597s + backup_file /etc/softhsm/softhsm2.conf 597s + '[' -z /tmp/sssd-softhsm2-backups-CRix6J ']' 597s + '[' -e /etc/softhsm/softhsm2.conf ']' 597s ++ dirname /etc/softhsm/softhsm2.conf 597s + local back_dir=/tmp/sssd-softhsm2-backups-CRix6J//etc/softhsm 597s ++ basename /etc/softhsm/softhsm2.conf 597s + local back_path=/tmp/sssd-softhsm2-backups-CRix6J//etc/softhsm/softhsm2.conf 597s + '[' '!' -e /tmp/sssd-softhsm2-backups-CRix6J//etc/softhsm/softhsm2.conf ']' 597s + mkdir -p /tmp/sssd-softhsm2-backups-CRix6J//etc/softhsm 597s + cp -a /etc/softhsm/softhsm2.conf /tmp/sssd-softhsm2-backups-CRix6J//etc/softhsm/softhsm2.conf 597s + restore_paths+=("$back_path") 597s + rm -f /etc/softhsm/softhsm2.conf 597s + test_authentication login /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-root-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem 597s + pam_service=login 597s + certificate_config=/tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-root-CA-trusted-certificate-0001.conf 597s + ca_db=/tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem 597s + verification_options= 597s + mkdir -p -m 700 /etc/sssd 597s Using CA DB '/tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem' with verification options: '' 597s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 597s + cat 597s + chmod 600 /etc/sssd/sssd.conf 597s + for path_pair in "${softhsm2_conf_paths[@]}" 597s + IFS=: 597s + read -r -a path 597s + user=ubuntu 597s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 597s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 597s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 597s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-root-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 597s + runuser -u ubuntu -- softhsm2-util --show-slots 597s + grep 'Test Organization' 597s Label: Test Organization Root Tr Token 597s + for path_pair in "${softhsm2_conf_paths[@]}" 597s + IFS=: 597s + read -r -a path 597s + user=root 597s + path=/etc/softhsm/softhsm2.conf 597s ++ dirname /etc/softhsm/softhsm2.conf 597s + runuser -u root -- mkdir -p /etc/softhsm 597s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-root-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 597s + runuser -u root -- softhsm2-util --show-slots 597s + grep 'Test Organization' 597s Label: Test Organization Root Tr Token 597s + systemctl restart sssd 598s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 598s + for alternative in "${alternative_pam_configs[@]}" 598s + pam-auth-update --enable sss-smart-card-optional 598s + cat /etc/pam.d/common-auth 598s # 598s # /etc/pam.d/common-auth - authentication settings common to all services 598s # 598s # This file is included from other service-specific PAM config files, 598s # and should contain a list of the authentication modules that define 598s # the central authentication scheme for use on the system 598s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 598s # traditional Unix authentication mechanisms. 598s # 598s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 598s # To take advantage of this, it is recommended that you configure any 598s # local modules either before or after the default block, and use 598s # pam-auth-update to manage selection of other modules. See 598s # pam-auth-update(8) for details. 598s 598s # here are the per-package modules (the "Primary" block) 598s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 598s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 598s auth [success=1 default=ignore] pam_sss.so use_first_pass 598s # here's the fallback if no module succeeds 598s auth requisite pam_deny.so 598s # prime the stack with a positive return value if there isn't one already; 598s # this avoids us returning an error just because nothing sets a success code 598s # since the modules above will each just jump around 598s auth required pam_permit.so 598s # and here are more per-package modules (the "Additional" block) 598s auth optional pam_cap.so 598s # end of pam-auth-update config 598s + echo -n -e 123456 598s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 598s pamtester: invoking pam_start(login, ubuntu, ...) 598s pamtester: performing operation - authenticate 598s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 598s + echo -n -e 123456 598s + runuser -u ubuntu -- pamtester -v login '' authenticate 598s pamtester: invoking pam_start(login, , ...) 598s pamtester: performing operation - authenticate 598s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 598s + echo -n -e wrong123456 598s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 598s pamtester: invoking pam_start(login, ubuntu, ...) 598s pamtester: performing operation - authenticate 601s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 601s + echo -n -e wrong123456 601s + runuser -u ubuntu -- pamtester -v login '' authenticate 601s pamtester: invoking pam_start(login, , ...) 601s pamtester: performing operation - authenticate 604s PIN for Test Organization Root Tr Token: Password: pamtester: Authentication failure 604s + echo -n -e 123456 604s + pamtester -v login root authenticate 604s pamtester: invoking pam_start(login, root, ...) 604s pamtester: performing operation - authenticate 606s Password: pamtester: Authentication failure 606s + for alternative in "${alternative_pam_configs[@]}" 606s + pam-auth-update --enable sss-smart-card-required 606s PAM configuration 606s ----------------- 606s 606s Incompatible PAM profiles selected. 606s 606s The following PAM profiles cannot be used together: 606s 606s SSS required smart card authentication, SSS optional smart card 606s authentication 606s 606s Please select a different set of modules to enable. 606s 606s + cat /etc/pam.d/common-auth 606s # 606s # /etc/pam.d/common-auth - authentication settings common to all services 606s # 606s # This file is included from other service-specific PAM config files, 606s # and should contain a list of the authentication modules that define 606s # the central authentication scheme for use on the system 606s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 606s # traditional Unix authentication mechanisms. 606s # 606s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 606s # To take advantage of this, it is recommended that you configure any 606s # local modules either before or after the default block, and use 606s # pam-auth-update to manage selection of other modules. See 606s # pam-auth-update(8) for details. 606s 606s # here are the per-package modules (the "Primary" block) 606s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 606s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 606s auth [success=1 default=ignore] pam_sss.so use_first_pass 606s # here's the fallback if no module succeeds 606s auth requisite pam_deny.so 606s # prime the stack with a positive return value if there isn't one already; 606s # this avoids us returning an error just because nothing sets a success code 606s # since the modules above will each just jump around 606s auth required pam_permit.so 606s # and here are more per-package modules (the "Additional" block) 606s auth optional pam_cap.so 606s # end of pam-auth-update config 606s + echo -n -e 123456 606s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 606s pamtester: invoking pam_start(login, ubuntu, ...) 606s pamtester: performing operation - authenticate 606s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 606s + echo -n -e 123456 606s + runuser -u ubuntu -- pamtester -v login '' authenticate 606s pamtester: invoking pam_start(login, , ...) 606s pamtester: performing operation - authenticate 606s PIN for Test Organization Root Tr Token: pamtester: successfully authenticated 606s + echo -n -e wrong123456 606s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 606s pamtester: invoking pam_start(login, ubuntu, ...) 606s pamtester: performing operation - authenticate 609s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 609s + echo -n -e wrong123456 609s + runuser -u ubuntu -- pamtester -v login '' authenticate 609s pamtester: invoking pam_start(login, , ...) 609s pamtester: performing operation - authenticate 613s PIN for Test Organization Root Tr Token: pamtester: Authentication failure 613s + echo -n -e 123456 613s + pamtester -v login root authenticate 613s pamtester: invoking pam_start(login, root, ...) 613s pamtester: performing operation - authenticate 617s pamtester: Authentication service cannot retrieve authentication info 617s + test_authentication login /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem 617s + pam_service=login 617s + certificate_config=/tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 617s + ca_db=/tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem 617s + verification_options= 617s + mkdir -p -m 700 /etc/sssd 617s Using CA DB '/tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem' with verification options: '' 617s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-8e52g6/test-full-chain-CA.pem'\'' with verification options: '\'''\''' 617s + cat 617s + chmod 600 /etc/sssd/sssd.conf 617s + for path_pair in "${softhsm2_conf_paths[@]}" 617s + IFS=: 617s + read -r -a path 617s + user=ubuntu 617s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 617s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 617s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 617s Label: Test Organization Sub Int Token 617s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 617s + runuser -u ubuntu -- softhsm2-util --show-slots 617s + grep 'Test Organization' 617s + for path_pair in "${softhsm2_conf_paths[@]}" 617s + IFS=: 617s + read -r -a path 617s + user=root 617s + path=/etc/softhsm/softhsm2.conf 617s ++ dirname /etc/softhsm/softhsm2.conf 617s + runuser -u root -- mkdir -p /etc/softhsm 617s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 617s + runuser -u root -- softhsm2-util --show-slots 617s + grep 'Test Organization' 617s Label: Test Organization Sub Int Token 617s + systemctl restart sssd 617s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 617s + for alternative in "${alternative_pam_configs[@]}" 617s + pam-auth-update --enable sss-smart-card-optional 617s + cat /etc/pam.d/common-auth 617s # 617s # /etc/pam.d/common-auth - authentication settings common to all services 617s # 617s # This file is included from other service-specific PAM config files, 617s # and should contain a list of the authentication modules that define 617s # the central authentication scheme for use on the system 617s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 617s # traditional Unix authentication mechanisms. 617s # 617s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 617s # To take advantage of this, it is recommended that you configure any 617s # local modules either before or after the default block, and use 617s # pam-auth-update to manage selection of other modules. See 617s # pam-auth-update(8) for details. 617s 617s # here are the per-package modules (the "Primary" block) 617s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 617s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 617s auth [success=1 default=ignore] pam_sss.so use_first_pass 617s # here's the fallback if no module succeeds 617s auth requisite pam_deny.so 617s # prime the stack with a positive return value if there isn't one already; 617s # this avoids us returning an error just because nothing sets a success code 617s # since the modules above will each just jump around 617s auth required pam_permit.so 617s # and here are more per-package modules (the "Additional" block) 617s auth optional pam_cap.so 617s # end of pam-auth-update config 617s + echo -n -e 123456 617s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 617s pamtester: invoking pam_start(login, ubuntu, ...) 617s pamtester: performing operation - authenticate 617s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 617s + echo -n -e 123456 617s + runuser -u ubuntu -- pamtester -v login '' authenticate 617s pamtester: invoking pam_start(login, , ...) 617s pamtester: performing operation - authenticate 617s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 617s + echo -n -e wrong123456 617s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 617s pamtester: invoking pam_start(login, ubuntu, ...) 617s pamtester: performing operation - authenticate 620s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 620s + echo -n -e wrong123456 620s + runuser -u ubuntu -- pamtester -v login '' authenticate 620s pamtester: invoking pam_start(login, , ...) 620s pamtester: performing operation - authenticate 624s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 624s + echo -n -e 123456 624s + pamtester -v login root authenticate 624s pamtester: invoking pam_start(login, root, ...) 624s pamtester: performing operation - authenticate 627s Password: pamtester: Authentication failure 627s + for alternative in "${alternative_pam_configs[@]}" 627s + pam-auth-update --enable sss-smart-card-required 627s PAM configuration 627s ----------------- 627s 627s Incompatible PAM profiles selected. 627s 627s The following PAM profiles cannot be used together: 627s 627s SSS required smart card authentication, SSS optional smart card 627s authentication 627s 627s Please select a different set of modules to enable. 627s 627s + cat /etc/pam.d/common-auth 627s # 627s # /etc/pam.d/common-auth - authentication settings common to all services 627s # 627s # This file is included from other service-specific PAM config files, 627s # and should contain a list of the authentication modules that define 627s # the central authentication scheme for use on the system 627s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 627s # traditional Unix authentication mechanisms. 627s # 627s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 627s # To take advantage of this, it is recommended that you configure any 627s # local modules either before or after the default block, and use 627s # pam-auth-update to manage selection of other modules. See 627s # pam-auth-update(8) for details. 627s 627s # here are the per-package modules (the "Primary" block) 627s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 627s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 627s auth [success=1 default=ignore] pam_sss.so use_first_pass 627s # here's the fallback if no module succeeds 627s auth requisite pam_deny.so 627s # prime the stack with a positive return value if there isn't one already; 627s # this avoids us returning an error just because nothing sets a success code 627s # since the modules above will each just jump around 627s auth required pam_permit.so 627s # and here are more per-package modules (the "Additional" block) 627s auth optional pam_cap.so 627s # end of pam-auth-update config 627s + echo -n -e 123456 627s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 627s pamtester: invoking pam_start(login, ubuntu, ...) 627s pamtester: performing operation - authenticate 627s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 627s + echo -n -e 123456 627s + runuser -u ubuntu -- pamtester -v login '' authenticate 627s pamtester: invoking pam_start(login, , ...) 627s pamtester: performing operation - authenticate 628s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 628s + echo -n -e wrong123456 628s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 628s pamtester: invoking pam_start(login, ubuntu, ...) 628s pamtester: performing operation - authenticate 629s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 629s + echo -n -e wrong123456 629s + runuser -u ubuntu -- pamtester -v login '' authenticate 629s pamtester: invoking pam_start(login, , ...) 629s pamtester: performing operation - authenticate 632s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 632s + echo -n -e 123456 632s + pamtester -v login root authenticate 632s pamtester: invoking pam_start(login, root, ...) 632s pamtester: performing operation - authenticate 636s pamtester: Authentication service cannot retrieve authentication info 636s + test_authentication login /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem partial_chain 636s + pam_service=login 636s + certificate_config=/tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf 636s + ca_db=/tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem 636s + verification_options=partial_chain 636s + mkdir -p -m 700 /etc/sssd 636s Using CA DB '/tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem' with verification options: 'partial_chain' 636s + echo 'Using CA DB '\''/tmp/sssd-softhsm2-certs-8e52g6/test-sub-intermediate-CA.pem'\'' with verification options: '\''partial_chain'\''' 636s + cat 636s + chmod 600 /etc/sssd/sssd.conf 636s + for path_pair in "${softhsm2_conf_paths[@]}" 636s + IFS=: 636s + read -r -a path 636s + user=ubuntu 636s + path=/home/ubuntu/.config/softhsm2/softhsm2.conf 636s ++ dirname /home/ubuntu/.config/softhsm2/softhsm2.conf 636s + runuser -u ubuntu -- mkdir -p /home/ubuntu/.config/softhsm2 636s + runuser -u ubuntu -- ln -sf /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /home/ubuntu/.config/softhsm2/softhsm2.conf 636s + runuser -u ubuntu -- softhsm2-util --show-slots 636s + grep 'Test Organization' 636s Label: Test Organization Sub Int Token 636s + for path_pair in "${softhsm2_conf_paths[@]}" 636s + IFS=: 636s + read -r -a path 636s + user=root 636s + path=/etc/softhsm/softhsm2.conf 636s ++ dirname /etc/softhsm/softhsm2.conf 636s + runuser -u root -- mkdir -p /etc/softhsm 636s + runuser -u root -- ln -sf /tmp/sssd-softhsm2-certs-8e52g6/softhsm2-test-sub-intermediate-CA-trusted-certificate-0001.conf /etc/softhsm/softhsm2.conf 636s + runuser -u root -- softhsm2-util --show-slots 636s + grep 'Test Organization' 636s Label: Test Organization Sub Int Token 636s + systemctl restart sssd 636s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 636s + for alternative in "${alternative_pam_configs[@]}" 636s + pam-auth-update --enable sss-smart-card-optional 637s + cat /etc/pam.d/common-auth 637s # 637s # /etc/pam.d/common-auth - authentication settings common to all services 637s # 637s # This file is included from other service-specific PAM config files, 637s # and should contain a list of the authentication modules that define 637s # the central authentication scheme for use on the system 637s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 637s # traditional Unix authentication mechanisms. 637s # 637s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 637s # To take advantage of this, it is recommended that you configure any 637s # local modules either before or after the default block, and use 637s # pam-auth-update to manage selection of other modules. See 637s # pam-auth-update(8) for details. 637s 637s # here are the per-package modules (the "Primary" block) 637s auth [success=3 default=ignore] pam_sss.so allow_missing_name try_cert_auth 637s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 637s auth [success=1 default=ignore] pam_sss.so use_first_pass 637s # here's the fallback if no module succeeds 637s auth requisite pam_deny.so 637s # prime the stack with a positive return value if there isn't one already; 637s # this avoids us returning an error just because nothing sets a success code 637s # since the modules above will each just jump around 637s auth required pam_permit.so 637s # and here are more per-package modules (the "Additional" block) 637s auth optional pam_cap.so 637s # end of pam-auth-update config 637s + echo -n -e 123456 637s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 637s pamtester: invoking pam_start(login, ubuntu, ...) 637s pamtester: performing operation - authenticate 637s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 637s + echo -n -e 123456 637s + runuser -u ubuntu -- pamtester -v login '' authenticate 637s pamtester: invoking pam_start(login, , ...) 637s pamtester: performing operation - authenticate 637s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 637s + echo -n -e wrong123456 637s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 637s pamtester: invoking pam_start(login, ubuntu, ...) 637s pamtester: performing operation - authenticate 639s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 639s + echo -n -e wrong123456 639s + runuser -u ubuntu -- pamtester -v login '' authenticate 639s pamtester: invoking pam_start(login, , ...) 639s pamtester: performing operation - authenticate 643s PIN for Test Organization Sub Int Token: Password: pamtester: Authentication failure 643s + echo -n -e 123456 643s + pamtester -v login root authenticate 643s pamtester: invoking pam_start(login, root, ...) 643s pamtester: performing operation - authenticate 647s Password: pamtester: Authentication failure 647s + for alternative in "${alternative_pam_configs[@]}" 647s + pam-auth-update --enable sss-smart-card-required 647s PAM configuration 647s ----------------- 647s 647s Incompatible PAM profiles selected. 647s 647s The following PAM profiles cannot be used together: 647s 647s SSS required smart card authentication, SSS optional smart card 647s authentication 647s 647s Please select a different set of modules to enable. 647s 647s + cat /etc/pam.d/common-auth 647s # 647s # /etc/pam.d/common-auth - authentication settings common to all services 647s # 647s # This file is included from other service-specific PAM config files, 647s # and should contain a list of the authentication modules that define 647s # the central authentication scheme for use on the system 647s # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the 647s # traditional Unix authentication mechanisms. 647s # 647s # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. 647s # To take advantage of this, it is recommended that you configure any 647s # local modules either before or after the default block, and use 647s # pam-auth-update to manage selection of other modules. See 647s # pam-auth-update(8) for details. 647s 647s # here are the per-package modules (the "Primary" block) 647s auth [success=3 ignore=ignore default=die] pam_sss.so allow_missing_name require_cert_auth 647s auth [success=2 default=ignore] pam_unix.so nullok try_first_pass 647s auth [success=1 default=ignore] pam_sss.so use_first_pass 647s # here's the fallback if no module succeeds 647s auth requisite pam_deny.so 647s # prime the stack with a positive return value if there isn't one already; 647s # this avoids us returning an error just because nothing sets a success code 647s # since the modules above will each just jump around 647s auth required pam_permit.so 647s # and here are more per-package modules (the "Additional" block) 647s auth optional pam_cap.so 647s # end of pam-auth-update config 647s + echo -n -e 123456 647s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 647s pamtester: invoking pam_start(login, ubuntu, ...) 647s pamtester: performing operation - authenticate 647s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 647s + echo -n -e 123456 647s + runuser -u ubuntu -- pamtester -v login '' authenticate 647s pamtester: invoking pam_start(login, , ...) 647s pamtester: performing operation - authenticate 647s PIN for Test Organization Sub Int Token: pamtester: successfully authenticated 647s + echo -n -e wrong123456 647s + runuser -u ubuntu -- pamtester -v login ubuntu authenticate 647s pamtester: invoking pam_start(login, ubuntu, ...) 647s pamtester: performing operation - authenticate 649s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 649s + echo -n -e wrong123456 649s + runuser -u ubuntu -- pamtester -v login '' authenticate 649s pamtester: invoking pam_start(login, , ...) 649s pamtester: performing operation - authenticate 652s PIN for Test Organization Sub Int Token: pamtester: Authentication failure 652s + echo -n -e 123456 652s + pamtester -v login root authenticate 652s pamtester: invoking pam_start(login, root, ...) 652s pamtester: performing operation - authenticate 654s pamtester: Authentication service cannot retrieve authentication info 654s + handle_exit 654s + exit_code=0 654s + restore_changes 654s + for path in "${restore_paths[@]}" 654s + local original_path 654s ++ realpath --strip --relative-base=/tmp/sssd-softhsm2-backups-CRix6J /tmp/sssd-softhsm2-backups-CRix6J//etc/softhsm/softhsm2.conf 654s + original_path=/etc/softhsm/softhsm2.conf 654s + rm /etc/softhsm/softhsm2.conf 654s + mv /tmp/sssd-softhsm2-backups-CRix6J//etc/softhsm/softhsm2.conf /etc/softhsm/softhsm2.conf 654s + for path in "${delete_paths[@]}" 654s + rm -f /etc/sssd/sssd.conf 654s + for path in "${delete_paths[@]}" 654s + rm -f /home/ubuntu/.config/softhsm2/softhsm2.conf 654s + pam-auth-update --disable sss-smart-card-optional sss-smart-card-required 654s + '[' -e /etc/sssd/sssd.conf ']' 654s + systemctl stop sssd 654s + '[' -e /etc/softhsm/softhsm2.conf ']' 654s + chmod 600 /etc/softhsm/softhsm2.conf 654s + rm -rf /tmp/sssd-softhsm2-certs-8e52g6 654s + '[' 0 = 0 ']' 654s + rm -rf /tmp/sssd-softhsm2-backups-CRix6J 654s + set +x 654s Script completed successfully! 655s autopkgtest [02:44:14]: test sssd-smart-card-pam-auth-configs: -----------------------] 655s sssd-smart-card-pam-auth-configs PASS 655s autopkgtest [02:44:14]: test sssd-smart-card-pam-auth-configs: - - - - - - - - - - results - - - - - - - - - - 656s autopkgtest [02:44:15]: @@@@@@@@@@@@@@@@@@@@ summary 656s ldap-user-group-ldap-auth PASS 656s ldap-user-group-krb5-auth PASS 656s sssd-softhism2-certificates-tests.sh PASS 656s sssd-smart-card-pam-auth-configs PASS 661s nova [W] Using flock in prodstack6-arm64 661s Creating nova instance adt-plucky-arm64-sssd-20250115-023319-juju-7f2275-prod-proposed-migration-environment-2-83a36827-b34b-4e82-a71f-c0da86c00570 from image adt/ubuntu-plucky-arm64-server-20250115.img (UUID 49095213-1241-4691-b777-e92a1186028a)... 661s nova [W] Timed out waiting for b581d0f4-79c8-43f8-9f3b-a0a0c0a3c486 to get deleted. 661s nova [W] Using flock in prodstack6-arm64 661s Creating nova instance adt-plucky-arm64-sssd-20250115-023319-juju-7f2275-prod-proposed-migration-environment-2-83a36827-b34b-4e82-a71f-c0da86c00570 from image adt/ubuntu-plucky-arm64-server-20250115.img (UUID 49095213-1241-4691-b777-e92a1186028a)... 661s nova [W] Timed out waiting for 7de858fd-2214-4425-9969-c398e1c6dce1 to get deleted.