Merge ~ahasenack/ubuntu/+source/libfido2:focal-libfido2-enable-tests into ubuntu/+source/libfido2:ubuntu/devel

Odd tests for sure...
Can't we make "echo "SUCCESS: regression tests passed"" to only appear if the tests worked.
Isn't there an RC or anything in the output that we can check.

At lesat the re-run with an error that we introduce seems extra effort that is error-prone and IMHO likely to break on updates.

I'd even be fine to have this behavior:
 echo "Starting tests"
  # Tests that might be silent
 echo "Tests completed - if there is no output since 'Starting tests' they are all good"

Maybe you just need to talk to me about the details, but only looking at the MP I'm not buying it that this is the right way :-)

This is how the tests are built and run:
CMakeLists.txt:
...
if(NOT WIN32)
    if(CMAKE_BUILD_TYPE STREQUAL "Debug")
        if(NOT MSAN AND NOT LIBFUZZER)
            subdirs(regress) <--- adds the regress/ directory
        endif()
..

regress/CMakeLists.txt, once per test:
# cred
add_executable(regress_cred cred.c)
target_link_libraries(regress_cred fido2_shared)
add_custom_command(TARGET regress_cred POST_BUILD COMMAND regress_cred)

So it's just a post build command, and the output is silent. It's not even telling you the test is being run. If the test fails, it core dumps with an assertion error (all tests are asserts it seems).

Someone looking at this output (the good case) and who doesn't know this package won't know if tests are being run or not.

There is no specific test case target. If for some reason, or bug, upstream no longer includes "regress/" in the build, and the build succeeds, we will think the tests also succeeded. That's why I think the injected error is an important safeguard.

Oh, and security kind of liked this error injection:
 <sarnold> ahasenack: "Expected regression test failure did not happen", nice
 <sarnold> ahasenack: it's not the easiest thing to try to convey that something should have failed, but it didn't fail, and that's a failure :)
 <sarnold> ahasenack: but this does a good job of it, well done

Thanks for explaining, then it is maybe just my expectation that was wrong.
I mean it works - and that much better than before.

Who cares that I find the change odd :-)

I'd appreciate ever extra line of comment in d/rules to make this clear for the next one looking at it. But other than that I'm +1 then.

Added more comments to d/rules. I'll leave this commit unsquashed, and it can get cleaned up in the next merge/upload.

This change doesn't require an FFe, so I'm tagging and uploading 1d151615c3164b276fbaa817b397bebe29cfe6d8

$ git push pkg upload/1.3.1-1ubuntu1
Enumerating objects: 22, done.
Counting objects: 100% (22/22), done.
Delta compression using up to 4 threads
Compressing objects: 100% (17/17), done.
Writing objects: 100% (17/17), 2.65 KiB | 2.65 MiB/s, done.
Total 17 (delta 11), reused 0 (delta 0)
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/libfido2
 * [new tag] upload/1.3.1-1ubuntu1 -> upload/1.3.1-1ubuntu1

$ dput ubuntu ../libfido2_1.3.1-1ubuntu1_source.changes
Checking signature on .changes
gpg: ../libfido2_1.3.1-1ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../libfido2_1.3.1-1ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading libfido2_1.3.1-1ubuntu1.dsc: done.
  Uploading libfido2_1.3.1-1ubuntu1.debian.tar.xz: done.
  Uploading libfido2_1.3.1-1ubuntu1_source.buildinfo: done.
  Uploading libfido2_1.3.1-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Also submitted to Debian: https://salsa.debian.org/auth-team/libfido2/-/merge_requests/4

Oh, I should have waited for the new libcbor, bummer. Oh well, no-change-rebuild it is (after).