OpenSSL 1.1.1n test failures due to expired certificates (time bomb)

  • Open
  • quality assurance status badge
Details
4 participants
  • Ludovic Courtès
  • Maxime Devos
  • Sjors Provoost
  • zimoun
Owner
unassigned
Submitted by
Sjors Provoost
Severity
important
Merged with
S
S
Sjors Provoost wrote on 19 Oct 2022 21:46
build of /gnu/store/mw6ax0gk33gh082anrdrxp2flrbskxv6-openssl-1.1.1n.drv failed
(address . bug-guix@gnu.org)
1DA1DE12-F6F8-466C-A81F-1823B6626F65@sprovoost.nl
Sorry if this is a duplicate or has already been fixed in a more recent commit.

/builder for `/gnu/store/mw6ax0gk33gh082anrdrxp2flrbskxv6-openssl-1.1.1n.drv' failed with exit code 1
build of /gnu/store/mw6ax0gk33gh082anrdrxp2flrbskxv6-openssl-1.1.1n.drv failed
View build log at '/var/log/guix/drvs/mw/6ax0gk33gh082anrdrxp2flrbskxv6-openssl-1.1.1n.drv.gz'.
cannot build derivation `/gnu/store/236k6ncjl0nf7bqv4j0hni8i4yib3la4-git-minimal-2.36.0.drv': 1 dependencies couldn't be built
cannot build derivation `/gnu/store/gd577lh9007s0687m56fn65n8hrsjiqf-mallard-ducktype-1.0.2-checkout.drv': 1 dependencies couldn't be built
cannot build derivation `/gnu/store/rvj5bx06w2kjlxm3fg5p88dkxb6n8v9p-openjpeg-data-2020.11.30-checkout.drv': 1 dependencies couldn't be built
cannot build derivation `/gnu/store/00p96drllzndfp7zr63y26n1d64bdjwl-mallard-ducktype-1.0.2.drv': 1 dependencies couldn't be built
cannot build derivation `/gnu/store/kz4g88f4jv0w75qibq74q5lmpkgpl894-openjpeg-data-2020.11.30.drv': 1 dependencies couldn't be built
cannot build derivation `/gnu/store/izf75k3gvz0x6399qiks1drps445ykpg-openjpeg-2.4.0.drv': 1 dependencies couldn't be built
Backtrace:
14 (primitive-load "/gnu/store/wkw084zcvkyj53acs1gkchnvp0m7bvbl-compute-guix-derivation")
In ice-9/eval.scm:
155:9 13 (_ _)
159:9 12 (_ #(#(#(#(#(#(#(#(#(#(#(#(#(#(#(#(#<directory (guile-u?> ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?))
In ice-9/boot-9.scm:
152:2 11 (with-fluid* _ _ _)
152:2 10 (with-fluid* _ _ _)
In ./guix/store.scm:
2129:24 9 (run-with-store #<store-connection 256.99 7fbb6af39140> #<procedure 7fbb55577a50 at ./guix/self.scm:12?> ?)
1966:8 8 (_ #<store-connection 256.99 7fbb6af39140>)
In ./guix/gexp.scm:
300:22 7 (_ #<store-connection 256.99 7fbb6af39140>)
1181:2 6 (_ #<store-connection 256.99 7fbb6a984690>)
1047:2 5 (_ #<store-connection 256.99 7fbb6a984690>)
893:4 4 (_ #<store-connection 256.99 7fbb6a984690>)
In ./guix/store.scm:
2014:12 3 (_ #<store-connection 256.99 7fbb6a984690>)
1406:5 2 (map/accumulate-builds #<store-connection 256.99 7fbb6a984690> #<procedure 7fbb5d369580 at ./guix/stor?> ?)
1421:15 1 (_ #<store-connection 256.99 7fbb6a984690> ("/gnu/store/gcvv1i5shqmkd6x1pjwjdrvr7z4lb5ss-guile-ssh-?" ?) ?)
1421:15 0 (loop #f)

./guix/store.scm:1421:15: In procedure loop:
ERROR:
1. &store-protocol-error:
message: "build of `/gnu/store/gwqx9mq7ll5ic97zvz22j9irlx2922wx-graphviz-2.49.0.drv' failed"
status: 100
guix pull: error: You found a bug: the program '/gnu/store/wkw084zcvkyj53acs1gkchnvp0m7bvbl-compute-guix-derivation'
failed to compute the derivation for Guix (version: "998eda3067c7d21e0d9bb3310d2f5a14b8f1c681"; system: "x86_64-linux";
host version: "1.3.0.18313-998eda"; pull-version: 1).

- Sjors
Z
Z
zimoun wrote on 3 Nov 2022 11:03
(name . Sjors Provoost)(address . sjors@sprovoost.nl)(address . 58650@debbugs.gnu.org)
86iljwbbj3.fsf@gmail.com
Hi,

Thanks for the report.

On Wed, 19 Oct 2022 at 21:46, Sjors Provoost <sjors@sprovoost.nl> wrote:
Toggle quote (42 lines)
> Sorry if this is a duplicate or has already been fixed in a more recent commit.
>
> /builder for `/gnu/store/mw6ax0gk33gh082anrdrxp2flrbskxv6-openssl-1.1.1n.drv' failed with exit code 1
> build of /gnu/store/mw6ax0gk33gh082anrdrxp2flrbskxv6-openssl-1.1.1n.drv failed
> View build log at '/var/log/guix/drvs/mw/6ax0gk33gh082anrdrxp2flrbskxv6-openssl-1.1.1n.drv.gz'.
> cannot build derivation `/gnu/store/236k6ncjl0nf7bqv4j0hni8i4yib3la4-git-minimal-2.36.0.drv': 1 dependencies couldn't be built
> cannot build derivation `/gnu/store/gd577lh9007s0687m56fn65n8hrsjiqf-mallard-ducktype-1.0.2-checkout.drv': 1 dependencies couldn't be built
> cannot build derivation `/gnu/store/rvj5bx06w2kjlxm3fg5p88dkxb6n8v9p-openjpeg-data-2020.11.30-checkout.drv': 1 dependencies couldn't be built
> cannot build derivation `/gnu/store/00p96drllzndfp7zr63y26n1d64bdjwl-mallard-ducktype-1.0.2.drv': 1 dependencies couldn't be built
> cannot build derivation `/gnu/store/kz4g88f4jv0w75qibq74q5lmpkgpl894-openjpeg-data-2020.11.30.drv': 1 dependencies couldn't be built
> cannot build derivation `/gnu/store/izf75k3gvz0x6399qiks1drps445ykpg-openjpeg-2.4.0.drv': 1 dependencies couldn't be built
> Backtrace:
> 14 (primitive-load "/gnu/store/wkw084zcvkyj53acs1gkchnvp0m7bvbl-compute-guix-derivation")
> In ice-9/eval.scm:
> 155:9 13 (_ _)
> 159:9 12 (_ #(#(#(#(#(#(#(#(#(#(#(#(#(#(#(#(#<directory (guile-u?> ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?))
> In ice-9/boot-9.scm:
> 152:2 11 (with-fluid* _ _ _)
> 152:2 10 (with-fluid* _ _ _)
> In ./guix/store.scm:
> 2129:24 9 (run-with-store #<store-connection 256.99 7fbb6af39140> #<procedure 7fbb55577a50 at ./guix/self.scm:12?> ?)
> 1966:8 8 (_ #<store-connection 256.99 7fbb6af39140>)
> In ./guix/gexp.scm:
> 300:22 7 (_ #<store-connection 256.99 7fbb6af39140>)
> 1181:2 6 (_ #<store-connection 256.99 7fbb6a984690>)
> 1047:2 5 (_ #<store-connection 256.99 7fbb6a984690>)
> 893:4 4 (_ #<store-connection 256.99 7fbb6a984690>)
> In ./guix/store.scm:
> 2014:12 3 (_ #<store-connection 256.99 7fbb6a984690>)
> 1406:5 2 (map/accumulate-builds #<store-connection 256.99 7fbb6a984690> #<procedure 7fbb5d369580 at ./guix/stor?> ?)
> 1421:15 1 (_ #<store-connection 256.99 7fbb6a984690> ("/gnu/store/gcvv1i5shqmkd6x1pjwjdrvr7z4lb5ss-guile-ssh-?" ?) ?)
> 1421:15 0 (loop #f)
>
> ./guix/store.scm:1421:15: In procedure loop:
> ERROR:
> 1. &store-protocol-error:
> message: "build of `/gnu/store/gwqx9mq7ll5ic97zvz22j9irlx2922wx-graphviz-2.49.0.drv' failed"
> status: 100
> guix pull: error: You found a bug: the program '/gnu/store/wkw084zcvkyj53acs1gkchnvp0m7bvbl-compute-guix-derivation'
> failed to compute the derivation for Guix (version: "998eda3067c7d21e0d9bb3310d2f5a14b8f1c681"; system: "x86_64-linux";
> host version: "1.3.0.18313-998eda"; pull-version: 1).

It seems an error with the store. Do you use the offload mechanism?
And have you allowed the substitutes?


Cheers,
simon
M
M
Maxime Devos wrote on 3 Nov 2022 11:32
(address . 58650@debbugs.gnu.org)
bfdb1591-d922-93d6-b2f8-12cd500925ca@telenet.be
On 03-11-2022 11:03, zimoun wrote:
Toggle quote (16 lines)
> Hi,
>
> Thanks for the report.
>
> On Wed, 19 Oct 2022 at 21:46, Sjors Provoost <sjors@sprovoost.nl> wrote:
>> Sorry if this is a duplicate or has already been fixed in a more recent commit.
>>
>> /builder for `/gnu/store/mw6ax0gk33gh082anrdrxp2flrbskxv6-openssl-1.1.1n.drv' failed with exit code 1
>> build of /gnu/store/mw6ax0gk33gh082anrdrxp2flrbskxv6-openssl-1.1.1n.drv failed
>> View build log at '/var/log/guix/drvs/mw/6ax0gk33gh082anrdrxp2flrbskxv6-openssl-1.1.1n.drv.gz'.
>> [...]
>>
>> ./guix/store.scm:1421:15: In procedure loop: [...]1).
>
> It seems an error with the store. Do you use the offload mechanism?
> And have you allowed the substitutes?
Looking at the attached build log, it is a build failure, not some store
error:
Test Summary Report
-------------------
../test/recipes/80-test_ssl_new.t (Wstat: 256 Tests: 29
Failed: 1)
Failed test: 12
Non-zero exit status: 1
Files=158, Tests=2640, 66 wallclock secs ( 0.87 usr 0.07 sys + 56.47
cusr 7.90 csys = 65.31 CPU)
Result: FAIL
make[1]: *** [Makefile:208: _tests] Error 1
make[1]: Leaving directory
'/tmp/guix-build-openssl-1.1.1n.drv-0/openssl-1.1.1n'
make: *** [Makefile:205: tests] Error 2
Except for the different version number IIRC, I've noticed that one
before (on core-updates). That was without offloading and with
substitutes, though the substitute servers didn't have a substitute
available.
As the backtrace is a distraction, I propose merging something like
Greetings,
Maxime
Attachment: OpenPGP_signature
S
S
Sjors Provoost wrote on 3 Nov 2022 12:07
(address . 58650@debbugs.gnu.org)
93EB0CFC-82DA-4858-A477-EA7480BD29FD@sprovoost.nl
I built using --no-substitutes and no offloading.
Z
Z
zimoun wrote on 3 Nov 2022 12:03
(address . 58650@debbugs.gnu.org)
86cza4b8q7.fsf@gmail.com
Hi,

On Thu, 03 Nov 2022 at 11:32, Maxime Devos <maximedevos@telenet.be> wrote:

Toggle quote (17 lines)
> Looking at the attached build log, it is a build failure, not some store
> error:
>
> Test Summary Report
> -------------------
> ../test/recipes/80-test_ssl_new.t (Wstat: 256 Tests: 29
> Failed: 1)
> Failed test: 12
> Non-zero exit status: 1
> Files=158, Tests=2640, 66 wallclock secs ( 0.87 usr 0.07 sys + 56.47
> cusr 7.90 csys = 65.31 CPU)
> Result: FAIL
> make[1]: *** [Makefile:208: _tests] Error 1
> make[1]: Leaving directory
> '/tmp/guix-build-openssl-1.1.1n.drv-0/openssl-1.1.1n'
> make: *** [Makefile:205: tests] Error 2

Indeed. My bad, I have missed the attachment.

Well, looking closer, I am confused by:

Toggle snippet (4 lines)
failed to compute the derivation for Guix (version: "998eda3067c7d21e0d9bb3310d2f5a14b8f1c681"; system:
"x86_64-linux"; host version: "1.3.0.18313-998eda"; pull-version: 1).

What is this host version?


Toggle quote (3 lines)
> As the backtrace is a distraction, I propose merging something like
> <https://issues.guix.gnu.org/50238>.

Well, I do not know if it is related, although patch#50238 would help
for sure.

Cheers,
simon
S
S
Sjors Provoost wrote on 3 Nov 2022 12:25
(address . 58650@debbugs.gnu.org)
BFBDEDEF-9EFA-4625-A773-A9A00DFA5CD6@sprovoost.nl
I tried building again using:
guix build --cores=1 /gnu/store/mw6ax0gk33gh082anrdrxp2flrbskxv6-openssl-1.1.1n.drv

This made it more clear that the error was an expired certificate:

../test/recipes/80-test_ssl_new.t ..................
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/29 subtests

I was able to work around that by adjusting the machine time:

sudo timedatectl set-ntp no
sudo date --set "28 may 2022 15:00:00"
guix build ....
sudo timedatectl set-ntp yes
M
M
Maxime Devos wrote on 3 Nov 2022 12:32
7ea63efb-e8a3-f94f-b24d-0fb1493e3a69@telenet.be
reopen 56137
merge 56137 58650
thanks
On 03-11-2022 12:25, Sjors Provoost wrote:
Toggle quote (15 lines)
> I tried building again using:
> guix build --cores=1 /gnu/store/mw6ax0gk33gh082anrdrxp2flrbskxv6-openssl-1.1.1n.drv
>
> This made it more clear that the error was an expired certificate:
>
> ../test/recipes/80-test_ssl_new.t ..................
> Dubious, test returned 1 (wstat 256, 0x100)
> Failed 1/29 subtests
>
> I was able to work around that by adjusting the machine time:
>
> sudo timedatectl set-ntp no
> sudo date --set "28 may 2022 15:00:00"
> guix build ....
> sudo timedatectl set-ntp yes
In that case, this appears to be an instance
https://issues.guix.gnu.org/56137 (‘OpenSSL 3.0.3/1.1.1n includes a
time-dependent test’), this time for different test case.
I propose to implement https://issues.guix.gnu.org/56137#3 to solve
this more permanently.
Greetings,
Maxime.
Attachment: OpenPGP_signature
M
L
L
Ludovic Courtès wrote on 15 Nov 2022 17:15
control message for bug #58650
(address . control@debbugs.gnu.org)
87k03wkxdg.fsf@gnu.org
retitle 58650 OpenSSL 1.1.1n test failures due to expired certificates (time bomb)
quit
?