[PATCH 1/2] gnu: go-1.23: Skip time variant tests

Ryan Sundberg wrote 2 months ago

Recipients:(address . guix-patches@gnu.org)(name . Ryan Sundberg)(address . ryan@arctype.co)

Message-ID:eb839a04fa9261a480af34520c6e89578877f293.1737417773.git.ryan@arctype.co

Patch out select tests under src/crypto/tls which depend on the current
wall clock time for TLS certificate testing.

Specifically, the following failing test cases are skipped:

```

Change-Id: I2f1519bc1c951e15db3a1c9320148206674c7bdf
--- FAIL: TestVerifyConnection (0.00s)
    --- FAIL: TestVerifyConnection/TLSv12 (0.00s)
        handshake_client_test.go:1759: RequireAndVerifyClientCert-FullHandshake: handshake failed: server: remote error: tls: bad certificate
            client: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-01-20T20:07:09Z is after 2025-01-01T00:00:00Z
    --- FAIL: TestVerifyConnection/TLSv13 (0.00s)
        handshake_client_test.go:1759: RequireAndVerifyClientCert-FullHandshake: handshake failed: server: remote error: tls: bad certificate
            client: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-01-20T20:07:09Z is after 2025-01-01T00:00:00Z
--- FAIL: TestResumptionKeepsOCSPAndSCT (0.00s)
    --- FAIL: TestResumptionKeepsOCSPAndSCT/TLSv12 (0.00s)
        handshake_client_test.go:2550: handshake failed: server: remote error: tls: bad certificate
            client: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-01-20T20:07:09Z is after 2025-01-01T00:00:00Z
    --- FAIL: TestResumptionKeepsOCSPAndSCT/TLSv13 (0.00s)
        handshake_client_test.go:2550: handshake failed: server: remote error: tls: bad certificate
            client: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2025-01-20T20:07:09Z is after 2025-01-01T00:00:00Z
--- FAIL: TestCrossVersionResume (0.01s)
    --- FAIL: TestCrossVersionResume/TLSv12 (0.00s)
        handshake_server_test.go:526: handshake did not resume at the same version
    --- FAIL: TestCrossVersionResume/TLSv13 (0.00s)
        handshake_server_test.go:526: handshake did not resume at the same version
FAIL
FAIL    crypto/tls      0.423s
```

* gnu/packages/golang (go-1.23): Include patchset
* gnu/packages/patches/go-skip-tls-tests.patch: New patch file
---
 gnu/packages/golang.scm                      | 16 +++++-
 gnu/packages/patches/go-skip-tls-tests.patch | 56 ++++++++++++++++++++
 2 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/go-skip-tls-tests.patch

Toggle diff (93 lines)diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index b1ea9e5a28..d39e50e982 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -1001,7 +1001,21 @@ (define-public go-1.23
              (commit (string-append "go" version))))
        (file-name (git-file-name name version))
        (sha256
-        (base32 "0v8j43yqkhp5i5649nbxsq7lc9bjjn39gqqvlnz0d9c47qz9h7y7"))))))
+        (base32 "0v8j43yqkhp5i5649nbxsq7lc9bjjn39gqqvlnz0d9c47qz9h7y7"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments go-1.22)
+       ((#:phases phases)
+        #~(modify-phases #$phases
+            (add-after 'unpack 'apply-skip-test-patch
+              (lambda* (#:key inputs #:allow-other-keys)
+                ;; Having the patch in the 'patches' field of <origin> breaks
+                ;; the 'TestServeContent' test due to the fact that timestamps
+                ;; are reset.  Thus, apply it from here.
+                (invoke "patch" "-p1" "--force" "-i"
+                        (assoc-ref inputs "go-skip-tls-tests.patch"))))))))
+    (native-inputs
+     `(("go-skip-tls-tests.patch" ,(search-patch "go-skip-tls-tests.patch"))
+       ,@(package-native-inputs go-1.22)))))
 
 ;;
 ;; Default Golang version used in guix/build-system/go.scm to build packages.
diff --git a/gnu/packages/patches/go-skip-tls-tests.patch b/gnu/packages/patches/go-skip-tls-tests.patch
new file mode 100644
index 0000000000..92e0a31a86
--- /dev/null
+++ b/gnu/packages/patches/go-skip-tls-tests.patch
@@ -0,0 +1,56 @@
+From 0b0cb6aa447cef0e4f631e43db05195d0d25329a Mon Sep 17 00:00:00 2001
+From: Ryan Sundberg <ryan@arctype.co>
+Date: Mon, 20 Jan 2025 15:17:39 -0800
+Subject: [PATCH] crypto/tls: Disable test cases which are time variant
+
+These test cases depend on the current date relative to the TLS
+certificates under test. Skip them for repeatability.
+---
+ src/crypto/tls/handshake_client_test.go | 8 ++++----
+ src/crypto/tls/handshake_server_test.go | 4 ++--
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go
+index 3c87916bcf..fa2a494a6b 100644
+--- a/src/crypto/tls/handshake_client_test.go
++++ b/src/crypto/tls/handshake_client_test.go
+@@ -1561,8 +1561,8 @@ func TestServerSelectingUnconfiguredCipherSuite(t *testing.T) {
+ }
+ 
+ func TestVerifyConnection(t *testing.T) {
+-	t.Run("TLSv12", func(t *testing.T) { testVerifyConnection(t, VersionTLS12) })
+-	t.Run("TLSv13", func(t *testing.T) { testVerifyConnection(t, VersionTLS13) })
++	// t.Run("TLSv12", func(t *testing.T) { testVerifyConnection(t, VersionTLS12) })
++	// t.Run("TLSv13", func(t *testing.T) { testVerifyConnection(t, VersionTLS13) })
+ }
+ 
+ func testVerifyConnection(t *testing.T, version uint16) {
+@@ -2528,8 +2528,8 @@ func TestDowngradeCanary(t *testing.T) {
+ }
+ 
+ func TestResumptionKeepsOCSPAndSCT(t *testing.T) {
+-	t.Run("TLSv12", func(t *testing.T) { testResumptionKeepsOCSPAndSCT(t, VersionTLS12) })
+-	t.Run("TLSv13", func(t *testing.T) { testResumptionKeepsOCSPAndSCT(t, VersionTLS13) })
++	//t.Run("TLSv12", func(t *testing.T) { testResumptionKeepsOCSPAndSCT(t, VersionTLS12) })
++	//t.Run("TLSv13", func(t *testing.T) { testResumptionKeepsOCSPAndSCT(t, VersionTLS13) })
+ }
+ 
+ func testResumptionKeepsOCSPAndSCT(t *testing.T, ver uint16) {
+diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go
+index bbfe44bd97..4347c40a6d 100644
+--- a/src/crypto/tls/handshake_server_test.go
++++ b/src/crypto/tls/handshake_server_test.go
+@@ -493,8 +493,8 @@ func testSCTHandshake(t *testing.T, version uint16) {
+ }
+ 
+ func TestCrossVersionResume(t *testing.T) {
+-	t.Run("TLSv12", func(t *testing.T) { testCrossVersionResume(t, VersionTLS12) })
+-	t.Run("TLSv13", func(t *testing.T) { testCrossVersionResume(t, VersionTLS13) })
++	//t.Run("TLSv12", func(t *testing.T) { testCrossVersionResume(t, VersionTLS12) })
++	//t.Run("TLSv13", func(t *testing.T) { testCrossVersionResume(t, VersionTLS13) })
+ }
+ 
+ func testCrossVersionResume(t *testing.T, version uint16) {
+-- 
+2.41.0
+

base-commit: 91b18baa4274a025d28f06133682a9269217730d
-- 
2.41.0

Sharlatan Hellseher wrote 2 months ago

Recipients:(address . 75716@debbugs.gnu.org)(name . Ryan Sundberg)(address . ryan@arctype.co)

Message-ID:87ikq7ivdh.fsf@gmail.com

Version: 1

Sharlatan Hellseher wrote 2 months ago

Recipients:(address . 75716@debbugs.gnu.org)

Message-ID:87frlbiuwz.fsf@gmail.com

Hi,

Thanks for picking this up.

The issue is currently resolved on go-team branch with this change:

Toggle snippet (27 lines)diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index cfe9784e8b..267681f551 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -841,6 +841,24 @@ in the style of communicating sequential processes (@dfn{CSP}).")
         #~(modify-phases #$phases
             (delete 'skip-TestGoPathShlibGccgo-tests)
             (delete 'patch-source)
+            ;; Time bomb in TLS tests: "Most of the test certificates
+            ;; (e.g. testRSACertificate, testRSACertificateIssuer,
+            ;; testRSA2048CertificateIssuer) have a not after of Jan 1
+            ;; 00:00:00 2025 GMT."
+            ;; https://github.com/golang/go/issues/71077
+            ;; https://github.com/golang/go/issues/71103
+            ;; https://github.com/golang/go/issues/71104
+            (add-after 'unpack 'skip-crypto-tls-tests
+              (lambda _
+                (substitute* (list "src/crypto/tls/handshake_client_test.go"
+                                   "src/crypto/tls/handshake_server_test.go")
+                  (("TestVerifyConnection.*" all)
+                   (string-append all "\n        t.Skip(\"golang.org/issue/71077\")\n"))
+                  (("TestResumptionKeepsOCSPAndSCT.*" all)
+                   (string-append all "\n        t.Skip(\"golang.org/issue/71077\")\n"))
+                  (("TestCrossVersionResume.*" all)
+                   (string-append all "\n        t.Skip(\"golang.org/issue/71077\")\n")))))

The branch is on it's way to master https://issues.guix.gnu.org/75467

Thanks,

Oleg

Sharlatan Hellseher wrote 2 months ago

Recipients:(address . 75716-done@debbugs.gnu.org)

Message-ID:87jzakgyh7.fsf@gmail.com

Closing as it's fixed on go-team branch for all Go compilers starting
from go-1.17.

--
Thanks,
Oleg

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 75716@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 75716

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags

mumi command -t +confirmed -t +easy

Or, remove the moreinfo tag and set the help tag

mumi command -t -moreinfo -t +help

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date