[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
All of the above still applies to nss 3.68-1, for which I'm preparing a
merge right now.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in NSS:
Unknown
Status in nss package in Ubuntu:
Triaged
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check pkispawn logs in /var/log/pki/pki-tks-spawn.20210607093926.log
Well one issue at a time ... the current install issue first.
Since it worked with the nss in -release I was upgrading this to the new nss.
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
ii libnss3:s390x 2:3.63-1ubuntu1 s390xNetwork Security Service
libraries
With this the install fail is reprodicible.
So we can switch in/out bad
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
** Bug watch added: Mozilla Bugzilla #1721995
https://bugzilla.mozilla.org/show_bug.cgi?id=1721995
** Also affects: nss via
https://bugzilla.mozilla.org/show_bug.cgi?id=1721995
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in NSS:
Unknown
Status in nss package in Ubuntu:
Triaged
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check pkispawn logs in /var/log/pki/pki-tks-spawn.20210607093926.log
Well one issue at a time ... the current install issue first.
Since it worked with the nss in -release I was upgrading this to the new nss.
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
ii libnss3:s390x
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
I tracked the problem down to the LTO optimizations that were enabled by
default in dpkg 1.20.9ubuntu1.
** Changed in: nss (Ubuntu)
Status: New => Triaged
** Tags added: lto
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
Triaged
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check pkispawn logs in /var/log/pki/pki-tks-spawn.20210607093926.log
Well one issue at a time ... the current install issue first.
Since it worked with the nss in -release I was upgrading this to the new nss.
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
ii libnss3:s390x 2:3.63-1ubuntu1 s390xNetwork Security Service
libraries
With
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
The good news is that the test passes when building nss in a Groovy lxd
container, but fails when copying that container (lxc copy), upgrading
the copy to Hirsute and rebuilding there, so I have good pair of
containers to do the "bisect" on.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
New
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check pkispawn logs in /var/log/pki/pki-tks-spawn.20210607093926.log
Well one issue at a time ... the current install issue first.
Since it worked with the nss in -release I was upgrading this to the new nss.
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
ii libnss3:s390x 2:3.63-1ubuntu1
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
My plan is now to:
- Setup a Groovy container
- Build nss 2:3.61-1ubuntu2 and verify the libnss3 is good
- Add Hirsute to sources.list and manually update the
Build-Deps, starting from the usual suspects (compilers),
hopefully finding which package breaks the dogtag-pki tests.
The testbed system will remain fixed (ubuntu:impish lxd container).
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
New
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check pkispawn logs in /var/log/pki/pki-tks-spawn.20210607093926.log
Well one issue at a time ... the current install issue first.
Since it worked with the nss in -release I was upgrading this to the new nss.
ii
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
Diff of the sbuild Installed-Build-Depends from the "good" Hirsute build that produced the nss packages now in the archive and a "bad" Hirsute build done in an up-to-date Hirsute schroot: --- good2021-07-21 12:02:03.870339411 +0200 +++ bad 2021-07-21 12:03:20.367850047 +0200 @@ -3,38 +3,39 @@ automake (= 1:1.16.3-2ubuntu1), autopoint (= 0.21-3ubuntu2), autotools-dev (= 20180224.1+nmu1), - base-files (= 11ubuntu16), + base-files (= 11ubuntu19), base-passwd (= 3.5.49), - bash (= 5.1-1ubuntu1), - binutils (= 2.36.1-0ubuntu1), - binutils-common (= 2.36.1-0ubuntu1), - binutils-s390x-linux-gnu (= 2.36.1-0ubuntu1), - bsdextrautils (= 2.36.1-1ubuntu2), - bsdutils (= 1:2.36.1-1ubuntu2), + bash (= 5.1-2ubuntu1), + binutils (= 2.36.1-6ubuntu1), + binutils-common (= 2.36.1-6ubuntu1), + binutils-s390x-linux-gnu (= 2.36.1-6ubuntu1), + bsdextrautils (= 2.36.1-7ubuntu2), + bsdutils (= 1:2.36.1-7ubuntu2), build-essential (= 12.8ubuntu3), - bzip2 (= 1.0.8-4ubuntu2), + bzip2 (= 1.0.8-4ubuntu3), coreutils (= 8.32-4ubuntu2), - cpp (= 4:10.2.0-1ubuntu1), - cpp-10 (= 10.2.1-19ubuntu1), + cpp (= 4:10.3.0-1ubuntu1), + cpp-10 (= 10.3.0-1ubuntu1), dash (= 0.5.11+git20200708+dd9ef66+really0.5.11+git20200708+dd9ef66-5ubuntu1), debconf (= 1.5.74), - debhelper (= 13.3.3ubuntu2), + debhelper (= 13.3.4ubuntu1), debianutils (= 4.11.2), + debugedit (= 1:0.1-0ubuntu2), dh-autoreconf (= 20), - dh-exec (= 0.23.2), + dh-exec (= 0.23.4), dh-strip-nondeterminism (= 1.11.0-1), diffutils (= 1:3.7-3ubuntu1), - dpkg (= 1.20.7.1ubuntu2), - dpkg-dev (= 1.20.7.1ubuntu2), - dwz (= 0.13+20210201-1), + dpkg (= 1.20.9ubuntu1), + dpkg-dev (= 1.20.9ubuntu1), + dwz (= 0.14-1), file (= 1:5.39-3), - findutils (= 4.7.0-1ubuntu2), - g++ (= 4:10.2.0-1ubuntu1), - g++-10 (= 10.2.1-19ubuntu1), - gcc (= 4:10.2.0-1ubuntu1), - gcc-10 (= 10.2.1-19ubuntu1), - gcc-10-base (= 10.2.1-19ubuntu1), - gcc-11-base (= 11-20210207-1ubuntu1), + findutils (= 4.8.0-1ubuntu1), + g++ (= 4:10.3.0-1ubuntu1), + g++-10 (= 10.3.0-1ubuntu1), + gcc (= 4:10.3.0-1ubuntu1), + gcc-10 (= 10.3.0-1ubuntu1), + gcc-10-base (= 10.3.0-1ubuntu1), + gcc-11-base (= 11.1.0-1ubuntu1~21.04), gettext (= 0.21-3ubuntu2), gettext-base (= 0.21-3ubuntu2), grep (= 3.6-1), @@ -43,113 +44,114 @@ hostname (= 3.23), init-system-helpers (= 1.60), intltool-debian (= 0.35.0+20060710.5), - libacl1 (= 2.2.53-10), + libacl1 (= 2.2.53-10ubuntu1), libarchive-zip-perl (= 1.68-1), - libasan6 (= 10.2.1-19ubuntu1), - libatomic1 (= 11-20210207-1ubuntu1), - libattr1 (= 1:2.4.48-6), + libasan6 (= 11.1.0-1ubuntu1~21.04), + libatomic1 (= 11.1.0-1ubuntu1~21.04), + libattr1 (= 1:2.4.48-6build1), libaudit-common (= 1:3.0-2ubuntu1), libaudit1 (= 1:3.0-2ubuntu1), - libbinutils (= 2.36.1-0ubuntu1), - libblkid1 (= 2.36.1-1ubuntu2), - libbz2-1.0 (= 1.0.8-4ubuntu2), - libc-bin (= 2.33-0ubuntu2), - libc-dev-bin (= 2.33-0ubuntu2), - libc6 (= 2.33-0ubuntu2), - libc6-dev (= 2.33-0ubuntu2), + libbinutils (= 2.36.1-6ubuntu1), + libblkid1 (= 2.36.1-7ubuntu2), + libbz2-1.0 (= 1.0.8-4ubuntu3), + libc-bin (= 2.33-0ubuntu5), + libc-dev-bin (= 2.33-0ubuntu5), + libc6 (= 2.33-0ubuntu5), + libc6-dev (= 2.33-0ubuntu5), libcap-ng0 (= 0.7.9-2.2build1), - libcap2 (= 1:2.44-1), - libcc1-0 (= 11-20210207-1ubuntu1), - libcom-err2 (= 1.45.7-1ubuntu1), - libcrypt-dev (= 1:4.4.17-1ubuntu1), - libcrypt1 (= 1:4.4.17-1ubuntu1), - libctf-nobfd0 (= 2.36.1-0ubuntu1), - libctf0 (= 2.36.1-0ubuntu1), - libdb5.3 (= 5.3.28+dfsg1-0.6ubuntu3), - libdebconfclient0 (= 0.256ubuntu1), - libdebhelper-perl (= 13.3.3ubuntu2), - libdpkg-perl (= 1.20.7.1ubuntu2), - libelf1 (= 0.183-1), + libcap2 (= 1:2.44-1build1), + libcc1-0 (= 11.1.0-1ubuntu1~21.04), + libcom-err2 (= 1.45.7-1ubuntu2), + libcrypt-dev (= 1:4.4.17-1ubuntu3), + libcrypt1 (= 1:4.4.17-1ubuntu3), + libctf-nobfd0 (= 2.36.1-6ubuntu1), + libctf0 (= 2.36.1-6ubuntu1), + libdb5.3 (= 5.3.28+dfsg1-0.6ubuntu4), + libdebconfclient0 (= 0.256ubuntu3), + libdebhelper-perl (= 13.3.4ubuntu1), + libdpkg-perl (= 1.20.9ubuntu1), + libdw1 (= 0.183-8), + libelf1 (= 0.183-8), libfile-stripnondeterminism-perl (= 1.11.0-1), - libgcc-10-dev (= 10.2.1-19ubuntu1), - libgcc-s1 (= 11-20210207-1ubuntu1), - libgcrypt20 (= 1.8.7-2ubuntu1), + libgcc-10-dev (= 10.3.0-1ubuntu1), + libgcc-s1 (= 11.1.0-1ubuntu1~21.04), + libgcrypt20 (= 1.8.7-2ubuntu2), libgdbm-compat4 (= 1.19-2), libgdbm6 (= 1.19-2), - libgmp10 (= 2:6.2.1+dfsg-1ubuntu1), - libgomp1 (= 11-20210207-1ubuntu1), - libgpg-error0 (= 1.38-2), + libgmp10 (= 2:6.2.1+dfsg-1ubuntu2), + libgomp1 (= 11.1.0-1ubuntu1~21.04), + libgpg-error0 (= 1.38-2build1), libgssapi-krb5-2 (= 1.18.3-4), - libicu67 (= 67.1-6ubuntu1), - libisl23 (= 0.23-1), - libitm1 (= 11-20210207-1ubuntu1), + libicu67 (= 67.1-6ubuntu2), + libisl23 (= 0.23-1build1), + libitm1 (= 11.1.0-1ubuntu1~21.04), libk5crypto3 (= 1.18.3-4), libkeyutils1 (= 1.6.1-2ubuntu1), libkrb5-3 (= 1.18.3-4), libkrb5support0 (= 1.18.3-4), - liblz4-1 (= 1.9.3-1), - liblzma5 (= 5.2.5-1.0), + liblz4-1 (=
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
Rebuilding the same source package on Groovy produces a "good" libnss3
package (the Impish dogtag-pki autopkgtests pass when using it). This
means that a build-dependency that was upgraded in Hirsute caused the
regression.
(As Christian made me notice rebuilding on Hirsute *release* with no
updates may still produce a broken package, even if the "good" package
in the archive was built on Hirsute. This is because back when the
Hirsute package was built Hirsute was still in development. The true way
to go back to what Hirsute was initially is to go back to Groovy.)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
New
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
After some work and testing, here are my findings.
- The dogtag-pki autopkgtest failure is manually reproducible
using autopkgtest-virt-lxd.
- The dogtag-pki autopkgtests pass with in Impish using
libnss3 *from the archive* (uploaded and built on Hirsute).
- The dogtag-pki autopkgtests FAIL when using the very same
libnss3 version but rebuilt from source on a Hirsute schroot.
The debdiff between the two binary packages is:
File lists identical (after any substitutions)
Control files: lines which differ (wdiff format)
Installed-Size: [-4255-] {+4318+}
- This seems to be s390x-specific (I can't reproduce on my
amd64 laptop)
- I tried merging the latest version of src:nss from Debian,
which required refreshing a s390x-specific patch, so I was
really hoping this would fix it, but no: it fails in the
same way.
FWIW I have a branch ready for merging 2:3.67-2 to Impish, but
I'm not sure on how to handle this dogtag-pki autopkgtest failure.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
New
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
** Changed in: nss (Ubuntu)
Assignee: (unassigned) => Paride Legovini (paride)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
New
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check pkispawn logs in /var/log/pki/pki-tks-spawn.20210607093926.log
Well one issue at a time ... the current install issue first.
Since it worked with the nss in -release I was upgrading this to the new nss.
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
ii libnss3:s390x 2:3.63-1ubuntu1 s390xNetwork Security Service
libraries
With this the install fail is reprodicible.
So we can switch in/out bad case by up/downgrading libnss3.
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
Without the recent PPC fixes s390x was broken as well, so I'm not saying "the
ppc fixes broke s390x":
https://autopkgtest.ubuntu.com/results/autopkgtest-impish-ci-train-ppa-service-4577/impish/s390x/d/dogtag-pki/20210608_073451_f187d@/log.gz
Instead there seems to be a new crash affecting s390x that has to be
looked at to be able to rev up the nss version.
Tagging server-next and subscribing the team as this is no more a +1 task.
If we are lucky the always dilligent locutus (who often merges nss) might come
by and give it a short as well when we have latter nss versions.
** Tags added: server-next
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
New
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
Reproducible, ppc64 is fixed and s390x broken by the latest 3.66 + fixes from
master.
Links:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish-ci-train-ppa-service-4577/impish/s390x/d/dogtag-pki/20210609_065306_2e698@/log.gz
https://autopkgtest.ubuntu.com/results/autopkgtest-impish-ci-train-ppa-service-4577/impish/s390x/d/dogtag-pki/20210609_121610_a71da@/log.gz
https://autopkgtest.ubuntu.com/results/autopkgtest-impish-ci-train-ppa-service-4577/impish/s390x/d/dogtag-pki/20210609_124415_d071b@/log.gz
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
New
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check pkispawn logs in /var/log/pki/pki-tks-spawn.20210607093926.log
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
This feels like a circle with nss/2:3.66-1ubuntu1~impishppa2 in
https://launchpad.net/~ci-train-ppa-
service/+archive/ubuntu/4577/+packages now ppc64 works but s390x fails
with (on the surface) the same symptom as it started with in 3.63 :-/
I retriggered the tests to see if that is flaky or reproducible.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
New
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check pkispawn logs in /var/log/pki/pki-tks-spawn.20210607093926.log
Well one issue at a time ... the current install issue first.
Since it worked with the nss in -release I was upgrading this to the new nss.
ii 389-ds-base1.4.4.11-2 s390x389
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
There is another fix in master that belongs to
https://bugzilla.mozilla.org/show_bug.cgi?id=1566124 - I've bumped my
PPA build to include both as it is worth a try if this fixes the current
ppc64 issues in v3.66.
Build of 3.66-1ubuntu1~impishppa2 started, later on I'll let the
autopkgtests run.
** Bug watch added: Mozilla Bugzilla #1566124
https://bugzilla.mozilla.org/show_bug.cgi?id=1566124
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
New
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check pkispawn logs in /var/log/pki/pki-tks-spawn.20210607093926.log
Well one issue at a time ... the current install issue first.
Since it worked with the nss in -release I was
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
I was able to verify that a merge of 3.66 would on Ubuntu trigger the
very same bug that Debian has blocking the dogtag-pki test on powerpc64.
=> https://autopkgtest.ubuntu.com/results/autopkgtest-impish-ci-train-
ppa-service-4577/impish/ppc64el/d/dogtag-
pki/20210608_031158_a9d4a@/log.gz
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
New
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check pkispawn logs in /var/log/pki/pki-tks-spawn.20210607093926.log
Well one issue at a time ... the current install issue first.
Since it worked with the nss in -release I was upgrading this to the new nss.
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
While we wait for 3.67 and maybe (Thanks Timo) for [1] I have ensured that we
have a 3.66 test build.
=> https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4577/+packages
The check of it's delta also showed that we can drop a bit of it nowadays.
=>
https://code.launchpad.net/~paelzer/ubuntu/+source/nss/+git/nss/+ref/merge-impish-3.66-1
[1]: https://phabricator.services.mozilla.com/D116274
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
New
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check pkispawn logs in /var/log/pki/pki-tks-spawn.20210607093926.log
Well one issue at a time ... the current install issue first.
Since it worked with the nss in -release
[Touch-packages] [Bug 1931104] Re: Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-proposed
FYI by tjaaltonen - there's another crasher in 3.66 on ppc64el..
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989410
So 3.66 won't be the "take this and it works" solution.
** Bug watch added: Debian Bug tracker #989410
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989410
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nss in Ubuntu.
https://bugs.launchpad.net/bugs/1931104
Title:
Test of dogtag-pki is failing on s390x vs the nss v3.63 in impish-
proposed
Status in nss package in Ubuntu:
New
Bug description:
The test of dogtag-pki is failing on the nss 3.63 that is in impish proposed.
Example:
https://autopkgtest.ubuntu.com/results/autopkgtest-impish/impish/s390x/d/dogtag-pki/20210516_212719_e6522@/log.gz
Bad:
Installing CA into /var/lib/pki/pki-tomcat.
Installation failed: ('Connection aborted.', RemoteDisconnected('Remote end
closed connection without response'))
ERROR: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote
end closed connection without response'))
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 995, in spawn
cert = deployer.setup_cert(client, tag)
File "/usr/lib/python3/dist-packages/pki/server/deployment/__init__.py",
line 355, in setup_cert
return client.setupCert(request)
File "/usr/lib/python3/dist-packages/pki/system.py", line 389, in setupCert
response = self.connection.post(
File "/usr/lib/python3/dist-packages/pki/client.py", line 55, in wrapper
return func(self, *args, **kwargs)
File "/usr/lib/python3/dist-packages/pki/client.py", line 293, in post
r = self.session.post(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 590, in
post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in
request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in
send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 498, in
send
raise ConnectionError(err, request=request)
CA spawn failed:
Good:
nstalling CA into /var/lib/pki/pki-tomcat.
Notice: Trust flag u is set automatically if the private key is present.
/usr/lib/python3/dist-packages/urllib3/connection.py:455:
SubjectAltNameWarning: Certificate for i-dogtag has no `subjectAltName`,
falling back to check for a `commonName` for now. This feature is being removed
by major browsers and deprecated by RFC 2818. (See
https://github.com/urllib3/urllib3/issues/497 for details.)
warnings.warn(
==
INSTALLATION SUMMARY
==
...
The good test above was with:
ii libnss3:s390x2:3.61-1ubuntu2 s390xNetwork Security
Service libraries
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
server
Worth to know, the good case test still fails later on with:
IOException: SocketException cannot write on socket: Failed to write to
socket: (-5938) Encountered end of file.
ERROR: CalledProcessError: Command '['pki', '-d',
'/etc/pki/pki-tomcat/alias', '-f', '/etc/pki/pki-tomcat/password.conf', '-U',
'https://i-dogtag:8443', 'securitydomain-join', '--session',
'4717921475119312283', '--type', 'TKS', '--hostname', 'i-dogtag',
'--unsecure-port', '8080', '--secure-port', '8443', 'TKS i-dogtag 8443']'
returned non-zero exit status 255.
File "/usr/lib/python3/dist-packages/pki/server/pkispawn.py", line 575, in
main
scriptlet.spawn(deployer)
File
"/usr/lib/python3/dist-packages/pki/server/deployment/scriptlets/configuration.py",
line 1038, in spawn
subsystem.join_security_domain(
File "/usr/lib/python3/dist-packages/pki/server/subsystem.py", line 1201,
in join_security_domain
subprocess.check_call(cmd)
File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
raise CalledProcessError(retcode, cmd)
Installation failed: Command failed: pki -d /etc/pki/pki-tomcat/alias -f
/etc/pki/pki-tomcat/password.conf -U https://i-dogtag:8443 securitydomain-join
--session 4717921475119312283 --type TKS --hostname i-dogtag --unsecure-port
8080 --secure-port 8443 TKS i-dogtag 8443
Please check pkispawn logs in /var/log/pki/pki-tks-spawn.20210607093926.log
Well one issue at a time ... the current install issue first.
Since it worked with the nss in -release I was upgrading this to the new nss.
ii 389-ds-base1.4.4.11-2 s390x389 Directory Server suite -
