SSL protocol issues when fetching the PR #70
Comments
|
Yes, github had a problem earlier today. This showed up across the fleet. There's already re-tries, as you can see in the log snippit, but at some point it just has to give up and declare failure. github has already gone back to working and the tests are passing currently. |
|
This is happening again: And the status page from GitHub shows
|
|
[I had troubles too when pushing to my GitHub repo earlier.] |
|
Looks like github has disabled older tls protocols, requiring tlsv1.2. Unfortunately freebsd 8.x (and 9.x) don't have a new enough openssl to support newer tls protocols. So, we're roughly in a position where github is forcing our hands in terms of upgrading to newer versions of freebsd. A bigger unfortunately, no one has ever finished making dmd and related packages pass the builds and tests for freebsd 10 and 11. So, dlang is in a bad spot. https://githubengineering.com/crypto-removal-notice/ I suggest dropping freebsd 8.x support from the master and stable branch testers. If when someone gets the freebsd 10/11 builds and tests passing, they can re-enter the master and stable branches. Additionally, if someone is really hung-ho, figuring out how to update freebsd 8.x to a modern version of openssl without breaking the rest of the os, Lastly, I don't see an escape hatch on github to allow continued use of older protocols, but maybe they left one and haven't advertised it. |
I presume that's the best way to go. @jmdavis or @dkgroot might know a bit more about the current status of DMD on a modern BSD* OS? |
|
@MartinNowak @WalterBright @andralex Heads up guys, this is unfortunate but I'm not shocked that it's come to a forcing function. |
|
I think I've got freebsd disabled for master and stable but still enabled for the "DMD upd fbsd" project. |
|
We just don't have the resources to support older FreeBSD versions, and them not being compatible with github is just the nail in the coffin. I propose moving to the oldest FreeBSD that works with github and abandoning the older ones. |
|
We're at the point where there is NO version of freebsd that is supported that DMD works on out of the box. So, today, I yanked it from the all build configurations for the auto-tester except the "DMD upd fbsd". That config is doing test builds with freebsd 10 and 11, but they don't pass. Someone is going to have to finally dig into and fix the problems. Until then, we no longer support freebsd as a tested platform. |
|
Right now, it just looks like only 32-bit is failing. If that's true, can we at least have a 64-bit autotester setup running FreeBSD 11.1 so that PRs don't get merge which break it? Unfortunately, 32-bit is then still screwed for the moment, but that seems better to me than dropping all FreeBSD auto-testing entirely. Given that I use FreeBSD as my primary platform, I've definitely tried to make sure that the latest version of FreeBSD works with the druntime and Phobos tests (either by fixing problems are pushing others to), but I'm not a compiler dev, so I pretty much never run the dmd test suite, and I don't even notice when that breaks. I also don't run any 32-bit systems, so I don't catch any problems there. Clearly, we as a group need to do a better job making sure that the autotester is able to run the latest FreeBSD and is doing so, otherwise, we're going to be consistently screwed on this. In any case, clearly, one or more of the compiler devs is going to need to fix dmd so that its test suite passes so that we can properly support 32-bit FreeBSD. But based on the upd fbsd section on the autotester, it looks like we can at least have a 64-bit autotester setup. |
|
Thank you, @braddr It looks like the correct system libraries are not installed on the autotester machine. |
|
@jmdavis yes, the autotester is passing on FreeBSD 64, no reason to not keep that platform. |
|
https://auto-tester.puremagic.com/platform-history.ghtml?projectid=15&os=FreeBSD_64_64 I has passed the most recent iteration, but fails more often than not. And it doesn't look to be 10.x or 11.x specific. Am I missing something? |
|
The random dmd failures are: Why that would occur randomly makes no sense to me. |
|
The phobos tests fail with: a fine, unhelpful message. |
|
This looks relevant: https://issues.dlang.org/show_bug.cgi?id=17596 |
That will matter when 12.0 comes out but doesn't affect 11.1. It has to do with an API change to the system calls having to do with inodes, since they change them from 32-bit to 64-bit, and those changes weren't done in time for 11. It is on my todo list to try and fix that though, since at the moment, I can't update my TrueOS machines because of it. |
|
The delete related linker problem in the dmd test seems to be a freebsd 10.3 problem. It always fails on 10.3 and never fails for 11.1 (for a sample size of about 25 builds). |
|
Should we update the test box to the latest FreeBSD? I'm good with that. |
|
Either I'm misunderstanding your question or you're misunderstanding the state of things. The two build machines in the "DMD upd fbsd" project are running freebsd 10.3 and 11.1. The several machines that were in the other build fleets were 8.3 and 8.4. The latter became non-functional today. The former aren't able to reliably build and run the tests. What change are you suggesting? I can't advise that the 10.3 and 11.1 build hosts be added to the main build fleet until the "DMD upd fbsd" boxes reliably pass the build and test steps. Otherwise all pulls are going to fail and require either manual pulling due to not being able to pass the full set of platforms or fixing the freebsd problems first. The former is really not reasonable. The latter isn't better than fixing them before adding new builders to the master and stable builds. Do you feel differently? |
I was responding to "a freebsd 10.3 problem. It always fails on 10.3 " and "That will matter when 12.0 comes out but doesn't affect 11.1. It has to do with an API change to the system calls having to do with inodes, since they change them from 32-bit to 64-bit, and those changes weren't done in time for 11." To me that suggests: "frak the older FreeBSD versions, and install the latest on the autotester machines." |
|
I'm fine with ignoring 10.3, though seems premature to write off an entire in-production version with as little investigation as has been done so far. For all we know at this point 10.x might be easier to fix support for than 11.x. 12.x isn't released yet, so I don't suggest that being our base platform -- also haven't ever tested it, so unknown status with respect to dmd. That leaves 11.1, which also isn't passing yet. |
|
Do you have a suggestion for "It always fails on 10.3" with some sort of linker problem? |
|
Everything I know came from a quick glance at the logs to corrolate failures between platforms. If you want my suggestion, drop freebsd. Not worth the time investment relative to the number of contributors. Regardless, I'm ready to close this ticket now that the defunct freebsd 8.x platform is removed from the tester fleet. The issues are not related to the auto-tester and keeping it in it's issue tracker mis-places the nature of the problem and the responsibility for owning the resolution. Should 10.x and/or 11.x become functional enough to add into the official build fleet, creating an issue for that would be appropriate. |
|
If we're getting random failures on 64-bit 11.1, then we can't enable that yet. If we're getting random failures with 64-bit 10.3, then that doesn't give me warm, fuzzy feelings, but Walter and Andrei have previously stated that we can only afford to support the latest FreeBSD, and that would be 11.1. And if we can have an auto-tester running that, then we'll catch problems that won't be caught otherwise, even if that unfortunately means that 10.3 might have problems. So, if 64-bit 11.1 is running well enough to update the auto-tester for that, then I say go for it, but I don't know how well it's running. The upd fbsd section on the auto-tester just gives the architectures, not the versions, so I don't know which of the boxes are running 10.3 and which are running 11.1. If you want to close this issue on the grounds that it's for fixing the 8.x boxes, and that's not possible, then I don't care. But I really don't want to see FreeBSD dropped from the auto-tester permanently. I'd suggest that you make both of the boxes on the upd fbsd section run FreeBSD 11.1 and that we just forget about 10.3. Then we can see how stable 11.1 is and figure out when it's stable enough to re-enable as part of the auto-tester proper. |
|
It's not 100% clear which os-patch level you are running with freebsd 11.1 / 10.3. It's a pretty simple procedure to regularly run When this causes the patchlevel to go up, a After a reboot do run: That should solve the openssl issue you are seeing, and fix future issues as well. |
|
@dkgroot Brad knows full-well how to update FreeBSD. That's not the problem. The auto-tester has been running FreeBSD 8.x for ages now, and the oldest version of FreeBSD that's supported by the FreeBSD folks is 10.3. Brad has a couple of boxes running 10.3 or 11.1 (it's not clear which box is running what, because they're just marked as 32-bit and 64-bit in the auto-tester interface) listed under the upd fbsd tab: https://auto-tester.puremagic.com/?projectid=15 The problem is that while 8.x has been tested by the auto-tester for ages, so it's reasonably stable, newer versions have generally only been tested by folks locally, so problems have crept in and haven't all been fixed. So, Brad's extra testers running with 10.3 and 11.1 show problems that need to be fixed before the main auto-tester boxes can be updated. But we can't continue to use 8.x, because it's not receiving updates and does not support the version of SSL/TLS that github now insists on. However, because the main auto-testers have not been running a recent version of FreeBSD, and there hasn't been enough of an effort to make sure that the problems found by the boxes under the upd freebsd have been fixed, Brad can't update the main auto-tester boxes, because the dmd tests will fail. So, it looks like we're forced to disable FreeBSD on the main auto-tester boxes until the problems found by the more up-to-date auto-tester boxes are fixed. |
|
@jmdavis I cannot know what other people know or do not know :-) Regarding the SSL issue (subject), it was not clear which patchlevel was running on these test-slaves. Adding the extra background information about patchlevels could help others (non freebsd users) understand what this was all about. Deprecating old/eol versions ought be part of the process. Even 10.3 and 10.4 have been declared legacy :-) No need to keep 8.x around. If there is anything i could do to help, just let me know. |
The question we should ask is not whether it's a thing, but whether we're interested in it and whether dmd has to serve this niche. As clang is the platforms default compiler toolchain, addressing the platform with ldc would prolly make more sense. Then again 32-bit codegen is already in dmd and differences between ELF based systems are rather small. |
@braddr, I actually fixed that over a year ago, dlang/dmd#4843. What dmd version are you using? |
I am at the moment. It's turning out to be more complex than it initially looks. My experiments with clang show that sometimes the size of an empty struct is 0, sometimes it is not. The clang user never sees this because it is all hidden behind __builtin compiler magic, which I will need to come up with an equivalent for. |
A much less drastic thing is to temporarily disable the failing test, which I will re-enable when I get a fix ready. |
|
Temporary workaround dlang/dmd#7952 |
|
To answer the question of what version is the HOST_DC, two obvious answers:
|
|
Hopefully the last issue: https://issues.dlang.org/show_bug.cgi?id=18519 |
FWIW there's nothing stopping you from upgrading the host compiler: https://forum.dlang.org/post/zbxaviowooiaenaawmgs@forum.dlang.org (there's SemaphoreCI in place to check that DMD is still compilable with the latest GDC + LDC release)
I never used FreeBSD, so I can't really help here. Sorry. That's why I suggested to drop 32-bit (or at least temporarily disabling it). |
|
So can we do something about all PRs being red and not mergeable? The way I see it no one cares enough about FreeBSD 32-bit, so can we please disable it until someone who cares comes along? This undermines our entire CI process for which we worked hard to maintain some sense of reliability and leaves a very bad public image. |
|
I'm working on the 32 bit struct issue, though a workaround has already been pulled. If there are more issues with FreeBSD 32, I suggest pulling workarounds (like disabling the test) instead of pulling the whole platform. |
|
|
@braddr @WalterBright the workaround at dmd was targeted at |
|
FYI after merging the 20th PR manually because apparently I'm the one of the few who can do an admin override, I remove the CI requirement check for auto-tester at the GitHub branch protection, i.e. it's not longer a requirement for a PR. Though I can only repeat that if the CI fails for all PRs this has severe downsides and makes people loose the tiny trust we slowly managed to build up over the last months, leaves newcomers and irregular contributors puzzled, etc. |
|
Now the autotester appears to not run FreeBSD at all, so I can't test my PR to fix it. |
|
It looks like master freebsd/32 builds are passing, which is good progress. That stable builds are failing indicates that there's one or more pulls that are only in master that need to be replicated into stable. Walter, not sure what you're seeing, the builders are running jobs just like they're supposed to. I need to convert a couple of the old hosts over to 11.1 hosts so that the fleet is up to full strength. That's a throughput issue, not a not-running issue. I've held off in case we needed to revert, but I think we're past that now. I agree that the path chosen to accomplish the 8.x -> 11.x migration of freebsd wasn't what I'd have done if I was in charge, but I also can't argue with the likelihood that if it'd been left disabled until done or some other less in-your-face approach that it might well have never gotten done. |
dlang/dmd#7970
Well, what's done is done, but maybe we can consider a path that doesn't involve breaking all PRs for a couple of days and me force-merging > 20 PRs?
Yes. Investing work for legacy systems isn't fun - especially if you don't use them. |
https://auto-tester.puremagic.com/show-run.ghtml?projectid=1&runid=3025521&isPull=true
The text was updated successfully, but these errors were encountered: