Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/go: tests fail on linux-386-longtest due to untrusted CA #48700

Closed
heschi opened this issue Sep 30, 2021 · 4 comments
Closed

cmd/go: tests fail on linux-386-longtest due to untrusted CA #48700

heschi opened this issue Sep 30, 2021 · 4 comments
Labels
Builders x/build issues (builders, bots, dashboards) FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. release-blocker Soon This needs to be done soon. (regressions, serious bugs, outages)

Comments

@heschi
Copy link
Contributor

heschi commented Sep 30, 2021

I think I've seen references to a LetsEncrypt CA trust chain expiring. Looks like the linux-386 builders are old enough to not trust the newer chain, maybe?

            go: module vcs-test.golang.org/insecure/go/insecure: git ls-remote -q origin in $WORK/gopath/pkg/mod/cache/vcs/a7b3b292787ccbf8e12c123e56b6ef2645bb1a8765494a8c7c0c4434893b4827: exit status 128:
            	fatal: unable to access 'https://vcs-test.golang.org/git/insecurerepo/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

https://build.golang.org/log/6e5c8ce27cf161e6468d0ebfbad37d47cc365cdb
cc @golang/release

@heschi heschi added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. release-blocker Soon This needs to be done soon. (regressions, serious bugs, outages) labels Sep 30, 2021
@bcmills
Copy link
Member

bcmills commented Sep 30, 2021

I think this is a builder issue more than a cmd/go issue, except to the extent that the cmd/go tests should be more hermetic (which is not something we can fix easily or quickly).

The go command in general ought to be able to assume that the user has a valid set of root CAs, and the longtest builder really should be testing the “fetch a module from a secure VCS” paths.

@bcmills
Copy link
Member

bcmills commented Sep 30, 2021

This also affects the linux-amd64-longtest builder now that #48699 has cleared.

@bcmills bcmills added the Builders x/build issues (builders, bots, dashboards) label Sep 30, 2021
@heschi
Copy link
Contributor Author

heschi commented Sep 30, 2021

I believe @cagedmantis fixed this. Thanks!

@heschi heschi closed this as completed Sep 30, 2021
@cagedmantis
Copy link
Contributor

I rebuilt the linux-x86-stretch container. This seemed to fix the issue.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Builders x/build issues (builders, bots, dashboards) FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. release-blocker Soon This needs to be done soon. (regressions, serious bugs, outages)
Projects
None yet
Development

No branches or pull requests

4 participants