y2038: some tests are failing if system date is set to 2040 #9370
Labels
Milestone
Comments
|
The relevant file is Not sure if there's any tests that'll need to be updated for this. |
|
If you can tell how to regenerate that file, I can run tests locally with that. |
|
Unfortunately there's no script or anything to regenerate it, and it looks
like several other test vectors embed this cert, so this is going to be
more involved than I feared.
…On Mon, Aug 7, 2023 at 8:44 AM Alexander Kanavin ***@***.***> wrote:
If you can tell how to regenerate that file, I can run tests locally with
that.
—
Reply to this email directly, view it on GitHub
<#9370 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBHF4L2OYCRP2J3VFFTXUDPLDANCNFSM6AAAAAA3G5GZOE>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
|
FWIW, the list of failing tests is: |
|
These almost certainly all use the same certificate.
…On Mon, Aug 7, 2023 at 9:41 AM Alexander Kanavin ***@***.***> wrote:
FWIW, the list of failing tests is:
Failed ptests:
{'python3-cryptography': ['tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_smime_sign_detached',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_sign_byteslike',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_sign_pem',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_sign_alternate_digests_der[hash_alg0-\\x06\\t`\\x86H\\x01e\\x03\\x04\\x02\\x01]',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_sign_alternate_digests_der[hash_alg1-\\x06\\t`\\x86H\\x01e\\x03\\x04\\x02\\x02]',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_sign_alternate_digests_der[hash_alg2-\\x06\\t`\\x86H\\x01e\\x03\\x04\\x02\\x03]',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_sign_attached',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_sign_binary',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_sign_smime_canonicalization',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_sign_text',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_sign_no_capabilities',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_sign_no_attributes',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_multiple_signers',
'tests/hazmat/primitives/test_pkcs7.py:TestPKCS7Builder.test_multiple_signers_different_hash_algs']}
—
Reply to this email directly, view it on GitHub
<#9370 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAAGBANWSX4EPHUULMQABDXUDWAJANCNFSM6AAAAAA3G5GZOE>
.
You are receiving this because you commented.Message ID:
***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
|
Regenerating this is a bit of a pain, but definitely doable. However, why set it to 2040? The 2038 bug is triggered for anything past 2038-01-19 and this certificate expires end of December 2038. So you should be able to confirm 2038 readiness without triggering expiry failures. |
|
It's more about not having to think about what date to set (as long as it's this century), and also about fixing this just once, so this never has to be looked again in our lifetimes. Where I can submit fixes, I set the expiry date to 2525 ( https://en.wikipedia.org/wiki/In_the_Year_2525 ): |
brainhoard-github
pushed a commit
to distro-core-curated-mirrors/poky-contrib
that referenced
this issue
Sep 7, 2024
A number of items are removed because the issues have already been resolved with recipe patches (in separate commits). Some issues were also resolved via upstream version updates: glib-2.0 update to 2.78.0 that includes: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3547 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3550 curl update to 8.3.0 that includes curl/curl#11610 util-linux update to 2.39 that includes util-linux/util-linux#2430 util-linux/util-linux@3ab9e69 util-linux/util-linux#2435 glib-networking update to 2.78.0 that includes https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/241 python3-cryptography update to 42.0.0 which resolves pyca/cryptography#9370 via pyca/cryptography#9964 perl update to 5.40.0 which resolves Perl/perl5#21379 Signed-off-by: Alexander Kanavin <[email protected]>
brainhoard-github
pushed a commit
to distro-core-curated-mirrors/poky-contrib
that referenced
this issue
Oct 17, 2024
A number of items are removed because the issues have already been resolved with recipe patches (in separate commits). Some issues were also resolved via upstream version updates: glib-2.0 update to 2.78.0 that includes: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3547 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3550 curl update to 8.3.0 that includes curl/curl#11610 util-linux update to 2.39 that includes util-linux/util-linux#2430 util-linux/util-linux@3ab9e69 util-linux/util-linux#2435 glib-networking update to 2.78.0 that includes https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/241 python3-cryptography update to 42.0.0 which resolves pyca/cryptography#9370 via pyca/cryptography#9964 perl update to 5.40.0 which resolves Perl/perl5#21379 Signed-off-by: Alexander Kanavin <[email protected]>
brainhoard-github
pushed a commit
to distro-core-curated-mirrors/poky-contrib
that referenced
this issue
Nov 15, 2024
A number of items are removed because the issues have been resolved with recipe patches (in separate commits). Some issues were also resolved via upstream version updates: glib-2.0 update to 2.78.0 that includes: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3547 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3550 curl update to 8.3.0 that includes curl/curl#11610 util-linux update to 2.39 that includes util-linux/util-linux#2430 util-linux/util-linux@3ab9e69 util-linux/util-linux#2435 glib-networking update to 2.78.0 that includes https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/241 python3-cryptography update to 42.0.0 which resolves pyca/cryptography#9370 via pyca/cryptography#9964 perl update to 5.40.0 which includes Perl/perl5#21379 python3 update to 3.13.0 which includes python/cpython#118425 tcl update to 9.0.0 which includes tcltk/tcl@4ca6172 (tcl8 recipe has a simple backport of this) Signed-off-by: Alexander Kanavin <[email protected]>
brainhoard-github
pushed a commit
to distro-core-curated-mirrors/poky-contrib
that referenced
this issue
Jan 21, 2025
A number of items are removed because the issues have been resolved with recipe patches (in separate commits). Some issues were also resolved via upstream version updates: glib-2.0 update to 2.78.0 that includes: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3547 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3550 curl update to 8.3.0 that includes curl/curl#11610 util-linux update to 2.39 that includes util-linux/util-linux#2430 util-linux/util-linux@3ab9e69 util-linux/util-linux#2435 glib-networking update to 2.78.0 that includes https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/241 python3-cryptography update to 42.0.0 which resolves pyca/cryptography#9370 via pyca/cryptography#9964 perl update to 5.40.0 which includes Perl/perl5#21379 python3 update to 3.13.0 which includes python/cpython#118425 python3 update to 3.13.1 which includes python/cpython#124972 tcl update to 9.0.0 which includes tcltk/tcl@4ca6172 (tcl8 recipe has a simple backport of this) dbus update to 1.16.0 which includes https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/444 https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/289 Signed-off-by: Alexander Kanavin <[email protected]>
brainhoard-github
pushed a commit
to distro-core-curated-mirrors/poky-contrib
that referenced
this issue
Feb 17, 2025
A number of items are removed because the issues have been resolved with recipe patches (in separate commits). Some issues were also resolved via upstream version updates: glib-2.0 update to 2.78.0 that includes: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3547 https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3550 curl update to 8.3.0 that includes curl/curl#11610 util-linux update to 2.39 that includes util-linux/util-linux#2430 util-linux/util-linux@3ab9e69 util-linux/util-linux#2435 glib-networking update to 2.78.0 that includes https://gitlab.gnome.org/GNOME/glib-networking/-/merge_requests/241 python3-cryptography update to 42.0.0 which resolves pyca/cryptography#9370 via pyca/cryptography#9964 perl update to 5.40.0 which includes Perl/perl5#21379 python3 update to 3.13.0 which includes python/cpython#118425 python3 update to 3.13.1 which includes python/cpython#124972 tcl update to 9.0.0 which includes tcltk/tcl@4ca6172 (tcl8 recipe has a simple backport of this) dbus update to 1.16.0 which includes https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/444 https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/289 Signed-off-by: Alexander Kanavin <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
To test the readiness of Yocto stack for Y2038 we run qemu virtual machines with RTC set to some day in 2040. This causes some tests to fail on both 32 bit and 64 bit systems: the reason is that test certificates seemto set their expiry date to earlier than that or so.
I would propose to set the expiry date to far enough in the future that it won't have to be tweaked in our lifetimes: this way real Y2038 issues in python-cryptography (or in things it depends on) can be exposed and fixed (it's well possible there are none, but that needs confirmation too).
Failure observed (this is one of several similar failures, all of them in test_pkcs7 and relying on _load_cert_key()).
The text was updated successfully, but these errors were encountered: