Project

General

Profile

Actions
Copy link

action #163816

open

[security][15-SP5] test fails in openjdk_fips

Added by amanzini 15 days ago. Updated 1 day ago.

Status:
In Progress
Priority:
Normal
Assignee:
emiler
Category:
Bugs in existing tests
Target version:
-
Start date:
2024-07-12
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Observation

openQA test in scenario sle-15-SP5-Server-DVD-Updates-x86_64-fips_ker_mode_openjdk@64bit fails in
openjdk_fips

Test suite description

Testsuite maintained at https://gitlab.suse.de/qe-security/osd-sle15-security.

Reproducible

Fails since (at least) Build 20240711-1

Expected result

Last good: 20240710-1 (or more recent)

Further details

Always latest result in this scenario: latest

the Java test program crashes with "Could not initialize NSS". Investigate on a possible product bug.

Actions
Copy link
 #1

Updated by emiler 11 days ago

  • Status changed from Workable to In Progress
  • Assignee set to emiler
Actions
Copy link
 #2

Updated by emiler 11 days ago · Edited

  • Status changed from In Progress to Feedback

Bug reported after discussion with Marcus Meissner: https://bugzilla.suse.com/show_bug.cgi?id=1227918

Actions
Copy link
 #3

Updated by emiler 10 days ago · Edited

  • Status changed from Feedback to In Progress

Marcus found the testcase does not install mozilla-nss-sysinit, which is recommended by java-17-openjdk-headless. We will have to fix the test to install this package as well.
The failure can be soft-failed in the meantime. Seems like a different issue after all.

Actions
Copy link
 #4

Updated by emiler 9 days ago · Edited

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

It was indeed a product issue, see more in the bug report. The 3.90.3 is being rejected and is succeeded by 3.101.1, which is confirmed to be working fine in https://openqa.suse.de/tests/14958050.
Waiting for green runs before closing this ticket.

Actions
Copy link
 #5

Updated by emiler 1 day ago

  • Status changed from Feedback to In Progress
  • % Done changed from 100 to 0

Ok, this one is weird. The issue persists and we have narrowed it down to /etc/pki/nssdb/pkcs11.txt being empy in our installed image. The test then fails, because it installs the real pkcs11.txt with content as pkcs11.txt.rpmnew. Not sure where the empty file comes from, but we should investigate mru-install-desktop-with-addons_security@64bit. We could also just delete the file during the test with script_run 'rm -f /etc/pki/nssdb/pkcs11.txt' before mozilla-nss-* installation, but that feels like a hack.

Full discussion in https://suse.slack.com/archives/C044KDGKW58/p1721729218959049

Actions
Copy link

Also available in: Atom PDF