workaround(nbd): mark tls tests as expected failures due to expired certs#16736
Open
christopherco wants to merge 1 commit intotomls/base/mainfrom
Open
workaround(nbd): mark tls tests as expected failures due to expired certs#16736christopherco wants to merge 1 commit intotomls/base/mainfrom
christopherco wants to merge 1 commit intotomls/base/mainfrom
Conversation
…erts The nbd 3.25 test suite ships pre-built TLS certificates that were generated on 2016-04-19 with a 10-year expiration, meaning they expired on 2026-04-17. This causes the tls and tlshuge tests to fail with 'Error in the certificate' from GnuTLS. Upstream fixed this in nbd 3.27.0 (commit 58b356b, 'Update certificate expiry dates') with certs valid until 2033, but 3.25 (used on f43) was not updated. Add an overlay to pass XFAIL_TESTS='tls tlshuge' as a make variable override so these tests are treated as expected failures rather than blocking the build.
christopherco
requested review from
ddstreetmicrosoft and
reubeno
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
Adds an Azure Linux component override for nbd to prevent build failures caused by expired TLS test certificates in the upstream 3.25 test suite by treating tls/tlshuge as expected failures during %check.
Changes:
- Introduce
base/comps/nbd/nbd.comp.tomlwith a%checkoverlay that appendsXFAIL_TESTS="tls tlshuge"tomake check. - Remove the bare
[components.nbd]entry frombase/comps/components.tomlto avoid duplicate component tables now that a dedicated.comp.tomlexists.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| base/comps/nbd/nbd.comp.toml | New component overlay that modifies %check to mark TLS-related tests as XFAIL due to expired bundled certs. |
| base/comps/components.toml | Removes inline nbd component entry since the component is now defined in a dedicated file included via **/*.comp.toml. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Collaborator
Author
|
Work item for more durable fix -> https://dev.azure.com/mariner-org/mariner/_workitems/edit/18854 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The nbd 3.25 test suite ships pre-built TLS certificates that were generated on 2016-04-19 with a 10-year expiration, meaning they expired on 2026-04-17. This causes the tls and tlshuge tests to fail with 'Error in the certificate' from GnuTLS.
Upstream fixed this in nbd 3.27.0 (commit 58b356b, 'Update certificate expiry dates') with certs valid until 2033, but 3.25 (used on f43) was not updated.
Add an overlay to pass XFAIL_TESTS='tls tlshuge' as a make variable override so these tests are treated as expected failures rather than blocking the build.
Fixes: AB#18940
Tracking item for proper upstream fix: AB#18854