204513 2019-11-22 06:22:43 -0800 results.webkit.org: High Sierra bots don't have the right root certificate 2019-12-03 15:45:26 -0800 1 1 1 Unclassified WebKit Tools / Tests Other Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=204091 https://bugs.webkit.org/show_bug.cgi?id=204364 https://bugs.webkit.org/show_bug.cgi?id=204526 https://bugs.webkit.org/show_bug.cgi?id=202837 P2 Normal --- 1 aakash_jain jbedard aakash_jain ap jbedard pmatos oldest_to_newest 1592765 0 aakash_jain 2019-11-22 06:22:43 -0800 Reporting of JSC tests from build.webkit.org to results.webkit.org is failing. Issue #1: https://build.webkit.org/builders/Apple%20High%20Sierra%20Release%20JSC%20%28Tests%29/builds/12102/steps/jscore-test/logs/stdio curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure. Issue #2: https://build.webkit.org/builders/JSCOnly%20Linux%20ARMv7%20Thumb2%20Release/builds/10114/steps/jscore-test/logs/stdio 32bit JSConly bots are failing with: "Cannot determine platform". 1592767 1 aakash_jain 2019-11-22 06:24:33 -0800 Reporting was enabled in Bug 204364 and Bug 204091. 1592791 2 jbedard 2019-11-22 07:43:23 -0800 These are two very separate issues and should be separate bugs. The first is because High Sierra has old root certificates....I'm kind of surprised we haven't had to address this yet for other reasons. It's not a huge deal because the failure to report doesn't fail the test run, I'll talk to Ling today. The second bit is because we don't have complete platform checks in perl code, like we do in Python. I don't have access to the hardware our 32 bit JSC Only bots are running on, we need configurationForUpload() to use a sensible platform name for that configuration. It won't we much code. 1592807 3 ap 2019-11-22 08:22:25 -0800 > The first is because High Sierra has old root certificates....I'm kind of > surprised we haven't had to address this yet for other reasons. It's not a > huge deal because the failure to report doesn't fail the test run, I'll talk > to Ling today. High Sierra is supposed to have all certificates needed on public internet. It seems more likely that the endpoint requires a private Apple root of some sort, which would be a server side issue. 1592817 4 jbedard 2019-11-22 08:50:54 -0800 (In reply to Alexey Proskuryakov from comment #3) > > The first is because High Sierra has old root certificates....I'm kind of > > surprised we haven't had to address this yet for other reasons. It's not a > > huge deal because the failure to report doesn't fail the test run, I'll talk > > to Ling today. > > High Sierra is supposed to have all certificates needed on public internet. > It seems more likely that the endpoint requires a private Apple root of some > sort, which would be a server side issue. I don't know that it's that simple, we have another High Sierra bot that's reporting just fine: https://build.webkit.org/builders/Apple%20High%20Sierra%20LLINT%20CLoop%20%28BuildAndTest%29/builds/18802 Guess we have to figure out what our configuration differences are... 1592847 5 ap 2019-11-22 09:35:04 -0800 Could it be that we papered over the problem by installing root certificate on some of the bots before? 1594183 6 pmatos 2019-11-29 06:10:08 -0800 FYI, this applies to the igalia bots as well: https://build.webkit.org/builders/JSCOnly%20Linux%20ARMv7%20Thumb2%20Release/builds/10174/steps/jscore-test/logs/stdio/text 1595219 7 jbedard 2019-12-03 15:23:40 -0800 I resolved this server side. 1595223 8 aakash_jain 2019-12-03 15:26:26 -0800 (In reply to Jonathan Bedard from comment #7) > I resolved this server side. Was it due to missing certificate chain?