TEST-UNEXPECTED-FAIL | services/common/tests/unit/test_kintoCertBlocklist.js | xpcshell return code: 0

RESOLVED FIXED in Thunderbird 47.0

Status

Thunderbird
General
RESOLVED FIXED
2 years ago
a year ago

People

(Reporter: aleth, Assigned: Jorg K (GMT+2))

Tracking

({intermittent-failure})

Trunk
Thunderbird 47.0
intermittent-failure

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
Unexpected exception NS_ERROR_UNEXPECTED: Component returned failure code: 0x8000ffff (NS_ERROR_UNEXPECTED) [nsIPrefBranch.getCharPref]
 07:31:06     INFO -  CertBlocklistClient/this.maybeSync@resource://gre/modules/services-common/KintoCertificateBlocklist.js:51:18
 07:31:06     INFO -  test_something@/builds/slave/test/build/tests/xpcshell/tests/services/common/tests/unit/test_kintoCertBlocklist.js:74:22
 07:31:06     INFO -  _run_next_test@/builds/slave/test/build/tests/xpcshell/head.js:1540:9
 07:31:06     INFO -  do_execute_soon/<.run@/builds/slave/test/build/tests/xpcshell/head.js:692:9
 07:31:06     INFO -  _do_main@/builds/slave/test/build/tests/xpcshell/head.js:209:5
 07:31:06     INFO -  _execute_test@/builds/slave/test/build/tests/xpcshell/head.js:533:5
 07:31:06     INFO -  @-e:1:1
 07:31:06     INFO -  exiting test

Comment 1

2 years ago
Test and feature was added with Bug 1227956.
Depends on: 1227956

Comment 2

2 years ago
24 automation job failures were associated with this bug in the last 7 days.

Repository breakdown:
* comm-central: 24

Platform breakdown:
* linux64: 9
* linux32: 7
* osx-10-6: 4
* osx-10-10: 4

For more details, see:
https://brasstacks.mozilla.com/orangefactor/?display=Bug&bugid=1247662&startday=2016-02-08&endday=2016-02-14&tree=all
(Assignee)

Comment 3

2 years ago
OK, if this came from bug 1227956. Let's see what they did:
https://hg.mozilla.org/mozilla-central/rev/56e66f43d7ee

Oh, they added preferences:
+// Kinto blocklist preferences
+pref("services.kinto.base", "https://firefox.settings.services.mozilla.com/v1");
+pref("services.kinto.bucket", "blocklists");
+pref("services.kinto.onecrl.collection", "certificates");
+pref("services.kinto.onecrl.checked", 0);

Now let's read the error:
(NS_ERROR_UNEXPECTED) [nsIPrefBranch.getCharPref]

I'd bet a beer that we're missing some preferences.
(Assignee)

Comment 4

2 years ago
Created attachment 8719509 [details] [diff] [review]
Possible fix (v1).

Try run here:
https://treeherder.mozilla.org/#/jobs?repo=try-comm-central&revision=9801beed78e0
(ignore the other changeset in the push, that's my ongoing work which won't interfere).
(Reporter)

Comment 5

2 years ago
Does TB use the Kinto Certificate Blocklist?
(Assignee)

Comment 6

2 years ago
My try came out green with this addition.

// Kinto blocklist preferences
pref("services.kinto.base", "https://firefox.settings.services.mozilla.com/v1");
pref("services.kinto.bucket", "blocklists");
pref("services.kinto.onecrl.collection", "certificates");
pref("services.kinto.onecrl.checked", 0);

I have no idea whether the URL's actually mean anything. Let's ask:

Mark and David, our xpcshell tests fail since test_kintoCertBlocklist.js fails.

I've copied the four preferences above into out preferences script and like this, the test passes.

Is this acceptable or is there a better fix? Does the URL https://firefox.settings.services.mozilla.com/v1 mean anything?

Your help would be much appreciated.
Flags: needinfo?(mgoodwin)
Flags: needinfo?(dkeeler)
(Reporter)

Comment 7

2 years ago
(In reply to Jorg K (GMT+1) from comment #6)
> I have no idea whether the URL's actually mean anything. Let's ask:
> 
> Mark and David, our xpcshell tests fail since test_kintoCertBlocklist.js
> fails.
> 
> I've copied the four preferences above into out preferences script and like
> this, the test passes.
> 
> Is this acceptable or is there a better fix? Does the URL
> https://firefox.settings.services.mozilla.com/v1 mean anything?

The issue here isn't just making the test pass, it's figuring out whether oneCRL cert revocation works in TB or not (and maybe whether it is important to have it work in TB).
Flags: needinfo?(dkeeler)
(Assignee)

Comment 8

2 years ago
Sorry about the NI SPAM. NI for David was accidentally removed. Your help would be much appreciated.
Flags: needinfo?(dkeeler)
(In reply to aleth [:aleth] from comment #7) 
> > Is this acceptable or is there a better fix? Does the URL
> > https://firefox.settings.services.mozilla.com/v1 mean anything?

Yes, this is where the next version of OneCRL (and, eventually, some other security state things) will get its data from.

> The issue here isn't just making the test pass, it's figuring out whether
> oneCRL cert revocation works in TB or not (and maybe whether it is important
> to have it work in TB).

OneCRL is something TB probably wants; without this, there's no way (without chem-spill) of revoking roots. Also, if you have security.onecrl.maximum_staleness_in_seconds set to a non-zero value (I'm not sure if this is set in TB), you might be bypassing revocation checks that you otherwise should be performing.

As to whether or not it *works* - I can help with testing, if that would be useful?
Flags: needinfo?(mgoodwin)
(Assignee)

Comment 10

2 years ago
Thank you for your answer. I think we have enough information to proceed, so I'm clearing the other NI.

Currently we don't have any preference security.onecrl.* defined or set.

I suggest the following:
Land this patch here to get the xpcshell tests going again.

Then investigate the OneCRL function in another bug with Mark's help. Sounds fair?
Flags: needinfo?(dkeeler)
(Assignee)

Updated

2 years ago
Attachment #8719509 - Flags: review?(aleth)
(Reporter)

Updated

2 years ago
Attachment #8719509 - Flags: review?(aleth) → review+
(Reporter)

Comment 11

2 years ago
(In reply to Jorg K (GMT+1) from comment #10)
> Currently we don't have any preference security.onecrl.* defined or set.
> 
> Then investigate the OneCRL function in another bug with Mark's help. Sounds
> fair?

Sounds like a good plan. This should be done asap as it seems oneCRL originally landed in 43 (without TB noticing), and so this security feature should be checked for 45 as well.
(Reporter)

Comment 12

2 years ago
https://hg.mozilla.org/comm-central/rev/57ada76a9c40be3115d8e4dd3e665c2a1ba28837
Bug 1247662 - Added preferences for kinto. r=aleth
(Reporter)

Updated

2 years ago
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 47.0
(Assignee)

Comment 13

2 years ago
To be continued in bug 1248557.

Updated

a year ago
Assignee: nobody → mozilla
You need to log in before you can comment on or make changes to this bug.