Closed
Bug 193394
Opened 22 years ago
Closed 22 years ago
cert.sh doesn't check modutils return after switching to fips mode
Categories
(NSS :: Test, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: sonja.mirtitsch, Assigned: bishakhabanerjee)
Details
Attachments
(3 files)
746 bytes,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
558 bytes,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
680 bytes,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
modutil failed in tinderbox QA on AIX 4.3 32 bit to switch to fips mode, but no error was reported in results.html: certutil -N -d . -f ../tests.fipspw.52226 cert.sh: Enable FIPS mode on database ----------------------- WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q <enter>' to abort, or <enter> to continue: Using database directory .... ERROR: Unable to switch FIPS modes. cert.sh: Generate Certificate for FIPS PUB 140-1 Test Certificate -------------------------- certutil -s "CN=FIPS PUB 140-1 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140-1, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140-1_Test_Certificate -x -t Cu,Cu,Cu -d . -f ../tests.fipspw.52226 -k dsa -m 500 -z ../tes ts_noise.52226 Generating key. This may take a few moments... cert.sh SUCCESS: FIPS passed cert.sh cert.sh: finished cert.sh
Reporter | ||
Comment 1•22 years ago
|
||
Comment 2•22 years ago
|
||
Comment on attachment 114471 [details] [diff] [review] patch to move assignement before modutil r=wtc. Please go ahead and check it into the tip. So an assignment like CU_ACTION="..." also has an exit code? We might also want to echo the modutil command so that it is shown in the output.log.
Attachment #114471 -
Flags: review+
Reporter | ||
Comment 3•22 years ago
|
||
patch checked in
> So an assignment like
> CU_ACTION="..."
> also has an exit code?
yes, I tested it in a bash and a sh from the commandline:
kentuckyderby(63) sh
$ ls this-file-does-not-exist
this-file-does-not-exist: No such file or directory
$ echo $?
2
$ ls this-file-does-not-exist
this-file-does-not-exist: No such file or directory
$ a=b
$ echo $?
0
$
Reporter | ||
Comment 4•22 years ago
|
||
Comment 5•22 years ago
|
||
Comment on attachment 114477 [details] [diff] [review] echo modutil command line to stdout r=wtc.
Attachment #114477 -
Flags: review+
Reporter | ||
Comment 6•22 years ago
|
||
The same error showed up on AIX 4.3 64 bit, but this time the error was reported in the result.html as well. 2nd part of the fix (echo modutil line) checked in as well, but found a 3rd problem, that the returncode does not get reported correctly in log file (still says 0). Will attach new patch cert.sh: Enable FIPS mode on database ----------------------- WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q <enter>' to abort, or <enter> to continue: Using database directory .... ERROR: Unable to switch FIPS modes. cert.sh ERROR: Enable FIPS mode on database for FIPS PUB 140-1 Test Certificate failed 0 cert.sh: Generate Certificate for FIPS PUB 140-1 Test Certificate --------------------------
Reporter | ||
Comment 7•22 years ago
|
||
Comment 8•22 years ago
|
||
Comment on attachment 114940 [details] [diff] [review] assign return code to variable r=wtc.
Attachment #114940 -
Flags: review+
Reporter | ||
Comment 9•22 years ago
|
||
failed again, prints return code now hbombaix.2 Enable FIPS mode on database for FIPS PUB 140-1 Test Certificate (11) Failed hbombaix.2 Verify this module is in FIPS mode (modutil -chkfips true) Failed hbombaix.2/output.log:ERROR: Unable to switch FIPS modes. hbombaix.2/output.log:cert.sh ERROR: Enable FIPS mode on database for FIPS PUB 140-1 Test Certificate failed 11
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•