Closed Bug 193394 Opened 22 years ago Closed 22 years ago

cert.sh doesn't check modutils return after switching to fips mode

Categories

(NSS :: Test, defect)

Product:
NSS
Component:
Test
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: sonja.mirtitsch, Assigned: bishakhabanerjee)

Details

Attachments

(3 files)

patch to move assignement before modutil
746 bytes, patch
wtc
: review+
Details | Diff | Splinter Review
echo modutil command line to stdout
558 bytes, patch
wtc
: review+
Details | Diff | Splinter Review
assign return code to variable
680 bytes, patch
wtc
: review+
Details | Diff | Splinter Review
modutil failed in tinderbox QA on AIX 4.3 32 bit to switch to fips mode, but no error was reported in results.html: certutil -N -d . -f ../tests.fipspw.52226 cert.sh: Enable FIPS mode on database ----------------------- WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q <enter>' to abort, or <enter> to continue: Using database directory .... ERROR: Unable to switch FIPS modes. cert.sh: Generate Certificate for FIPS PUB 140-1 Test Certificate -------------------------- certutil -s "CN=FIPS PUB 140-1 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140-1, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140-1_Test_Certificate -x -t Cu,Cu,Cu -d . -f ../tests.fipspw.52226 -k dsa -m 500 -z ../tes ts_noise.52226 Generating key. This may take a few moments... cert.sh SUCCESS: FIPS passed cert.sh cert.sh: finished cert.sh
Comment on attachment 114471 [details] [diff] [review] patch to move assignement before modutil r=wtc. Please go ahead and check it into the tip. So an assignment like CU_ACTION="..." also has an exit code? We might also want to echo the modutil command so that it is shown in the output.log.
Attachment #114471 - Flags: review+
patch checked in > So an assignment like > CU_ACTION="..." > also has an exit code? yes, I tested it in a bash and a sh from the commandline: kentuckyderby(63) sh $ ls this-file-does-not-exist this-file-does-not-exist: No such file or directory $ echo $? 2 $ ls this-file-does-not-exist this-file-does-not-exist: No such file or directory $ a=b $ echo $? 0 $
Comment on attachment 114477 [details] [diff] [review] echo modutil command line to stdout r=wtc.
Attachment #114477 - Flags: review+
The same error showed up on AIX 4.3 64 bit, but this time the error was reported in the result.html as well. 2nd part of the fix (echo modutil line) checked in as well, but found a 3rd problem, that the returncode does not get reported correctly in log file (still says 0). Will attach new patch cert.sh: Enable FIPS mode on database ----------------------- WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running, you should exit browser before continuing this operation. Type 'q <enter>' to abort, or <enter> to continue: Using database directory .... ERROR: Unable to switch FIPS modes. cert.sh ERROR: Enable FIPS mode on database for FIPS PUB 140-1 Test Certificate failed 0 cert.sh: Generate Certificate for FIPS PUB 140-1 Test Certificate --------------------------
Comment on attachment 114940 [details] [diff] [review] assign return code to variable r=wtc.
Attachment #114940 - Flags: review+
failed again, prints return code now hbombaix.2 Enable FIPS mode on database for FIPS PUB 140-1 Test Certificate (11) Failed hbombaix.2 Verify this module is in FIPS mode (modutil -chkfips true) Failed hbombaix.2/output.log:ERROR: Unable to switch FIPS modes. hbombaix.2/output.log:cert.sh ERROR: Enable FIPS mode on database for FIPS PUB 140-1 Test Certificate failed 11
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: