Pfu - JavaScript error: /home/worker/scripts/genHPKPStaticPins.js, line 486: Error: ERROR: Can't find 'Baltimore CyberTrust Root' in certNameToSKD
Categories
(Core :: Security: PSM, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr128 | --- | unaffected |
| firefox-esr140 | --- | unaffected |
| firefox140 | --- | unaffected |
| firefox141 | --- | unaffected |
| firefox142 | + | fixed |
People
(Reporter: abutkovits, Assigned: jschanck)
References
(Regression)
Details
(Keywords: regression, Whiteboard: [psm-assigned])
Attachments
(1 file)
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=517780122&repo=mozilla-central&lineNumber=124291
Full log: https://firefoxci.taskcluster-artifacts.net/Ms34o5ysR_OTTRt0Qatzng/0/public/logs/live_backing.log
[1766] Sandbox: CanCreateUserNamespace() clone() failure: EPERM
JavaScript error: /home/worker/scripts/genHPKPStaticPins.js, line 486: Error: ERROR: Can't find 'Baltimore CyberTrust Root' in certNameToSKD
[Parent 1766, IPC I/O Parent] WARNING: process 1791 exited with status 127: file /builds/worker/checkouts/gecko/ipc/chromium/src/chrome/common/process_watcher_posix_sigchld.cc:128
+ echo 'HPKP preload list generation failed'
HPKP preload list generation failed
+ exit 54
[taskcluster 2025-07-14 11:27:21.665Z] === Task Finished ===
[taskcluster 2025-07-14 11:27:21.672Z] Artifact "public/build/StaticHPKPins.h.diff" not found at "/home/worker/artifacts/StaticHPKPins.h.diff": (HTTP code 404) no such container - Could not find the file /home/worker/artifacts/StaticHPKPins.h.diff in container 2168ab0bd9752be3bb2254bf5b82a1728b7d76de874ff52efae97ce84678277a
[taskcluster 2025-07-14 11:27:21.684Z] Artifact "public/build/remote-settings.diff" not found at "/home/worker/artifacts/remote-settings.diff": (HTTP code 404) no such container - Could not find the file /home/worker/artifacts/remote-settings.diff in container 2168ab0bd9752be3bb2254bf5b82a1728b7d76de874ff52efae97ce84678277a
[taskcluster 2025-07-14 11:27:21.688Z] Artifact "public/build/initial_experiments.diff" not found at "/home/worker/artifacts/initial_experiments.diff": (HTTP code 404) no such container - Could not find the file /home/worker/artifacts/initial_experiments.diff in container 2168ab0bd9752be3bb2254bf5b82a1728b7d76de874ff52efae97ce84678277a
[taskcluster 2025-07-14 11:27:21.896Z] Unsuccessful task run with exit code: 54 completed in 11799.741 seconds```
|
||
Comment 1•19 days ago
•
|
||
:anna.weine could this be related to all the changes for bug 1974515 (particularly bug 1961848?)
This is blocking the remote setting pfu job from running in central
|
|
||
Updated•19 days ago
|
|
|
||
Comment 2•19 days ago
|
||
adding NI to :jschanck since it might be anna's EOD
|
Reporter | |
Updated•18 days ago
|
|
Assignee | |
Comment 3•18 days ago
|
||
We removed the expired Baltimore CyberTrust Root in Bug 1961848. Dana, is there a script that we're supposed to run after an NSS uplift to keep PreloadedHPKPins.json up-to-date, or did we need to remove the root from there manually?
|
||
Comment 4•18 days ago
|
||
Yeah, we need to be running dumpGoogleRoots.js whenever either our roots or Google's roots change. Unfortunately, I can't get the script to run right now (either it's bitrotted or my machine doesn't like an unsigned binary making an outbound connection - I can't tell yet). In any case, this is maybe something we should rewrite in python and run automatically. In the meantime, since the root has expired, I imagine Google's not relying on it, so we can comment out that line for now.
|
|
Assignee | |
Comment 5•18 days ago
|
||
|
||
Updated•18 days ago
|
|
|
||
Updated•18 days ago
|
|
||
Updated•15 days ago
|
|
||
Updated•8 days ago
|
Description
•