Closed Bug 930194 Opened 6 years ago Closed 6 years ago

Add prerequisite checks for MozillaMaintenance Service tests that fail the tests if the build system is not properly configured

Categories

(Toolkit :: Application Update, defect)

x86_64
Windows NT
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla29

People

(Reporter: bbondy, Assigned: rstrong)

References

Details

Attachments

(2 files, 2 obsolete files)

There may be some talos machines that are misconfigured and MozillaMaintenance service tests would get skipped, and we'd never know.  

We added the skip originally so that people who run tests locally wouldn't have tests failing by default.

rstrong thought of a way around this: Check if the binary is signed, and if so, then fail a test if it will be skipped.
Assignee: netzen → robert.bugzilla
Status: NEW → ASSIGNED
Hey Brian, do you know if the test helper binary's check-signature argument works on WinXP?

http://mxr.mozilla.org/mozilla-central/source/toolkit/mozapps/update/tests/unit_aus_update/head_update.js#781

Take a look at this recent try run for what I am referring to
https://tbpl.mozilla.org/?tree=Try&rev=b8ce1f2bd3d8
I thought it did, but I don't know for sure. That's pretty strange. I'd have to debug on an XP machine to know for sure what's going on.  Or maybe modify the binary to output some extra info or return the last error.
If you are busy don't sweat it and I'll take a look when I am able.
I'll get to it soonish :)
Interim update, I installed an XP SP3 VM and setup a dev environment on it.
I ran TestAUSHelper.exe check-signature <path> in a debugger, but the VerifyCertificateTrustForFile returns ERROR_SUCCESS.

Not sure yet why the XP tests fail.
Assignee: robert.bugzilla → netzen
Is it possible that the CA used to sign the try binaries wasn't manually imported to the XP machines? Or perhaps used to, but is no longer? Everything looks right from my end.
Flags: needinfo?(bhearsum)
Attached patch patch in progress (obsolete) — Splinter Review
I'd like to get these checks in sooner rather than later even if it needs to check for XP for the time being. I've pushed to try to see what else needs to be done.
https://tbpl.mozilla.org/?tree=Try&rev=238759f03674
Assignee: netzen → robert.bugzilla
I'll submit a second patch for the other checks after the XP issue is fixed
Attachment #8337590 - Attachment is obsolete: true
Attachment #8337688 - Flags: review?(netzen)
Attachment #8337688 - Flags: review?(netzen) → review+
(In reply to Brian R. Bondy [:bbondy] from comment #6)
> Is it possible that the CA used to sign the try binaries wasn't manually
> imported to the XP machines? Or perhaps used to, but is no longer?
> Everything looks right from my end.

I would be surprised if there's an overall problem, as we haven't touched this in awhile (other than to deploy the new fingerprints for bug 803531). I'll look into this a bit more though.
Flags: needinfo?(bhearsum)
Attached file maintenance.reg (obsolete) —
Looking at t-xp32-ix-045 I see the DigiCert and Mozilla Fake CA certs. AFAICT this machine is set-up correctly, and this is one of the ones running tests in the link from comment #1.

Does it look OK to you Brian?
Flags: needinfo?(netzen)
I'm not actually concerned with the registry info being correct, but with the fake ca cert being imported manually for the same user that runs the tests. Could it be possible the root issuer wasn't imported into the certificate store for the user that runs the tests? (system account + user)
Flags: needinfo?(netzen) → needinfo?(bhearsum)
(In reply to Brian R. Bondy [:bbondy] from comment #12)
> I'm not actually concerned with the registry info being correct, but with
> the fake ca cert being imported manually for the same user that runs the
> tests. Could it be possible the root issuer wasn't imported into the
> certificate store for the user that runs the tests? (system account + user)

Ah, I see. It looks like they are missing =(. Filed bug 942847 for this.
Flags: needinfo?(bhearsum)
Glad we tracked it down, thanks for looking into it so fast :)
Summary: Add a test that fails if MozillaMaintenance Service tests are skipped but binaries are signed → Add prerequisite checks for MozillaMaintenance Service tests that fail the tests
Summary: Add prerequisite checks for MozillaMaintenance Service tests that fail the tests → Add prerequisite checks for MozillaMaintenance Service tests that fail the tests if the build system is not properly configured
Attached patch 2. final checksSplinter Review
throw when DISABLE_UPDATER_AUTHENTICODE_CHECK is not defined and the binaries aren't signed.

Bug 942847 should be fixed now but the machines have to reboot for the fix to take affect. I'll throw this at try tomorrow.
Comment on attachment 8355397 [details] [diff] [review]
2. final checks

I'll wait until next week to land this to give the machines a chance to reboot.
Attachment #8355397 - Flags: review?(netzen)
Attachment #8355397 - Flags: review?(netzen) → review+
Pushed to mozilla-inbound
https://hg.mozilla.org/integration/mozilla-inbound/rev/046258beb928
Flags: in-testsuite+
Whiteboard: [leave open]
Target Milestone: --- → mozilla29
https://hg.mozilla.org/mozilla-central/rev/046258beb928
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.