Bug 1719014

Summary:	Expired certificate prevents tests from running
Product:	Red Hat Enterprise Linux 7	Reporter:	Jakub Hrozek <jhrozek>
Component:	lasso	Assignee:	Jakub Hrozek <jhrozek>
Status:	CLOSED ERRATA	QA Contact:	Scott Poore <spoore>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	7.0	CC:	riehecky, spoore
Target Milestone:	rc
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	lasso-2.5.1-5.el7	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:
Clones:	1719020 (view as bug list)		Environment:
Last Closed:	2020-03-31 19:10:19 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1719020

Description Jakub Hrozek 2019-06-10 19:09:56 UTC

Description of problem:
lasso's test suite includes a test (test13_test_lasso_server_load_metadata) which loads the signed XML metadata file and checks the signatures. But the documents are signed with a certificate that expired on Mar 23 09:51:37 2019.

This means that the upstream tests fail, which typically prevents the build from passing.

It is possible to just pass NULL instead of TESTSDATADIR "/metadata/metadata-federation-renater.crt" to the lasso_server_load_metadata() call in the test test13_test_lasso_server_load_metadata() which makes the test pass, but of course at the cost of some important code paths not being tested.

Unfortunately I can't think of any way of fixing or working around this short of upstream providing a new certificate (or us patching lasso with our own metadata signed by a cert we generate), but either way, we need to get a new cert somehow.

Version-Release number of selected component (if applicable):
lasso-2.5.1-3.el7

How reproducible:
always 

Steps to Reproduce:
1. rebuild the package
2.
3.

Actual results:
tests fail

Expected results:
tests pass

Additional info:
Upstream issue: https://dev.entrouvert.org/issues/33823

Comment 2 Jakub Hrozek 2019-06-11 08:39:54 UTC

Fixed upstream in: https://dev.entrouvert.org/projects/lasso/repository/revisions/7c075657a4d64f4d8dbcd03521a0694287d5059f

Comment 3 Jakub Hrozek 2019-08-06 11:33:42 UTC

Scott, would you mind adding a qa_ack here? Just verifying that the package built is enough, currently it does not because of this bug (example of a failed build: http://download.eng.bos.redhat.com/brewroot/work/tasks/2996/22922996/build.log)

Comment 5 Scott Poore 2019-10-22 20:55:19 UTC

Verified Sanity Only.

Version:

lasso-2.5.1-5.el7.x86_64

Results:

I can see the fixed version built and installed which verifies that build time tests worked which did not before.

[root@sp1 ~]# rpm -q lasso
lasso-2.5.1-5.el7.x86_64

Also checking build log:

make[6]: Leaving directory `/builddir/build/BUILD/lasso-2.5.1/tests'
============================================================================
Testsuite summary for lasso 2.5.1
============================================================================
# TOTAL: 2
# PASS:  2
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================

...

make[8]: Leaving directory `/builddir/build/BUILD/lasso-2.5.1/bindings/python/tests'
============================================================================
Testsuite summary for lasso 2.5.1
============================================================================
# TOTAL: 2
# PASS:  2
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================

Comment 7 errata-xmlrpc 2020-03-31 19:10:19 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1002