g-k
commented
6 years ago refs: https://travis-ci.org/mozilla-releng/signingscript/builds/438798351
signingscript/test/integration/test_autograph.py::test_integration_autograph_apk FAILED
=================================== FAILURES ===================================
________________________ test_integration_autograph_apk ________________________
context = <scriptworker.context.Context object at 0x7f23af00f940>
tmpdir = local('/tmp/pytest-of-travis/pytest-0/test_integration_autograph_apk0')
@pytest.mark.asyncio
@skip_when_no_autograph_server
async def test_integration_autograph_apk(context, tmpdir):
file_name = 'app.apk'
original_file_path = os.path.join(TEST_DATA_DIR, file_name)
copied_file_folder = os.path.join(context.config['work_dir'], 'cot', 'upstream-task-id1')
makedirs(copied_file_folder)
shutil.copy(original_file_path, copied_file_folder)
context.config['signing_server_config'] = _write_server_config(tmpdir)
context.task = _craft_task([file_name], signing_format='autograph_apk')
keystore_path = os.path.join(tmpdir, 'keystore')
certificate_path = os.path.join(TEST_DATA_DIR, 'autograph_apk.pub')
certificate_alias = 'autograph_apk'
_instanciate_keystore(keystore_path, certificate_path, certificate_alias)
await async_main(context)
signed_path = os.path.join(tmpdir, 'artifact', file_name)
> assert _verify_apk_signature(keystore_path, signed_path, certificate_alias)
E AssertionError: assert False
E + where False = _verify_apk_signature('/tmp/pytest-of-travis/pytest-0/test_integration_autograph_apk0/keystore', '/tmp/pytest-of-travis/pytest-0/test_integration_autograph_apk0/artifact/app.apk', 'autograph_apk')
signingscript/test/integration/test_autograph.py:207: AssertionErrorstdout and stderr from _verify_apk_signature shelling out:
- Signed by "CN=Signingscript Test Key, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown"
Digest algorithm: SHA-256
Signature algorithm: SHA256withSHA256withRSA, 2048-bit key
jar verified, with signer errors.
Error:
This jar contains entries whose certificate chain is invalid. Reason: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certificatio
n path to requested target
This jar contains signed entries which are not signed by the specified alias(es).
This jar contains signed entries that are not signed by alias in this keystore.
This jar contains entries whose signer certificate is self-signed.
Warning:
This jar contains signatures that do not include a timestamp. Without a timestamp, users may not be able to validate this jar after any of the signer certificates expire (as early as 2046-01
-05).Since this only breaks in 3.7 it's probably due to a Python change. There are a few subprocess changes in 3.7, but nothing obvious.
bpo-32844: Fix wrong redirection of a low descriptor (0 or 1) to stderr in subprocess if another low descriptor is closed. bpo-31178: Fix string concatenation bug in rare error path in the subprocess module
escapewindow
As of this morning. Previously green tests are busted.