Mailing List Archive

Hi there,

I tried to check, whether the few remaining sporadic test failures
during pytest can be solved by updating pebble form 2.4.0 to 2.5.1
(which seems to be the same as 2.5.0).

Unfortunately I get a lot of FAILED md tests with that version. Does
anyone see the same?

Here's some more detailed info:

17:10:10.216348
modules/md/test_502_acmev2_drive.py::TestDrivev2::test_md_502_100
17:10:10.216348
modules/md/test_502_acmev2_drive.py::TestDrivev2::test_md_502_101
17:10:10.216348
modules/md/test_502_acmev2_drive.py::TestDrivev2::test_md_502_103
17:10:10.216348
modules/md/test_502_acmev2_drive.py::TestDrivev2::test_md_502_105
17:10:10.216348
modules/md/test_502_acmev2_drive.py::TestDrivev2::test_md_502_107
17:10:10.216348
modules/md/test_502_acmev2_drive.py::TestDrivev2::test_md_502_108
17:10:10.216348
modules/md/test_502_acmev2_drive.py::TestDrivev2::test_md_502_200
17:10:10.216348
modules/md/test_602_roundtrip.py::TestRoundtripv2::test_md_602_000
17:10:10.216348
modules/md/test_602_roundtrip.py::TestRoundtripv2::test_md_602_001
17:10:10.216529
modules/md/test_602_roundtrip.py::TestRoundtripv2::test_md_602_002
17:10:10.216529 modules/md/test_702_auto.py::TestAutov2::test_md_702_001
17:10:10.216529 modules/md/test_702_auto.py::TestAutov2::test_md_702_002
17:10:10.216529 modules/md/test_702_auto.py::TestAutov2::test_md_702_003
17:10:10.216529
modules/md/test_702_auto.py::TestAutov2::test_md_702_004[tls-alpn-01]
17:10:10.216529
modules/md/test_702_auto.py::TestAutov2::test_md_702_004[http-01]
17:10:10.216529 modules/md/test_702_auto.py::TestAutov2::test_md_702_030
17:10:10.216529 modules/md/test_702_auto.py::TestAutov2::test_md_702_031
17:10:10.216529 modules/md/test_702_auto.py::TestAutov2::test_md_702_032
17:10:10.216529 modules/md/test_702_auto.py::TestAutov2::test_md_702_040
17:10:10.216529
modules/md/test_702_auto.py::TestAutov2::test_md_702_044[tls-alpn-01]
17:10:10.216529
modules/md/test_720_wildcard.py::TestWildcard::test_md_720_002b
17:10:10.216529
modules/md/test_720_wildcard.py::TestWildcard::test_md_720_004
17:10:10.216529
modules/md/test_720_wildcard.py::TestWildcard::test_md_720_005
17:10:10.216529
modules/md/test_720_wildcard.py::TestWildcard::test_md_720_006
17:10:10.216529
modules/md/test_720_wildcard.py::TestWildcard::test_md_720_007
17:10:10.216529 modules/md/test_750_eab.py::TestEab::test_md_750_003
17:10:10.216529 modules/md/test_750_eab.py::TestEab::test_md_750_004
17:10:10.216529 modules/md/test_750_eab.py::TestEab::test_md_750_005
17:10:10.216529 modules/md/test_750_eab.py::TestEab::test_md_750_010
17:10:10.216529 modules/md/test_750_eab.py::TestEab::test_md_750_011
17:10:10.216529 modules/md/test_750_eab.py::TestEab::test_md_750_012
17:10:10.216529 modules/md/test_750_eab.py::TestEab::test_md_750_013
17:10:10.216529 modules/md/test_750_eab.py::TestEab::test_md_750_014
17:10:10.216529 modules/md/test_750_eab.py::TestEab::test_md_750_015
17:10:10.216529 modules/md/test_750_eab.py::TestEab::test_md_750_016
17:10:10.216529 modules/md/test_750_eab.py::TestEab::test_md_750_022

The failures in test_750_eab.py seem to be related to the following
HS256 error messages in the httpd error log:

[Sun Apr 07 17:13:24.571712 2024] [watchdog:debug] [pid 5554:tid
140101761058560] mod_watchdog.c(170): AH02972: Singleton Watchdog
(_md_renew_) running
[Sun Apr 07 17:13:24.571824 2024] [md:debug] [pid 5554:tid
140101761058560] mod_md_drive.c(203): AH10054: md watchdog start, auto
drive 1 mds
[Sun Apr 07 17:13:24.672025 2024] [md:debug] [pid 5554:tid
140101761058560] mod_md_drive.c(208): AH10055: md watchdog run, auto
drive 1 mds
[Sun Apr 07 17:13:24.672112 2024] [md:debug] [pid 5554:tid
140101761058560] mod_md_drive.c(109): AH10052:
md(test-md-750-003-1712502785.org): state=1, driving
[Sun Apr 07 17:13:24.672491 2024] [md:debug] [pid 5554:tid
140101761058560] md_reg.c(1112): test-md-750-003-1712502785.org: init done
[Sun Apr 07 17:13:24.672512 2024] [md:debug] [pid 5554:tid
140101761058560] md_reg.c(1157): test-md-750-003-1712502785.org: run staging
[Sun Apr 07 17:13:24.672553 2024] [md:debug] [pid 5554:tid
140101761058560] md_acme_drive.c(714): test-md-750-003-1712502785.org:
staging started, state=1, attempt=0, acme=https://localhost:14000/dir,
challenges='http-01'
[Sun Apr 07 17:13:24.672755 2024] [md:debug] [pid 5554:tid
140101761058560] md_acme_drive.c(752): test-md-750-003-1712502785.org:
setup staging
[Sun Apr 07 17:13:24.673058 2024] [md:debug] [pid 5554:tid
140101761058560] md_acme.c(776): get directory from
https://localhost:14000/dir
[Sun Apr 07 17:13:24.686700 2024] [md:debug] [pid 5554:tid
140101761058560] md_acmev2_drive.c(101): test-md-750-003-1712502785.org:
(ACMEv2) need certificate
[Sun Apr 07 17:13:24.686756 2024] [md:debug] [pid 5554:tid
140101761058560] md_acme_drive.c(115): (2)No such file or directory:
ACME: looking at existing accounts
[Sun Apr 07 17:13:24.686925 2024] [md:debug] [pid 5554:tid
140101761058560] md_acme_acct.c(371): no account found, looking in STAGING
[Sun Apr 07 17:13:24.687134 2024] [md:debug] [pid 5554:tid
140101761058560] md_acme_drive.c(128): (2)No such file or directory:
ACME: creating new account
[Sun Apr 07 17:13:24.687165 2024] [md:debug] [pid 5554:tid
140101761058560] md_acme_acct.c(583): create new account
[Sun Apr 07 17:13:26.328321 2024] [md:debug] [pid 5554:tid
140101761058560] md_acme_acct.c(652): created new account key
[Sun Apr 07 17:13:26.328362 2024] [md:debug] [pid 5554:tid
140101761058560] md_acme.c(344): sending req: POST
https://localhost:14000/sign-me-up
[Sun Apr 07 17:13:26.342090 2024] [md:debug] [pid 5554:tid
140101761058560] md_acme.c(400): req: POST
https://localhost:14000/sign-me-up
[Sun Apr 07 17:13:26.347562 2024] [md:warn] [pid 5554:tid
140101761058560] (22)Invalid argument: acme problem
urn:ietf:params:acme:error:malformed: failed to decode external account
binding: go-jose/go-jose: unexpected signature algorithm "HS256";
expected ["RS256" "ES256" "ES384" "ES512"]
[Sun Apr 07 17:13:26.347617 2024] [md:debug] [pid 5554:tid
140101761058560] md_acme.c(419): (22)Invalid argument: req sent
[Sun Apr 07 17:13:26.348863 2024] [md:error] [pid 5554:tid
140101761058560] (22)Invalid argument:
md[test-md-750-003-1712502785.org]
problem[urn:ietf:params:acme:error:malformed] detail[.failed to decode
external account binding: go-jose/go-jose: unexpected signature
algorithm "HS256"; expected ["RS256" "ES256" "ES384" "ES512"]]
[Sun Apr 07 17:13:26.348893 2024] [md:debug] [pid 5554:tid
140101761058560] md_result.c(254): (22)Invalid argument:
md[test-md-750-003-1712502785.org]
problem[urn:ietf:params:acme:error:malformed] detail[.failed to decode
external account binding: go-jose/go-jose: unexpected signature
algorithm "HS256"; expected ["RS256" "ES256" "ES384" "ES512"]]
[Sun Apr 07 17:13:26.348908 2024] [md:debug] [pid 5554:tid
140101761058560] md_result.c(254): (22)Invalid argument:
md[test-md-750-003-1712502785.org]
problem[urn:ietf:params:acme:error:malformed] detail[.failed to decode
external account binding: go-jose/go-jose: unexpected signature
algorithm "HS256"; expected ["RS256" "ES256" "ES384" "ES512"]]
[Sun Apr 07 17:13:26.348921 2024] [md:debug] [pid 5554:tid
140101761058560] md_reg.c(1163): (22)Invalid argument:
test-md-750-003-1712502785.org: staging done
[Sun Apr 07 17:13:26.349888 2024] [md:error] [pid 5554:tid
140101761058560] (22)Invalid argument: AH10056: processing
test-md-750-003-1712502785.org: failed to decode external account
binding: go-jose/go-jose: unexpected signature algorithm "HS256";
expected ["RS256" "ES256" "ES384" "ES512"]
[Sun Apr 07 17:13:26.349992 2024] [md:info] [pid 5554:tid
140101761058560] AH10057: test-md-750-003-1712502785.org: encountered
error for the 1. time, next run in 1 days 11 hours 54 minutes 21 seconds
[Sun Apr 07 17:13:26.350635 2024] [md:debug] [pid 5554:tid
140101761058560] mod_md_drive.c(230): AH10107: next run in 11 hours 59
minutes 58 seconds

Other tests fail for other reasons.

For the sake of completeness: to build pebble 2.5.1 on ALMA 8.9 I has to
apply the following small changes, since the go version there is a
patches 1.20 instead of 1.21 and 1.20 does not yet have the max(int64,
int64) function introduced in 1.21:

diff --git a/go.mod b/go.mod
index 7c78cd2..8de4c2f 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
module github.com/letsencrypt/pebble/v2

-go 1.21
+go 1.20

require (
github.com/go-jose/go-jose/v4 v4.0.1
diff --git a/vendor/github.com/go-jose/go-jose/v4/encoding.go
b/vendor/github.com/go-jose/go-jose/v4/encoding.go
index 4f6e0d4..1c94281 100644
--- a/vendor/github.com/go-jose/go-jose/v4/encoding.go
+++ b/vendor/github.com/go-jose/go-jose/v4/encoding.go
@@ -98,6 +98,13 @@ func deflate(input []byte) ([]byte, error) {
return output.Bytes(), err
}

+func mymax(x, y int64) int64 {
+ if x < y {
+ return y
+ }
+ return x
+}
+
// inflate decompresses the input.
//
// Errors if the decompressed data would be >250kB or >10x the size of the
@@ -106,7 +113,7 @@ func inflate(input []byte) ([]byte, error) {
output := new(bytes.Buffer)
reader := flate.NewReader(bytes.NewBuffer(input))

- maxCompressedSize := max(250_000, 10*int64(len(input)))
+ maxCompressedSize := mymax(250_000, 10*int64(len(input)))

limit := maxCompressedSize + 1
n, err := io.CopyN(output, reader, limit)
diff --git a/vendor/modules.txt b/vendor/modules.txt
index d81930c..03ddbe8 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,5 +1,5 @@
# github.com/go-jose/go-jose/v4 v4.0.1
-## explicit; go 1.21
+## explicit; go 1.20
github.com/go-jose/go-jose/v4
github.com/go-jose/go-jose/v4/cipher
github.com/go-jose/go-jose/v4/json

Best regards,

Rainer