Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 BUG: tests fail after 2027-11-11 #1124

Open
bmwiedemann opened this issue Apr 19, 2024 · 1 comment
Open

🐛 BUG: tests fail after 2027-11-11 #1124

bmwiedemann opened this issue Apr 19, 2024 · 1 comment
Labels
NeedsFix The path to resolution is known, but the work has not been done.
Milestone
v1.10.0

Comments

@bmwiedemann
Copy link

What version of nebula are you using? (nebula -version)

1.8.2

What operating system are you using?

openSUSE Tumbleweed

Describe the Bug

While working on reproducible builds for openSUSE, I found that
our nebula-1.8.2 package fails build-tests after 2027-11-11

To reproduce on Debian or openSUSE, use
osc checkout openSUSE:Factory/nebula && cd $_
osc build --no-service --vm-type=kvm --build-opt=--vm-custom-opt=-rtc\ base=2027-11-12T00:00:00 standard

or set the system time instead.

Background:
As part of my work on reproducible builds for openSUSE, I check that software still gives identical build results in the future.
The usual offset is +16 years, because that is how long I expect some software will be used in some places.
This showed up failing tests in our package build.

Logs from affected hosts

build log (from year 2040):

 === RUN   TestNewCAPoolFromBytes
     cert_test.go:596: 
                Error Trace:    /home/abuild/rpmbuild/BUILD/nebula-1.8.2/cert/cert_test.go:596
                Error:          Expected nil, but got: &errors.errorString{s:"certificate is expired"}
                Test:           TestNewCAPoolFromBytes
     cert_test.go:601: 
                Error Trace:    /home/abuild/rpmbuild/BUILD/nebula-1.8.2/cert/cert_test.go:601
                Error:          Expected nil, but got: &errors.errorString{s:"certificate is expired"}
                Test:           TestNewCAPoolFromBytes
     cert_test.go:619: 
                Error Trace:    /home/abuild/rpmbuild/BUILD/nebula-1.8.2/cert/cert_test.go:619
                Error:          Expected nil, but got: &errors.errorString{s:"certificate is expired"}
                Test:           TestNewCAPoolFromBytes
 --- FAIL: TestNewCAPoolFromBytes (0.00s) 
 === RUN   TestUnmrshalCertPEM

Config files from affected hosts
@johnmaguire johnmaguire added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Apr 29, 2024
@johnmaguire johnmaguire added NeedsFix The path to resolution is known, but the work has not been done. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels May 7, 2024
@johnmaguire
Copy link
Collaborator

We should be able to update the tests with new certs with longer expirations (say 100 or 1000 years.)

@nbrownus informed me that one of the tests has an embedded cert from the initial implementation of nebula-cert which may have a slightly different protobuf representation than we have today. In order to update the tests, we'll need to check out the old code (from before it was released publicly) and generate a new cert using that iteration of the tool.

This is on my radar.

@wadey wadey added this to the v1.10.0 milestone May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
v1.10.0
Development

No branches or pull requests
3 participants
@wadey @johnmaguire @bmwiedemann