Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DO NOT MERGE] Investigating SSL error in GitHub Action #11643

Closed
wants to merge 3 commits into from
Closed

[DO NOT MERGE] Investigating SSL error in GitHub Action #11643

wants to merge 3 commits into from

Conversation

uranusjr
Copy link
Member

@uranusjr uranusjr commented Dec 7, 2022

Checks in recent PRs are failing weirdly, see e.g. #11634 (comment) #11639 (comment)

@uranusjr uranusjr added the skip news Does not need a NEWS file entry (eg: trivial changes) label Dec 7, 2022
@uranusjr
Copy link
Member Author

uranusjr commented Dec 7, 2022
edited

Yeah, I’m assuming something’s wrong with how setup-python’s 3.7 installation. I wonder this is related to the 3.7.16 security release.

@uranusjr
Copy link
Member Author

uranusjr commented Dec 7, 2022

Downgrading Python does not work, so this is probably in the base system. 😞

@q0w
Copy link
Contributor

q0w commented Dec 7, 2022
edited

3.7.16 is not supported yet https://github.com/actions/python-versions/blob/main/versions-manifest.json, so you did not downgrade

@uranusjr
Copy link
Member Author

uranusjr commented Dec 8, 2022

Hmm in that case it’s probably not the cause anyway, 3.7.15 has been in use since October, and the failure didn’t start until early December or at most later November. I’m tempted to say it’s related to the base Ubuntu setup, but other CI jobs are passing fine so that’s unlikely :(

@SnoopJ SnoopJ mentioned this pull request Dec 11, 2022
Closed
@pradyunsg
Copy link
Member

Spent some time looking into this.

@pradyunsg
Copy link
Member

Found it: https://github.blog/changelog/2022-12-01-github-actions-larger-runners-using-ubuntu-latest-label-will-now-use-ubuntu-22-04/

I'm guessing it's the OpenSSL version that's causing issues here.

@pradyunsg
Copy link
Member

Screenshot 2022-12-11 at 22 05 02

Screenshot 2022-12-11 at 22 05 09

Yup, that differs and I'm guessing this is some OpenSSL 3.0-related incompatibility.

@pradyunsg
Copy link
Member

All the tests failing are related to cert_factory. https://github.com/DragonFlyBSD/DragonFlyBSD/blob/97e3ace094001c5b9cbd63f152cb406cd3ca6754/crypto/libressl/ssl/ssl_err.c#L271 suggests this might be related to kerberos initialisation?

@uranusjr
Copy link
Member Author

Considering Python 3.7 is going away in six months according to the release schedule, would it make sense to simply skip the failing tests? Those are still covered by other Python versions anyway.

@pradyunsg
Copy link
Member

Yea, let's do that on 3.7.

@uranusjr uranusjr mentioned this pull request Dec 13, 2022
Merged
uranusjr added a commit that referenced this pull request Dec 14, 2022
@uranusjr
Merge pull request #11656 from uranusjr/skip-ssl-errors-on-3.7
26d914f 
Close #11643
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
skip news Does not need a NEWS file entry (eg: trivial changes)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@uranusjr @q0w @pradyunsg