Mac10.10 bot has out-of-date Apache/OpenSSL which don't support TLS 1.0 and 1.1 |
|||||||
Issue descriptionFiled by sheriff-o-matic@appspot.gserviceaccount.com on behalf of eirage@chromium.org ...... too many results, data snipped.... and 40 other(s) in webkit_layout_tests failing on chromium.mac/Mac10.10 Tests Builders failed on: - Mac10.10 Tests: https://ci.chromium.org/p/chromium/builders/luci.chromium.ci/Mac10.10%20Tests
,
Nov 15
David, could you please take a look? reverting suspect: https://chromium-review.googlesource.com/c/chromium/src/+/1324878
,
Nov 15
CL Reverted. Removing sheriff label.
,
Nov 15
Sigh. The problem is whatever httpd is used on our 10.10 bots is also hideously out of date and insecure. It will also break in 2020. I'll suppress the warning on Mac for now, but that will need to be updated.
,
Nov 15
,
Nov 15
It looks like httpd is installed on the system on macOS? https://cs.chromium.org/chromium/src/third_party/blink/tools/blinkpy/web_tests/port/mac.py?rcl=95867883fceb13ade1fd93c20daa24617b5ad45b&l=93 +dpranke, similar issue to #747666, but on Mac. Can you help me route this to whoever maintains the httpd install on our Mac bots?
,
Nov 15
Actually +dpranke. (Monorail does a terrible job of restoring state when it shows the comment error...)
,
Nov 15
Oh! Interesting. It's actually bundled with macOS. And so probably the issue is that 10.10 is old and still back when Apple linked httpd against a very old OpenSSL. (Nowadays they appear to link against LibreSSL.)
,
Nov 16
Yeah, on mac we use the system-provided version (unfortunately). Ideally we'd switch to versions we supplied on every platform. [ Well, ideally, really we'd get rid of the dependency on apache, but that's not likely to happen any time soon ].
,
Dec 7
Should we just have some developer build an up-to-date version on their local machine and upload_to_google_storage.py, or is there a more blessed path for this sort of thing?
,
Dec 7
well ... ideally we'd have the binaries being built on an infra-managed machine and packaged up and via our 'cipd' package management system, and at some point we'll likely require this. But, we currently don't, and getting that working is more work than I'd expect a dev to do as an ad-hoc thing. So upload_to_google_storage.py is acceptable for now.
,
Dec 11
Hehe, fair enough. :-) If I wrote a script or clear instructions on how to build it in a way that works (still TBD; haven't had the time to poke at that yet), how much work would it be for someone in infra to package that up into a cipd thing? I'm happy to figure out all the Apache bits and certainly don't want to just add more work down the line unnecessarily, but yeah learning a whole lot of new infra technology and setting up things to continuously build or whatever is probably a lot of overhead.
,
Dec 11
I haven't done much with cipd myself, but hopefully it wouldn't be too bad. If you were to write up something, that'd be a good start. |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by eirage@chromium.org
, Nov 15