rustls-native-certs
rustls-native-certs copied to clipboard
Published
20 hours ago •
rustls
rustls
macOS integration tests hang in CI
Successful run from Apr 23:
Current runner version: '2.323.0'
Operating System
macOS
14.7.4
23H420
Runner Image
Image: macos-14-arm64
Version: 20250331.1204
Included Software: https://github.com/actions/runner-images/blob/macos-14-arm64/20250331.1204/images/macos/macos-14-arm64-Readme.md
Image Release: https://github.com/actions/runner-images/releases/tag/macos-14-arm64%2F20250331.1204
Failing run from Apr 28:
Current runner version: '2.323.0'
Operating System
macOS
14.7.5
23H527
Runner Image
Image: macos-14-arm64
Version: 20250421.1374
Included Software: https://github.com/actions/runner-images/blob/macos-14-arm64/20250421.1374/images/macos/macos-14-arm64-Readme.md
Image Release: https://github.com/actions/runner-images/releases/tag/macos-14-arm64%2F20250421.1374
Failing log:
+ ANY_CA_PEM=integration-tests/one-existing-ca.pem
+ ANY_CA_SUBJECT='OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign'
+ security authorizationdb write com.apple.trust-settings.admin allow
YES (0)
+ reset
+ security remove-trusted-cert -d integration-tests/one-existing-ca.pem
SecTrustSettingsRemoveTrustSettings: The specified item could not be found in the keychain.
+ true
+ list
+ cargo test util_list_certs -- --nocapture
+ grep 'OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign'
cert[95] = OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
+ test_distrust_existing_root
+ assert_exists 'OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign'
+ list
+ cargo test util_list_certs -- --nocapture
+ grep 'OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign'
+ security add-trusted-cert -d -r deny integration-tests/one-existing-ca.pem
+ assert_missing 'OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign'
+ set +e
+ list
+ cargo test util_list_certs -- --nocapture
+ grep 'OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign'
+ ret=1
+ set -e
+ test 1 -eq 1
+ reset
+ security remove-trusted-cert -d integration-tests/one-existing-ca.pem
[ .. hangs .. ]
https://github.com/actions/runner-images/issues/11893 suggests that security authorizationdb write com.apple.trust-settings.admin allow might stop working on macOS 15 runners. This was recommended to us in https://github.com/actions/runner-images/issues/4734.
