From 3960318b87ffa4a229f2e8f7fd5a6f43336a5eb4 Mon Sep 17 00:00:00 2001 From: Roland Shoemaker Date: Tue, 12 Dec 2023 09:28:03 -0800 Subject: [release-branch.go1.21] crypto/x509: properly gate test on macos version Fixes the gating of TestIssue51759 by shelling out to sw_vers to check what version of macOS we are on. For #64677 Fixes #65380 Change-Id: I5eef4fa39e5449e7b2aa73864625c3abf002aef8 Reviewed-on: https://go-review.googlesource.com/c/go/+/549195 Reviewed-by: Bryan Mills Auto-Submit: Roland Shoemaker LUCI-TryBot-Result: Go LUCI (cherry picked from commit 400e24a8be852e7b20eb4af1999b28c20bb4ea21) Reviewed-on: https://go-review.googlesource.com/c/go/+/559517 Auto-Submit: Michael Pratt Reviewed-by: Dmitri Shuralyov --- src/crypto/x509/verify_test.go | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/src/crypto/x509/verify_test.go b/src/crypto/x509/verify_test.go index 3551b470ce..37f13f861f 100644 --- a/src/crypto/x509/verify_test.go +++ b/src/crypto/x509/verify_test.go @@ -16,9 +16,11 @@ import ( "fmt" "internal/testenv" "math/big" + "os/exec" "reflect" "runtime" "sort" + "strconv" "strings" "testing" "time" @@ -1867,17 +1869,40 @@ func TestSystemRootsErrorUnwrap(t *testing.T) { } } +func macosMajorVersion(t *testing.T) (int, error) { + cmd := testenv.Command(t, "sw_vers", "-productVersion") + out, err := cmd.Output() + if err != nil { + if ee, ok := err.(*exec.ExitError); ok && len(ee.Stderr) > 0 { + return 0, fmt.Errorf("%v: %v\n%s", cmd, err, ee.Stderr) + } + return 0, fmt.Errorf("%v: %v", cmd, err) + } + before, _, ok := strings.Cut(string(out), ".") + major, err := strconv.Atoi(before) + if !ok || err != nil { + return 0, fmt.Errorf("%v: unexpected output: %q", cmd, out) + } + + return major, nil +} + func TestIssue51759(t *testing.T) { if runtime.GOOS != "darwin" { t.Skip("only affects darwin") } - builder := testenv.Builder() - if builder == "" { - t.Skip("only run this test on the builders, as we have no reasonable way to gate tests on macOS versions elsewhere") - } - if builder == "darwin-amd64-10_14" || builder == "darwin-amd64-10_15" { + + testenv.MustHaveExecPath(t, "sw_vers") + if vers, err := macosMajorVersion(t); err != nil { + if builder := testenv.Builder(); builder != "" { + t.Fatalf("unable to determine macOS version: %s", err) + } else { + t.Skip("unable to determine macOS version") + } + } else if vers < 11 { t.Skip("behavior only enforced in macOS 11 and after") } + // badCertData contains a cert that we parse as valid // but that macOS SecCertificateCreateWithData rejects. const badCertData = "0\x82\x01U0\x82\x01\a\xa0\x03\x02\x01\x02\x02\x01\x020\x05\x06\x03+ep0R1P0N\x06\x03U\x04\x03\x13Gderpkey8dc58100b2493614ee1692831a461f3f4dd3f9b3b088e244f887f81b4906ac260\x1e\x17\r220112235755Z\x17\r220313235755Z0R1P0N\x06\x03U\x04\x03\x13Gderpkey8dc58100b2493614ee1692831a461f3f4dd3f9b3b088e244f887f81b4906ac260*0\x05\x06\x03+ep\x03!\x00bA\xd8e\xadW\xcb\xefZ\x89\xb5\"\x1eR\x9d\xba\x0e:\x1042Q@\u007f\xbd\xfb{ks\x04\xd1£\x020\x000\x05\x06\x03+ep\x03A\x00[\xa7\x06y\x86(\x94\x97\x9eLwA\x00\x01x\xaa\xbc\xbd Ê]\n(΅!ف0\xf5\x9a%I\x19<\xffo\xf1\xeaaf@\xb1\xa7\xaf\xfd\xe9R\xc7\x0f\x8d&\xd5\xfc\x0f;Ϙ\x82\x84a\xbc\r" -- cgit v1.2.3-54-g00ecf