Bugzilla – Bug 1216059
[Build 26.1] FIPS setup failing for many scenarios with Core dump
Last modified: 2023-12-01 09:30:06 UTC
#### Observation FIPS setup is broken seems several builds for many test scenarios: See the failing ones here for latest build: https://openqa.suse.de/tests/overview?result=failed&arch=&flavor=&machine=&test=&modules=fips_setup&module_re=&modules_result=failed&distri=sle&version=15-SP6&build=26.1&groupid=268# and the passing ones: https://openqa.suse.de/tests/overview?arch=&flavor=&machine=&test=&modules=fips_setup&module_re=&modules_result=passed&distri=sle&version=15-SP6&build=26.1&groupid=268# See the core dumps in any of the jobs in serial0.txt for example: https://openqa.suse.de/tests/12409540/logfile?filename=serial0.txt I could provide more info, but didn't have the time to dive deeper yet, but I wanted to share the big impact of this failure in test coverage as soon as possible.
[ 2.070819][ T115] (sd-e[115]: /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator terminated by signal ABRT. could be missing fips packages causing abort
A previous failure in the same test in latest build. https://openqa.suse.de/tests/12410728#step/fips_setup/19 so in previous build was also there: https://openqa.suse.de/tests/12306353#step/fips_setup/62 We have a ticket for adapting the automation with the problem installing the pattern https://progress.opensuse.org/issues/135401 but it is this connected as well?
but the fips pattern is there now according t o the serial terminal output.
i will need to test this on a local vm :(
ok. even without vm we need to remove the hmac packages from dracut-fips Currently we only removed libgcrypt, but will do so for libopenssl1_1-hmac soonish. dracut maintainers, can you remove the Requires: libgcrypt20-hmac line from the dracut-fips package?
(In reply to Marcus Meissner from comment #5) > ok. even without vm we need to remove the hmac packages from dracut-fips > > Currently we only removed libgcrypt, but will do so for libopenssl1_1-hmac > soonish. > > dracut maintainers, can you remove the > > Requires: libgcrypt20-hmac > > line from the dracut-fips package? Sure: https://build.suse.de/request/show/310834
(In reply to Marcus Meissner from comment #5) > dracut maintainers, can you remove the > > Requires: libgcrypt20-hmac > > line from the dracut-fips package? Marcus, I was asked if this change shouldn't be submitted to Factory first. Could you provide some feedback about that?
yes, factory should get the same fix. currently I think the issue is that libgcrypt20-hmac is still available (but wrong version) on SLES 15 SP6, but not on Favtory anymore.
(In reply to Marcus Meissner from comment #8) > yes, factory should get the same fix. > > currently I think the issue is that libgcrypt20-hmac is still available (but > wrong version) on SLES 15 SP6, but not on Favtory anymore. Ok, I'll patch Factory as well. Thanks!