Bug 1220390 - fips pattern not found
Summary: fips pattern not found
Status: RESOLVED FIXED
Alias: None
Product: PUBLIC SUSE Linux Enterprise Micro 6.0
Classification: openSUSE
Component: Patterns (show other bugs)
Version: unspecified
Hardware: Other Other
: P1 - Urgent : Normal
Target Milestone: ---
Assignee: Marcus Meissner
QA Contact: Jose Lausuch
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-02-27 08:17 UTC by Martin Loviska
Modified: 2024-04-16 07:10 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
zypper.log (185.14 KB, application/x-xz-compressed-tar)
2024-02-27 08:17 UTC, Martin Loviska 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Loviska 2024-02-27 08:17:47 UTC 
Created attachment 873020 [details]
zypper.log

Trying to setup fips on sle-micro 6.0 does not work as the pattern package is missing. 

> # transactional-update setup-fips


2024-02-27 09:07:16 tukit 4.5.0 started
2024-02-27 09:07:16 Options: call 3 zypper install -y --auto-agree-with-product-licenses pattern() = fips
2024-02-27 09:07:18 Executing `zypper install -y --auto-agree-with-product-licenses pattern() = fips`:
Refreshing service 'SUSE_Linux_Enterprise_Micro_6.0_x86_64'.
Loading repository data...
Reading installed packages...
'pattern() = fips' not found in package names. Trying capabilities.
No provider of 'pattern() = fips' found.
2024-02-27 09:07:18 Application returned with exit status 104.
ERROR: zypper install on /.snapshots/3/snapshot failed with exit code 104!
Use '--interactive' for manual problem resolution.
2024-02-27 09:07:18 tukit 4.5.0 started
2024-02-27 09:07:18 Options: call 3 sed -i -e s|\(^GRUB_CMDLINE_LINUX_DEFAULT=.*\)"|\1 fips=1"|g /etc/default/grub
2024-02-27 09:07:20 Executing `sed -i -e s|\(^GRUB_CMDLINE_LINUX_DEFAULT=.*\)"|\1 fips=1"|g /etc/default/grub`:
2024-02-27 09:07:20 Application returned with exit status 0.
2024-02-27 09:07:20 Transaction completed.
Creating new initrd
2024-02-27 09:07:20 tukit 4.5.0 started
2024-02-27 09:07:20 Options: call 3 dracut --force --regenerate-all
2024-02-27 09:07:22 Executing `dracut --force --regenerate-all`:
dracut[I]: Executing: /usr/bin/dracut --kver=6.4.0-7-default --force


> localhost:~ # zypper se fips
> Refreshing service 'SUSE_Linux_Enterprise_Micro_6.0_x86_64'.
> Loading repository data...
> Reading installed packages...

S | Name              | Summary                                                            | Type
--+-------------------+--------------------------------------------------------------------+--------
  | alp_fips          | FIPS 140-3 Support                                                 | pattern
  | dracut-fips       | Dracut modules to build a dracut initramfs with an integrity check | package
  | openssh-fips      | OpenSSH FIPS crypto module HMACs                                   | package
  | patterns-alp-fips | FIPS 140-3 Support                                                 | package
Comment 2 Timo Jyrinki 2024-02-27 13:02:22 UTC 
As a sidenote the alp_fips pattern itself is functional (see fips_setup at https://openqa.suse.de/tests/13619286).

I'm not sure what should be done about transactional-update's setup-fips feature, maybe it should at least have a useful error message? Notably SLE 15-SP4 and newer obtained crypto-policies-scripts recently which contain a "fips-mode-setup" script that is now used, so there are multiple ways. That has not been available in SLE Micro 6.0 packages however.
Comment 3 Marcus Meissner 2024-02-29 14:22:26 UTC 
fix submitted
Comment 5 Marcus Meissner 2024-03-02 15:08:09 UTC 
subnmitted