action #115775
closed[security][fips][refinement] test fails in openssl_fips_alglist
100%
Description
Taking a quick look in the comments of the attached bugs for 15-SP4 in the same testsuite, we can probably make some changes in the test as they are marked as WONTFIX.
I think it should be better to discuss it separately in a call and take together the decision :)
Observation¶
openQA test in scenario sle-15-SP5-Online-x86_64-fips_env_mode_tests_crypt_core@64bit fails in
openssl_fips_alglist
Test suite description¶
Maintainer: bchou@suse.com.
Workaround for FIPS single module mode
Reproducible¶
Fails since (at least) Build 15.2 (current job)
Expected result¶
Last good: (unknown) (or more recent)
Further details¶
Always latest result in this scenario: latest
Updated by openqa_review over 1 year ago
This is an autogenerated message for openQA integration by the openqa_review script:
This bug is still referenced in a failing openQA test: fips_env_mode_tests_crypt_core
https://openqa.suse.de/tests/9417419#step/openssl_fips_alglist/1
To prevent further reminder comments one of the following options should be followed:
- The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
- The openQA job group is moved to "Released" or "EOL" (End-of-Life)
- The bugref in the openQA scenario is removed or replaced, e.g.
label:wontfix:boo1234
Expect the next reminder at the earliest in 28 days if nothing changes in this ticket.
Updated by openqa_review over 1 year ago
This is an autogenerated message for openQA integration by the openqa_review script:
This bug is still referenced in a failing openQA test: fips_env_mode_tests_crypt_core
https://openqa.suse.de/tests/9564497#step/openssl_fips_alglist/1
To prevent further reminder comments one of the following options should be followed:
- The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
- The openQA job group is moved to "Released" or "EOL" (End-of-Life)
- The bugref in the openQA scenario is removed or replaced, e.g.
label:wontfix:boo1234
Expect the next reminder at the earliest in 28 days if nothing changes in this ticket.
Updated by tjyrinki_suse over 1 year ago
Four related bugs:
https://bugzilla.suse.com/show_bug.cgi?id=1194134
https://bugzilla.suse.com/show_bug.cgi?id=1193275
https://bugzilla.suse.com/show_bug.cgi?id=1161276
https://bugzilla.suse.com/show_bug.cgi?id=1190888
and were failing in 15-SP4 GMC already - see https://openqa.suse.de/tests/overview?distri=sle&version=15-SP4&build=151.1&groupid=268. Some bugs have now new information.
Updated by openqa_review over 1 year ago
This is an autogenerated message for openQA integration by the openqa_review script:
This bug is still referenced in a failing openQA test: fips_env_mode_tests_crypt_core
https://openqa.suse.de/tests/9680027#step/openssl_fips_alglist/1
To prevent further reminder comments one of the following options should be followed:
- The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted
- The openQA job group is moved to "Released" or "EOL" (End-of-Life)
- The bugref in the openQA scenario is removed or replaced, e.g.
label:wontfix:boo1234
Expect the next reminder at the earliest in 28 days if nothing changes in this ticket.
Updated by pstivanin over 1 year ago
- Status changed from New to In Progress
- Assignee set to pstivanin
Updated by pstivanin over 1 year ago
- % Done changed from 0 to 90
- openssl list -cipher-algorithms: remove the related test, since it won't be fixed (see bsc above)
- openssl list -digest-algorithms: add new algos
The PR (https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/15786) will stay in WIP until a new build with the latest openssl update (1.1.1l-150400.7.10.5) will come out.
Updated by pstivanin over 1 year ago
- Status changed from In Progress to Blocked
Setting to blocked until the new build with the new update comes out.
Updated by pstivanin over 1 year ago
- Status changed from Blocked to In Progress
Build 32.1 is out. Testing it as soon as the qcow2 is generated.
Updated by pstivanin over 1 year ago
Can confirm that the newest build has the needed openssl update (1.1.1l-150400.7.10.5).
Updated by pstivanin over 1 year ago
- Status changed from In Progress to Resolved
- % Done changed from 90 to 100
VRs are green, PR merged.
Updated by punkioudi over 1 year ago
There are still failures in the latest build, eg: https://openqa.suse.de/tests/9824600#step/openssl_fips_alglist/21
Should we re-open probably the ticket?
Updated by pstivanin over 1 year ago
there's something fishy going on. The test fails on 'openssl list -cipher-algorithms', but that code has been removed with my PR. In fact, it's not in the source if you click on the name on the left.
Updated by pstivanin over 1 year ago
also, there are failures because the PR was merged after build 32.1 was out