action #168994
closed[MinimalVM] test fails in openssl_fips_alglist . he installed libopenssl1_1-1.1.1w-150600.5.9.1.x86_64 conflicts with 'openssl-1_1 < 1.1.1w-150600.5.9.1' provided by the to be installed openssl-1_1-1.1.1w-150600.5.6.1.x86_64
0%
Description
Observation¶
openQA test in scenario sle-15-SP6-JeOS-for-kvm-and-xen-Updates-x86_64-jeos-fips@uefi-virtio-vga fails in
openssl_fips_alglist
Reproducible¶
Fails since (at least) Build 20241024-1
Expected result¶
Last good: 20241023-1 (or more recent)
Further details¶
Always latest result in this scenario: latest
Updated by asmorodskyi 3 months ago
- Status changed from New to In Progress
- Assignee set to asmorodskyi
cloned some investigation jobs to isolate problematic update https://openqa.suse.de/tests/overview?build=INV15778374&distri=sle&version=15-SP6
Updated by asmorodskyi 3 months ago
culprit found . Investigation together with developer https://suse.slack.com/archives/C02CLB8TZP1/p1730125329223979
Updated by ph03nix 3 months ago
- Subject changed from test fails in openssl_fips_alglist . he installed libopenssl1_1-1.1.1w-150600.5.9.1.x86_64 conflicts with 'openssl-1_1 < 1.1.1w-150600.5.9.1' provided by the to be installed openssl-1_1-1.1.1w-150600.5.6.1.x86_64 to [MinimalVM] test fails in openssl_fips_alglist . he installed libopenssl1_1-1.1.1w-150600.5.9.1.x86_64 conflicts with 'openssl-1_1 < 1.1.1w-150600.5.9.1' provided by the to be installed openssl-1_1-1.1.1w-150600.5.6.1.x86_64
Updated by asmorodskyi 3 months ago
17m
Marcus Meissner usually what happens is if you crearted the image with Legacy module enabled, but do not have Legacy testing enabled
[8:55 AM]
Marcus Meissner so and if you look at the zypper.log
[8:55 AM]
Marcus Meissner i see TEST_0 with BASESYSTEM from the incident
[8:55 AM]
Marcus Meissner but there is no TEST_1 with LEGACY from the incident
[8:56 AM]
Marcus Meissner so your test needs to somehow specifcy TEST_1 as Legacy from the SUSE Maintenance ijncident
[8:56 AM]
Marcus Meissner so testcase issue
Updated by mloviska 3 months ago
There was a code change that registers legacy module
[2024-10-29T21:24:10.743606Z] [debug] [pid:125824] tests/fips/openssl/openssl_fips_alglist.pm:81 called security::openssl_misc_utils::install_openssl -> lib/security/openssl_misc_utils.pm:54 called registration::add_suseconnect_product -> lib/registration.pm:201 called testapi::record_info
[2024-10-29T21:24:10.743703Z] [debug] [pid:125824] <<< testapi::record_info(title="SCC product", output="Activating product sle-module-legacy", result="ok")
[2024-10-29T21:24:10.743921Z] [debug] [pid:125824] tests/fips/openssl/openssl_fips_alglist.pm:81 called security::openssl_misc_utils::install_openssl -> lib/security/openssl_misc_utils.pm:54 called registration::add_suseconnect_product -> lib/registration.pm:208 called (eval) -> lib/registration.pm:208 called testapi::assert_script_run
[2024-10-29T21:24:10.744034Z] [debug] [pid:125824] <<< testapi::assert_script_run(cmd="SUSEConnect -p sle-module-legacy/\${VERSION_ID}/\${CPU} ", timeout=300, quiet=undef, fail_message="")
[2024-10-29T21:24:10.744144Z] [debug] [pid:125824] tests/fips/openssl/openssl_fips_alglist.pm:81 called security::openssl_misc_utils::install_openssl -> lib/security/openssl_misc_utils.pm:54 called registration::add_suseconnect_product -> lib/registration.pm:208 called (eval) -> lib/registration.pm:208 called testapi::assert_script_run
Updated by tjyrinki_suse 3 months ago
It seems this used to work at https://openqa.suse.de/tests/15759501 but started failing at https://openqa.suse.de/tests/15766952 without test code changes at this point (only last_good_build retry works).
This is probably related to the openssl-1_1 update https://smelt.suse.de/incident/36134/.
It is not failing for us at https://openqa.suse.de/tests/15806493, but this is the first time after the code changes for a combination of a) new openssl-1_1 update and b) a product without Legacy module.
I have filed ticket #169087 for investigating this from our side.
Updated by tjyrinki_suse 3 months ago
- Related to action #169087: [security] test fails in openssl_fips_alglist - new openssl-1_1 update on a product without Legacy module added
Updated by asmorodskyi 2 months ago
- Status changed from In Progress to Resolved