Project

General

Profile

Actions

action #168994

closed

[MinimalVM] test fails in openssl_fips_alglist . he installed libopenssl1_1-1.1.1w-150600.5.9.1.x86_64 conflicts with 'openssl-1_1 < 1.1.1w-150600.5.9.1' provided by the to be installed openssl-1_1-1.1.1w-150600.5.6.1.x86_64

Added by asmorodskyi 3 months ago. Updated 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Target version:
-
Start date:
2024-10-28
Due date:
% Done:

0%

Estimated time:

Description

Observation

openQA test in scenario sle-15-SP6-JeOS-for-kvm-and-xen-Updates-x86_64-jeos-fips@uefi-virtio-vga fails in
openssl_fips_alglist

Reproducible

Fails since (at least) Build 20241024-1

Expected result

Last good: 20241023-1 (or more recent)

Further details

Always latest result in this scenario: latest


Related issues 1 (0 open1 closed)

Related to openQA Tests (public) - action #169087: [security] test fails in openssl_fips_alglist - new openssl-1_1 update on a product without Legacy moduleResolvedamanzini

Actions
Actions #1

Updated by asmorodskyi 3 months ago

  • Status changed from New to In Progress
  • Assignee set to asmorodskyi

cloned some investigation jobs to isolate problematic update https://openqa.suse.de/tests/overview?build=INV15778374&distri=sle&version=15-SP6

Actions #2

Updated by asmorodskyi 3 months ago

culprit found . Investigation together with developer https://suse.slack.com/archives/C02CLB8TZP1/p1730125329223979

Actions #3

Updated by ph03nix 3 months ago

  • Tags set to MinimalVM
Actions #4

Updated by ph03nix 3 months ago

  • Project changed from 208 to Containers and images
Actions #5

Updated by ph03nix 3 months ago

  • Subject changed from test fails in openssl_fips_alglist . he installed libopenssl1_1-1.1.1w-150600.5.9.1.x86_64 conflicts with 'openssl-1_1 < 1.1.1w-150600.5.9.1' provided by the to be installed openssl-1_1-1.1.1w-150600.5.6.1.x86_64 to [MinimalVM] test fails in openssl_fips_alglist . he installed libopenssl1_1-1.1.1w-150600.5.9.1.x86_64 conflicts with 'openssl-1_1 < 1.1.1w-150600.5.9.1' provided by the to be installed openssl-1_1-1.1.1w-150600.5.6.1.x86_64
Actions #6

Updated by asmorodskyi 3 months ago

17m
Marcus Meissner usually what happens is if you crearted the image with Legacy module enabled, but do not have Legacy testing enabled

[8:55 AM]
Marcus Meissner so and if you look at the zypper.log

[8:55 AM]
Marcus Meissner i see TEST_0 with BASESYSTEM from the incident

[8:55 AM]
Marcus Meissner but there is no TEST_1 with LEGACY from the incident

[8:56 AM]
Marcus Meissner so your test needs to somehow specifcy TEST_1 as Legacy from the SUSE Maintenance ijncident

[8:56 AM]
Marcus Meissner so testcase issue

Actions #7

Updated by mloviska 3 months ago

There was a code change that registers legacy module

[2024-10-29T21:24:10.743606Z] [debug] [pid:125824] tests/fips/openssl/openssl_fips_alglist.pm:81 called security::openssl_misc_utils::install_openssl -> lib/security/openssl_misc_utils.pm:54 called registration::add_suseconnect_product -> lib/registration.pm:201 called testapi::record_info
[2024-10-29T21:24:10.743703Z] [debug] [pid:125824] <<< testapi::record_info(title="SCC product", output="Activating product sle-module-legacy", result="ok")
[2024-10-29T21:24:10.743921Z] [debug] [pid:125824] tests/fips/openssl/openssl_fips_alglist.pm:81 called security::openssl_misc_utils::install_openssl -> lib/security/openssl_misc_utils.pm:54 called registration::add_suseconnect_product -> lib/registration.pm:208 called (eval) -> lib/registration.pm:208 called testapi::assert_script_run
[2024-10-29T21:24:10.744034Z] [debug] [pid:125824] <<< testapi::assert_script_run(cmd="SUSEConnect  -p sle-module-legacy/\${VERSION_ID}/\${CPU} ", timeout=300, quiet=undef, fail_message="")
[2024-10-29T21:24:10.744144Z] [debug] [pid:125824] tests/fips/openssl/openssl_fips_alglist.pm:81 called security::openssl_misc_utils::install_openssl -> lib/security/openssl_misc_utils.pm:54 called registration::add_suseconnect_product -> lib/registration.pm:208 called (eval) -> lib/registration.pm:208 called testapi::assert_script_run
Actions #8

Updated by tjyrinki_suse 3 months ago

It seems this used to work at https://openqa.suse.de/tests/15759501 but started failing at https://openqa.suse.de/tests/15766952 without test code changes at this point (only last_good_build retry works).

This is probably related to the openssl-1_1 update https://smelt.suse.de/incident/36134/.

It is not failing for us at https://openqa.suse.de/tests/15806493, but this is the first time after the code changes for a combination of a) new openssl-1_1 update and b) a product without Legacy module.

I have filed ticket #169087 for investigating this from our side.

Actions #9

Updated by tjyrinki_suse 3 months ago

  • Related to action #169087: [security] test fails in openssl_fips_alglist - new openssl-1_1 update on a product without Legacy module added
Actions #10

Updated by mloviska 3 months ago

If legacy is required for openssl1_1 then it should be enabled, and we have simply avoided it before because there was no direct dependency nor need

Actions #11

Updated by ph03nix 2 months ago

Any updates on this ticket?

Actions #12

Updated by ph03nix 2 months ago

Actions #13

Updated by ph03nix 2 months ago

  • Priority changed from High to Normal

Lowering prio.

Actions #14

Updated by asmorodskyi 2 months ago

  • Status changed from In Progress to Resolved
Actions

Also available in: Atom PDF