action #98123
closed[BCI] BCI-tests on FIPS enabled system
0%
Description
BCI repo should be also be tested on FIPS enabled system.
https://gitlab.suse.de/dancermak/bci-tests#testing-on-fips-enabled-systems
To do this, we should enable a single host version with fips enabled.
To enable fips on a VM, we need to change the kernel settings and reboot.
This is an example how it is done in JeOS
https://openqa.opensuse.org/tests/2419721#step/fips_setup/1
So, basically using this test: https://github.com/os-autoinst/os-autoinst-distri-opensuse/blob/master/tests/fips/fips_setup.pm
Acceptance criteria¶
- Create a new HDD (qcow2) based on 15-SP3 host with fips already enabled after boot.
- Add a new test suite in all BCI tests using this new Host and name it
bci_on_fips
or similar.
Updated by jlausuch almost 3 years ago
- Related to action #94003: Test BCI repository on SLE Base container image. added
Updated by pdostal over 2 years ago
Do we already have FIPS qcow2 images in OSD?
Updated by jlausuch over 2 years ago
- Status changed from Workable to New
We still need to figure that out.
My bad, it should have been kept in "new".
Updated by jlausuch about 2 years ago
- Description updated (diff)
- Priority changed from Low to High
Updated by livdywan almost 2 years ago
This ticket was set to High priority but was not updated within the SLO period. Please consider picking up this ticket or just set the ticket to the next lower priority.
Updated by jlausuch over 1 year ago
Still relevant with higher prio compared to other tickets.
Updated by jlausuch about 1 year ago
- Status changed from Workable to In Progress
- Assignee set to jlausuch
Updated by jlausuch about 1 year ago
First attempt:
https://openqa.suse.de/tests/10869874#step/_root_BCI-tests_fips_podman/1
AssertionError: Unexpected exit code 125 for CommandResult(command=b'buildah bud --layers --force-rm /tmp/pytest-of-root/pytest-1/popen-gw0/test_openssl_binary_local_bci_3', exit_status=125, stdout=b'[1/2] STEP 1/5: FROM registry.suse.de/suse/sle-15-sp5/update/cr/totest/images/bci/bci-base:15.5 AS builder\n[1/2] STEP 2/5: WORKDIR /src/\n--> Using cache 4d1a55040e91a4030acdcba6217ba7a5f8c23e58669a2aaead12f3f42ca614c0\n--> 4d1a55040e9\n[1/2] STEP 3/5: COPY fips-test.c /src/\n--> Using cache c6b3a21981cb78b0a233d73bcfe8f0ef05feb080d2cd6ca7b0e1cddd7edebf8e\n--> c6b3a21981c\n[1/2] STEP 4/5: RUN zypper -n ref && zypper -n in gcc libopenssl-devel && zypper -n clean\n--> Using cache c453acb645c591f2441ffb38b7aaf3355ad4cc3fcc2286af5eac86b6058ca848\n--> c453acb645c\n[1/2] STEP 5/5: RUN gcc -Og -g3 fips-test.c -Wall -Wextra -Wpedantic -lcrypto -lssl -o fips-test\n--> Using cache 9aea217a564c6e6e2f3c7df2202b3790e1aa820e27779fa97a88da946e33080d\n--> 9aea217a564\n[2/2] STEP 1/9: FROM registry.suse.de/suse/sle-15-sp5/update/cr/totest/images/bci/bci-busybox:15.5\n[2/2] STEP 2/9: COPY --from=builder /src/fips-test /bin/fips-test\n--> Using cache 28ea1a89f37da0ad41371fce9524a9f35abcd23666393688bed428c9a78222c7\n--> 28ea1a89f37\n[2/2] STEP 3/9: COPY --from=builder /usr/lib64/libcrypto.so.1.1 /usr/lib64/\n--> Using cache b1b70c806d5b4299578b5a347515f1df17236bab44470810ff86b153d95b8a87\n--> b1b70c806d5\n[2/2] STEP 4/9: COPY --from=builder /usr/lib64/libssl.so.1.1 /usr/lib64/\n--> Using cache d1b3cfa77c4d97d3f853cc27c0a5d28c4823fa96e826f0ec2a002de15598ea90\n--> d1b3cfa77c4\n[2/2] STEP 5/9: COPY --from=builder /lib64/libz.so.1 /usr/lib64/\n', stderr=b'Error: building at STEP "COPY --from=builder /lib64/libz.so.1 /usr/lib64/": checking on sources under "/var/lib/containers/storage/btrfs/subvolumes/338e68dcf130d70f4b6138ee5ce412c4e6015cb4980edaee18b4ea4f902c1ce8": copier: stat: "/lib64/libz.so.1": no such file or directory\n')
Updated by jlausuch 10 months ago
- Related to action #136022: [BCI] test 15-SP3 FIPS base container added
Updated by ph03nix 9 months ago
- Related to deleted (action #136022: [BCI] test 15-SP3 FIPS base container)
Updated by ph03nix 9 months ago
- Blocks action #136022: [BCI] test 15-SP3 FIPS base container added
Updated by pdostal 8 months ago
- Related to action #138665: [BCI] Enable BCI FIPS test runs added