| croelandt | Hello! Glance recently updated a periodic job (https://zuul.opendev.org/t/openstack/build/6715d43f216342f09311689de77f9ba6) to use CentOS 10 rather than CentOS 9. The logs (https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_671/openstack/6715d43f216342f09311689de77f9ba6/job-output.txt) show a failure: "msg": "[Errno 2] No such file or directory: | 13:46 |
|---|---|---|
| croelandt | b'fips-mode-setup'". This is because fips-mode-setup has been removed (see https://fedoraproject.org/wiki/Changes/RemoveFipsModeSetup). I don't really have the technical knowledge to fix and test this, could anyone take a look and help me out? | 13:46 |
| fungi | croelandt: i don't know if the folks who worked on fips testing hang out in here, but ade_lee drove most of that initially | 13:48 |
| croelandt | yes, I'm trying to figure out who could help and was directed to this channel. I'll try pinging ade_lee, thanks! | 13:50 |
| fungi | croelandt: reading that article, i'd just disable the job for now, sounds like rh doesn't expect rebooting into fips mode post-install to work correctly, so this would probably require custom vm images which isn't feasible for opendev to provide for such a small subset of jobs | 13:51 |
| fungi | unfortunate, but it's probably better if rh just does their own testing of this functionality downstream if they still care strongly about it | 13:52 |
| croelandt | ok, interesting | 14:10 |
| croelandt | I'll try to confirm with Ade that there is no simple workaround for this and I'll try to figure out how Red Hat can do this | 14:10 |
| fungi | i'm also dubious of the value, personally, seeing as how it's testing parameters specifically required for usa government/military use, and we don't go out of our way to do that for any other countries even though the usa represents a fairly small minority of openstack users and developers | 14:15 |
| fungi | it smacks of hegemonic imperialism for a regime that is quickly becoming distrusted by the rest of the planet | 14:16 |
| JayF | it is arguable that you could no longer trust the FIPS standard to evolve in an "actually more secure against everyone" | 16:40 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!