Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Josh Cooper commented on PUP-8066 Re: Failing acceptance tests in FIPS mode Additional commit to acceptance tests merged to master in https://github.com/puppetlabs/puppet/commit/c634e567424ed4f08a7e69aca76e9acfa858e50a Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Josh Cooper commented on PUP-8066 Re: Failing acceptance tests in FIPS mode Additional commit merged to master in https://github.com/puppetlabs/puppet/commit/920b54bfa3a8101fef6adf4c519bdea703832a8c Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Josh Cooper commented on PUP-8066 Re: Failing acceptance tests in FIPS mode Passed CI in 2317a85efc8ffdcba36f0e478ca944e1eb0b9459, no additional validation needed. Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Josh Cooper updated an issue Puppet / PUP-8066 Failing acceptance tests in FIPS mode Change By: Josh Cooper Release Notes: Not Needed Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Josh Cooper updated an issue Puppet / PUP-8066 Failing acceptance tests in FIPS mode Change By: Josh Cooper Fix Version/s: PUP 5.4.0 Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Josh Cooper commented on PUP-8066 Re: Failing acceptance tests in FIPS mode Merged to master in https://github.com/puppetlabs/puppet/commit/b7c7b08413a69fb3d6b8000e4c74ea00270dc26f Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Jayant Sane commented on PUP-8066 Re: Failing acceptance tests in FIPS mode submitted PR: https://github.com/puppetlabs/puppet/pull/6445 Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Jayant Sane updated an issue Puppet / PUP-8066 Failing acceptance tests in FIPS mode Change By: Jayant Sane Team: Security Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Jayant Sane commented on PUP-8066 Re: Failing acceptance tests in FIPS mode Once there is proper platform support for FIPS the above set of passing tests would need to be adjusted to have their fips mode of operation based on the platform. Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Jayant Sane commented on PUP-8066 Re: Failing acceptance tests in FIPS mode Update: Below tests pass when executing in FIPS mode - acceptance/tests/puppet_apply_a_file_should_create_a_file_and_report_the_md5.rb acceptance/tests/ticket_1334_clientbucket_corrupted.rb acceptance/tests/ticket_6541_invalid_filebucket_files.rb All module related tests (under tests/modules/) cannot be really fixed or executed w/o requiring changes to forge and how module checksums are managed. That is because all module checksums use md5 in a hardcoded manner. It is not enough for us to just change the hardcoded use of md5 to something FIPS friendly because forge has already published modules with md5 checksums. Two things need to happen: a) Forge needs to re-publish all modules with two checksums md5 and sha256. (this is primarily for not mandating all agents to use sha256 for handling module checksums) b) agents need to be able handle and maintain module with more than one checksums for each supported hash alg. File resources using http urls and their handlers need to be updated to recognize a different hash alg than the currently hard coded md5. It is not clear what needs to change more on agent side when requesting files so as to use/send a non-md5 hash. File bucket feature in general may not be available for FIPS enabled agents unless the file bucket code is updated to handle any hash alg on the fly. Currently there exists a setting which updates the digest_algorithm used by file bucket on master but setting it something other then the default md5 will likely break agents configured to use md5. fqdn_rand is another place needing some change so as to support additional algs than md5. It is used to produce a unique agent fingerprint based on its fqdn. It is not clear who invokes this functionality and how which also is likely to require corresponding changes to use/specify a fips friendly hash alg. None of the above identified tests quite correspond to this but is something needed to change. Separate epic + tickets would be created to track above work. Add Comment
Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Jayant Sane updated an issue Puppet / PUP-8066 Failing acceptance tests in FIPS mode Change By: Jayant Sane Story Points: 4 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Jayant Sane assigned an issue to Jayant Sane Puppet / PUP-8066 Failing acceptance tests in FIPS mode Change By: Jayant Sane Assignee: Jayant Sane Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8066) Failing acceptance tests in FIPS mode
Title: Message Title Jayant Sane created an issue Puppet / PUP-8066 Failing acceptance tests in FIPS mode Issue Type: Bug Assignee: Unassigned Created: 2017/10/17 3:19 PM Environment: redhat-7 Priority: Normal Reporter: Jayant Sane Following acceptance tests fail when running in FIPS mode using PA linked against system openssl. acceptance/tests/face/loadable_from_modules.rb acceptance/tests/loader/func4x_loadable_from_modules.rb acceptance/tests/modules/build/build_agent.rb acceptance/tests/modules/build/build_should_not_create_changes.rb acceptance/tests/modules/install/basic_install.rb acceptance/tests/modules/install/with_version.rb
