Fix issues in tests when running in FIPS mode
Resolves: rhbz#2188749 Resolves: rhbz#2188603
This commit is contained in:
Vojtech Trefny
parent
f31a022ba0
commit
1933097e04
70
0009-Fix-issues-in-tests-when-running-in-FIPS-mode.patch
Normal file
70
0009-Fix-issues-in-tests-when-running-in-FIPS-mode.patch
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
From bc8c4fa2b3ba76647de9742c28bae751757dc2dd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vojtech Trefny <vtrefny@redhat.com>
|
||||||
|
Date: Thu, 18 May 2023 14:45:42 +0200
|
||||||
|
Subject: [PATCH 1/2] tests: Use longer passphrase for LUKS in dm_test
|
||||||
|
|
||||||
|
The short passphrase doesn't work when running in FIPS mode.
|
||||||
|
---
|
||||||
|
tests/dm_test.py | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/dm_test.py b/tests/dm_test.py
|
||||||
|
index 936e3055..3b491d89 100644
|
||||||
|
--- a/tests/dm_test.py
|
||||||
|
+++ b/tests/dm_test.py
|
||||||
|
@@ -59,8 +59,8 @@ class DevMapperGetSubsystemFromName(DevMapperTestCase):
|
||||||
|
def test_get_subsystem_from_name_crypt(self):
|
||||||
|
"""Verify that it is possible to get luks device subsystem from its name"""
|
||||||
|
self.addCleanup(self._destroy_crypt)
|
||||||
|
- run("echo \"key\" | cryptsetup luksFormat %s -" %self.loop_dev)
|
||||||
|
- run("echo \"key\" | cryptsetup open %s libbd_dm_tests-subsystem_crypt --key-file=-" %self.loop_dev)
|
||||||
|
+ run("echo \"supersecretkey\" | cryptsetup luksFormat %s -" %self.loop_dev)
|
||||||
|
+ run("echo \"supersecretkey\" | cryptsetup open %s libbd_dm_tests-subsystem_crypt --key-file=-" %self.loop_dev)
|
||||||
|
subsystem = BlockDev.dm_get_subsystem_from_name("libbd_dm_tests-subsystem_crypt")
|
||||||
|
self.assertEqual(subsystem, "CRYPT")
|
||||||
|
|
||||||
|
--
|
||||||
|
2.40.1
|
||||||
|
|
||||||
|
|
||||||
|
From b1f6d1484a980885b9870d27d2b113c98400851b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vojtech Trefny <vtrefny@redhat.com>
|
||||||
|
Date: Thu, 18 May 2023 14:56:32 +0200
|
||||||
|
Subject: [PATCH 2/2] tests: Skip crypto tests with argon2 in FIPS mode
|
||||||
|
|
||||||
|
argon is not available when running in FIPS mode.
|
||||||
|
---
|
||||||
|
tests/crypto_test.py | 17 +++++++++++++++++
|
||||||
|
1 file changed, 17 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/tests/crypto_test.py b/tests/crypto_test.py
|
||||||
|
index 94b89131..91ea1f35 100644
|
||||||
|
--- a/tests/crypto_test.py
|
||||||
|
+++ b/tests/crypto_test.py
|
||||||
|
@@ -175,6 +175,23 @@ class CryptoTestFormat(CryptoTestCase):
|
||||||
|
self.fail("Failed to get pbkdf information from:\n%s %s" % (out, err))
|
||||||
|
self.assertEqual(m.group(1), "pbkdf2")
|
||||||
|
|
||||||
|
+ def _is_fips_enabled(self):
|
||||||
|
+ if not os.path.exists("/proc/sys/crypto/fips_enabled"):
|
||||||
|
+ # if the file doesn't exist, we are definitely not in FIPS mode
|
||||||
|
+ return False
|
||||||
|
+
|
||||||
|
+ with open("/proc/sys/crypto/fips_enabled", "r") as f:
|
||||||
|
+ enabled = f.read()
|
||||||
|
+ return enabled.strip() == "1"
|
||||||
|
+
|
||||||
|
+ @tag_test(TestTags.SLOW, TestTags.CORE)
|
||||||
|
+ @unittest.skipUnless(HAVE_LUKS2, "LUKS 2 not supported")
|
||||||
|
+ def test_luks2_format_pbkdf_options(self):
|
||||||
|
+ """Verify that formatting device as LUKS 2 works"""
|
||||||
|
+
|
||||||
|
+ if self._is_fips_enabled():
|
||||||
|
+ self.skipTest("FIPS mode is enabled, cannot use argon2, skipping")
|
||||||
|
+
|
||||||
|
# different options for argon2 -- all parameters set
|
||||||
|
pbkdf = BlockDev.CryptoLUKSPBKDF(type="argon2id", max_memory_kb=100*1024, iterations=10, parallel_threads=1)
|
||||||
|
extra = BlockDev.CryptoLUKSExtra(pbkdf=pbkdf)
|
||||||
|
--
|
||||||
|
2.40.1
|
||||||
|
|
||||||
@ -129,7 +129,7 @@
|
|||||||
|
|
||||||
Name: libblockdev
|
Name: libblockdev
|
||||||
Version: 2.28
|
Version: 2.28
|
||||||
Release: 6%{?dist}
|
Release: 7%{?dist}
|
||||||
Summary: A library for low-level manipulation with block devices
|
Summary: A library for low-level manipulation with block devices
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: https://github.com/storaged-project/libblockdev
|
URL: https://github.com/storaged-project/libblockdev
|
||||||
@ -143,6 +143,7 @@ Patch5: 0005-nvme-Fix-namespace-identifiers.patch
|
|||||||
Patch6: 0006-Allow-resizing-of-inactive-LVs-with-latest-LVM.patch
|
Patch6: 0006-Allow-resizing-of-inactive-LVs-with-latest-LVM.patch
|
||||||
Patch7: 0007-tests-Fix-test_swapon_pagesize-on-systems-with-64k-p.patch
|
Patch7: 0007-tests-Fix-test_swapon_pagesize-on-systems-with-64k-p.patch
|
||||||
Patch8: 0008-part-Fix-segfault-when-adding-a-partition-too-big-fo.patch
|
Patch8: 0008-part-Fix-segfault-when-adding-a-partition-too-big-fo.patch
|
||||||
|
Patch9: 0009-Fix-issues-in-tests-when-running-in-FIPS-mode.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: glib2-devel
|
BuildRequires: glib2-devel
|
||||||
@ -732,6 +733,7 @@ A meta-package that pulls all the libblockdev plugins as dependencies.
|
|||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
|
%patch9 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -ivf
|
autoreconf -ivf
|
||||||
@ -1050,6 +1052,11 @@ find %{buildroot} -type f -name "*.la" | xargs %{__rm}
|
|||||||
%files plugins-all
|
%files plugins-all
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed May 24 2023 Vojtech Trefny <vtrefny@redhat.com> - 2.28-7
|
||||||
|
- Fix issues in tests when running in FIPS mode
|
||||||
|
Resolves: rhbz#2188749
|
||||||
|
Resolves: rhbz#2188603
|
||||||
|
|
||||||
* Tue May 16 2023 Vojtech Trefny <vtrefny@redhat.com> - 2.28-6
|
* Tue May 16 2023 Vojtech Trefny <vtrefny@redhat.com> - 2.28-6
|
||||||
- Fix segfault when adding a partition too big for MSDOS
|
- Fix segfault when adding a partition too big for MSDOS
|
||||||
Resolves: rhbz#2185564
|
Resolves: rhbz#2185564
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user