[Bug 1722313] Re: Enable auditing in util-linux.

verified successfully in amd64 VM for zesty. $ cat /etc/os-release NAME="Ubuntu" VERSION="17.04 (Zesty Zapus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 17.04" VERSION_ID="17.04" HOME_URL="https://www.ubuntu.com/; SUPPORT_URL="https://help.ubuntu.com/;

[Bug 1722313] Re: Enable auditing in util-linux.

Verified on xenial on a P8 and a z13 zlpar. >From P8: $ cat /etc/os-release NAME="Ubuntu" VERSION="16.04.3 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04.3 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/; SUPPORT_URL="http://help.ubuntu.com/;

[Bug 1722313] Re: Enable auditing in util-linux.

** Tags added: verification-done-artful -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To manage notifications about this bug go to:

[Bug 1722313] Re: Enable auditing in util-linux.

version of package verified on artful, ubuntu@artfulguest:~$ dpkg -l | grep util-linux ii util-linux 2.30.1-0ubuntu4.1 amd64miscellaneous system utilities -- You received this bug notification because you are a member of

[Bug 1722313] Re: Enable auditing in util-linux.

Sorry, comment #13 had a cut-and-paste issue. log message is, type=USYS_CONFIG msg=audit(1511898182.500:184): pid=3305 uid=0 auid=1000 ses=2 msg='op=change-system-time exe="/sbin/hwclock" hostname=artfulguest addr=? terminal=pts/0 res=success' -- You received this bug notification because

[Bug 1722313] Re: Enable auditing in util-linux.

Generated an artful VM and verified that this is fixed in artful. ubuntu@artfulguest:~$ cat /etc/os-release NAME="Ubuntu" VERSION="17.10 (Artful Aardvark)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 17.10" VERSION_ID="17.10" HOME_URL="https://www.ubuntu.com/;

[Bug 1722313] Re: Enable auditing in util-linux.

** Summary changed: - [SRU][xenial] Enable auditing in util-linux. + Enable auditing in util-linux. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: Enable auditing in util-linux. To

[Bug 1722313] Re: [SRU][xenial] Enable auditing in util-linux.

I have also submitted a patch against recent debian version of this package to Debian. Just in case, I also noted in the debian bug thread the following: - util-linux package is Priority: required and the libaudit1 package is Priority: optional. Possibly this is no longer a problem in reference

[Bug 1722313] Re: [SRU][xenial] Enable auditing in util-linux.

** Attachment added: "debdiff.bionic" https://bugs.launchpad.net/debian/+source/util-linux/+bug/1722313/+attachment/5006681/+files/debdiff.bionic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1722313] Re: [SRU][xenial] Enable auditing in util-linux.

** Changed in: util-linux (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: [SRU][xenial] Enable auditing in util-linux. To manage

[Bug 1722313] Re: [SRU][xenial] Enable auditing in util-linux.

Build logs and test runs can be found in PPA at, https://launchpad.net/~j-latten/+archive/ubuntu/joyppa/+packages Please note, the versioning of the packages are incorrect in PPA, my apologies. I did them correctly in the debdiff for each release that I have attached. Comment #3 just contains

[Bug 1722313] Re: [SRU][xenial] Enable auditing in util-linux.

** Attachment added: "debdiff.xenial" https://bugs.launchpad.net/debian/+source/util-linux/+bug/1722313/+attachment/5006617/+files/debdiff.xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1722313] Re: [SRU][xenial] Enable auditing in util-linux.

** Attachment added: "debdiff.artful" https://bugs.launchpad.net/debian/+source/util-linux/+bug/1722313/+attachment/5006620/+files/debdiff.artful -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1722313] Re: [SRU][xenial] Enable auditing in util-linux.

** Attachment added: "debdiff.zesty" https://bugs.launchpad.net/debian/+source/util-linux/+bug/1722313/+attachment/5006619/+files/debdiff.zesty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1722313] Re: [SRU][xenial] Enable auditing in util-linux.

** Attachment removed: "debdiff of version 3.3 and 3.4~joyppa2" https://bugs.launchpad.net/debian/+source/util-linux/+bug/1722313/+attachment/4966026/+files/debdiff.out -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1700611] Re: sources.list file created for ESM is world-readable, leaks subscriber token to all local users

I meant to add in #8 that this affects the addition of fips in the ubuntu-advantage on xenial in https://bugs.launchpad.net/ubuntu/+source /ubuntu-advantage-tools/+bug/1719671 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1700611] Re: sources.list file created for ESM is world-readable, leaks subscriber token to all local users

This affects the fips addition too. Since we add an entry as well to /etc/apt/sources.list.d/ directory. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1700611 Title: sources.list file created for

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Description changed: [IMPACT] Most recent version of ubuntu-advantage-tool on github includes fips enablement. The fips enablement will allow customers to easily install and configure Canonical's FIPS certified modules on xenial Note: FIPS certified modules are only available for

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

@nacc: I have "re-done" things and have included data for both xenial and zesty. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1719671 Title: [SRU][xenial] include recent version containing fips

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

Note that binary files (the key rings) are not represented in the debdiffs above. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1719671 Title: [SRU][xenial] include recent version containing fips

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Attachment added: "ubuntu-advantage-tools_10~ubuntu0.17.04.1.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4973837/+files/ubuntu-advantage-tools_10~ubuntu0.17.04.1.tar.xz -- You received this bug notification because you are a member of

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

Travis CI test results for v10 https://travis-ci.org/CanonicalLtd/ubuntu-advantage-script/builds/277507150 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1719671 Title: [SRU][xenial] include recent

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Attachment added: "tox.results.zesty" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4973836/+files/tox.results.zesty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Attachment added: "git-log-v2upload3..v10.zesty" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4973835/+files/git-log-v2upload3..v10.zesty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Patch added: "v2v10-zesty.debdiff" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4973833/+files/v2v10-zesty.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Attachment added: "git-log-v2upload3..v10.xenial" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4973810/+files/git-log-v2upload3..v10.xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Attachment added: "install.log.zesty shows before installing v10, install steps, and afterwards" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4973832/+files/install.log.zesty -- You received this bug notification because you are a member of

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Attachment added: "build.log.zesty" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4973828/+files/build.log.zesty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Attachment added: "ubuntu-advantage-tools_10~ubuntu0.16.04.1.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4973827/+files/ubuntu-advantage-tools_10~ubuntu0.16.04.1.tar.xz -- You received this bug notification because you are a member of

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Attachment added: "Install log shows before installing v10 on xenial, install steps, and afterwards" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4973797/+files/install.log.xenial -- You received this bug notification because you are a member

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Patch added: "v2v10.xenial.debdiff" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4973809/+files/v2v10-xenial.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Attachment added: "tox.results.xenial" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4973811/+files/tox.results.xenial -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

** Attachment added: "build log for xenial" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4973778/+files/build.log.xenial ** Attachment removed: "tox test results on zesty"

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

Hopefully it is ok that I deleted prior attachments so that there is no confusion. This bug will be to add support for v10 (which includes fips support) of ubuntu-advantage-tool to xenial and zesty. ** Patch removed: "debdiff between v2 (curently in xenial) and v11"

[Bug 1719671] Re: [SRU][xenial] include recent version containing fips

After chatting on IRC, realized new version of tool is being worked on for #1721272 (artful). Will wait for this to complete and use this bug to SRU the changes which include enabling fips. Will also redo the data for this SRU. ** Description changed: [IMPACT] + Most recent version of

[Bug 1719671] Re: [SRU][xenial] include new version

** Summary changed: - [SRU][xenial] include fips enablement into ubuntu-advantage + [SRU][xenial] include new version ** Summary changed: - [SRU][xenial] include new version + [SRU][xenial] include recent version containing fips -- You received this bug notification because you are a member

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

** Attachment added: "Install log for zesty. Note FIPS is not supported on zesty." https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4969144/+files/install.log.amd64.zesty -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

** Attachment added: "tox test results on zesty" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4969139/+files/tox.results.amd64.zesty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

** Attachment added: "build log for zesty" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4969155/+files/build.log.amd64.zesty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1722313] Re: [SRU][xenial] Enable auditing in util-linux.

** Description changed: [IMPACT] - There is a requirement for Common Criteria EAL2 certification that changes to the system's hardware clock be audited/monitored. In Ubuntu the hwclock command can be used to alter the system's hardware clock. Thus this event needs to be audited for EAL2. The

[Bug 1722313] Re: [SRU][xenial] Enable auditing in util-linux.

** Summary changed: - [SRU][xenial] Add "--with-audit" config option so that the hwclock command creates an audit record when the hardware clock is altered. + [SRU][xenial] Enable auditing in util-linux. -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1722313] Re: [SRU][xenial] Add "--with-audit" config option so that the hwclock command creates an audit record when the hardware clock is altered.

** Bug watch added: Debian Bug tracker #745771 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745771 ** Also affects: util-linux (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745771 Importance: Unknown Status: Unknown -- You received this bug notification

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

My apologies, still kinda new at this. But yes, the debdiff is a patch. So I put the patch flag back. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1719671 Title: [SRU][xenial] include fips

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

** Attachment added: "install log: shows output of running ubuntu-advantage script before and after installing v11." https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4966733/+files/install.log.amd64 -- You received this bug notification because you

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

Sorry, the attachment is a debdiff. I removed the patch flag. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1719671 Title: [SRU][xenial] include fips enablement into ubuntu-advantage To manage

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

Will attach install.log shortly... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1719671 Title: [SRU][xenial] include fips enablement into ubuntu-advantage To manage notifications about this bug

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

If build log is required for P8 and s390x, please let me know and I will attach them. ** Attachment added: "Build log for amd64." https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4966093/+files/build.log.amd64 -- You received this bug notification

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

** Attachment added: "ubuntu-advantage-tools_11.tar.xz" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4966095/+files/ubuntu-advantage-tools_11.tar.xz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

PPA with daily builds for ubuntu-advantage-tools https://code.launchpad.net/~ahasenack/+recipe/ubuntu-advantage-script-daily -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1719671 Title:

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

Please note in the debdiff that the ubuntu-advantage script has been renamed to advantage. Links are created for backward compatibility. ** Patch added: "debdiff between v2 (curently in xenial) and v11"

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

Travis CI test results https://travis-ci.org/CanonicalLtd/ubuntu-advantage-script/builds/283705244 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1719671 Title: [SRU][xenial] include fips enablement

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

** Attachment added: "tox results on xenial amd64" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+attachment/4966094/+files/tox.results.amd64 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1719671] Re: [SRU][xenial] include fips enablement into ubuntu-advantage

** Description changed: [IMPACT] when "ubuntu-advantage enable-fips " is issued from commandline, - - configure the private PPA where the FIPS modules are located - - install the FIPS modules from this PPA to the local machine from where the script is run - - configure the bootloader

[Bug 1722313] Re: [SRU][xenial] Add "--with-audit" config option so that the hwclock command creates an audit record when the hardware clock is altered.

Comment #3 Should have read "Common Criteria EAL2 hwclock testcase". ** Description changed: [IMPACT] There is a requirement for Common Criteria EAL2 certification that changes to the system's hardware clock be audited/monitored. In Ubuntu the hwclock command can be used to alter the

[Bug 1722313] Re: [SRU][xenial] Add "--with-audit" config option so that the hwclock command creates an audit record when the hardware clock is altered.

** Attachment added: "EAL hwclock testcase" https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/1722313/+attachment/4966040/+files/test_hwclock.bash -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1722313] Re: [SRU][xenial] Add "--with-audit" config option so that the hwclock command creates an audit record when the hardware clock is altered.

build log and tests run https://launchpad.net/~j-latten/+archive/ubuntu/joyppa/+build/13375821 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1722313 Title: [SRU][xenial] Add "--with-audit" config

[Bug 1722313] Re: [SRU][xenial] Add "--with-audit" config option so that the hwclock command creates an audit record when the hardware clock is altered.

** Description changed: [IMPACT] There is a requirement for Common Criteria EAL2 certification that changes to the system's hardware clock be audited/monitored. In Ubuntu the hwclock command can be used to alter the system's hardware clock. Thus this event needs to be audited for EAL2. The

[Bug 1722313] [NEW] [SRU][xenial] Add "--with-audit" config option so that the hwclock command creates an audit record when the hardware clock is altered.

Public bug reported: [IMPACT] There is a requirement for Common Criteria EAL2 certification that changes to the system's hardware clock be audited/monitored. In Ubuntu the hwclock command can be used to alter the system's hardware clock. Thus this event needs to be audited for EAL2. The

[Bug 1719671] [NEW] [SRU][xenial] include fips enablement into ubuntu-advantage

Public bug reported: [IMPACT] when "ubuntu-advantage enable-fips " is issued from commandline, - configure the private PPA where the FIPS modules are located - install the FIPS modules from this PPA to the local machine from where the script is run - configure the bootloader to enable fips

[Bug 1718291] Re: [FFe]: Include FIPS into the ubuntu-advantage tool

Just a note that the build.log mentioned in comment #6 above, has both the output of "debuild -S -uc -us" and the output of "dpkg-buildpackage -uc -us". My apologies for not providing better demarcation between the two outputs. -- You received this bug notification because you are a member of

[Bug 1718291] Re: [FFe]: Include FIPS into the ubuntu-advantage tool

install v9 and upgrade to v10 on artful P8 VM and run script to enable fips ** Attachment added: "install.log" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1718291/+attachment/4953244/+files/install.log -- You received this bug notification because you are a member

[Bug 1718291] Re: [FFe]: Include FIPS into the ubuntu-advantage tool

tox results on artful P8 VM ** Attachment added: "tox.results" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1718291/+attachment/4953245/+files/tox.results -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1718291] Re: [FFe]: Include FIPS into the ubuntu-advantage tool

Travis CI test results https://travis-ci.org/CanonicalLtd/ubuntu-advantage-script/builds/277507150 ** Description changed: This is a request for a feature freeze exception to include FIPS into the ubuntu-advantage-tool package. This will allow UA customers to use the ubuntu-advantage

[Bug 1718291] Re: [FFe]: Include FIPS into the ubuntu-advantage tool

Build log from artful P8 VM ** Attachment added: "build.log" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1718291/+attachment/4953243/+files/build.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1718291] Re: [FFe]: Include FIPS into the ubuntu-advantage tool

** Attachment added: "git log v9..v10" https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1718291/+attachment/4953233/+files/git-log-v9..v10 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1718291] Re: [FFe]: Include FIPS into the ubuntu-advantage tool

** Description changed: This is a request for a feature freeze exception to include FIPS into the ubuntu-advantage-tool package. This will allow UA customers to use the ubuntu-advantage script to do the following - when "ubuntu-advantage enable-fips " is issued from commandline, + when

[Bug 1718291] Re: [FFe]: Include FIPS into the ubuntu-advantage tool

changelog diff: https://github.com/CanonicalLtd/ubuntu-advantage-script/pull/65/commits/3a4ca12cef796d930aebc7f6570783cb1f6e6fb1 PPA with daily builds: A PPA setup with daily builds from a github mirror using a launchpad recipe:

[Bug 1718291] [NEW] [FFe]: Include FIPS into the ubuntu-advantage tool

Public bug reported: This is a request for a feature freeze exception to include FIPS into the ubuntu-advantage-tool package. This will allow UA customers to use the ubuntu-advantage script to do the following when "ubuntu-advantage enable-fips " is issued from commandline, - configure the

[Bug 1715010] Re: Fix XTS encryption with FIPS enabled kernels

Hi, I installed the proposed cryptsetup and ran the common criteria testcases for cryptsetup, that before had failed. My environment includes the fips-supported kernel and modules. With the new cryptsetup, all the common criteria cryptsetup testcases passed. -- You received this bug notification

[Bug 1594748] Re: CRYPTO_set_mem_functions() is broken

I tested version 1.0.2g-1ubuntu4.3 with the death.c program from the upstream openssl bug ticket 4559 and confirmed this problem is now resolved. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1594748

[Bug 1588524] Re: FIPS_mode_set reports incorrect error message

I tested this on 1.0.2g-1ubuntu4.3 using the openssl_fips_test.c that was attached. And all worked as expected and I received the expected error message. Thus verifying this issue has been resolved in 1.0.2g- 1ubuntu4.3, -- You received this bug notification because you are a member of Ubuntu

[Bug 1613658] Re: OPENSSL_init_library () crash in conjunction with faketime

I forgot to add, we will file a bug with Debian to pick up this commit. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1613658 Title: OPENSSL_init_library () crash in conjunction with faketime To

[Bug 1613658] Re: OPENSSL_init_library () crash in conjunction with faketime

Marcelo and I took a look at this... o_init.c in openssl has following constructor, introduced for fips. void __attribute__ ((constructor)) OPENSSL_init_library(void) OPENSSL_init_library() when OPENSSL_FIPS is defined, calls RAND_init_fips() which eventually calls RAND_poll() which calls

[Bug 1614210] [NEW] Remove incomplete fips in openssl in xenial.

Public bug reported: Package: openssl-1.0.2g-1ubuntu4.1 Distro: xenial The openssl contains incomplete fips patches. In light that the fips is incomplete and will not be completed in the main archive and they are impacting customers, they should be withdrawn. See lp bugs 1593953, 1591797,

[Bug 1594748] Re: CRYPTO_set_mem_functions() is broken

Investigating. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1594748 Title: CRYPTO_set_mem_functions() is broken To manage notifications about this bug go to:

[Bug 1594748] Re: CRYPTO_set_mem_functions() is broken

Just as a note, the fips mode is not enabled in 1.0.2g-1ubuntu4.1. But OPENSSL_FIPS is defined and its codes compiled in. Thus in OPENSSL_init_library(), the RAND_init_fips() is included in. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1594748] Re: CRYPTO_set_mem_functions() is broken

Waiting to see upstream commit/fix for this since this is an issue in the upstream openssl code when OPENSSL_FIPS is defined. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1594748 Title:

[Bug 1594748] Re: CRYPTO_set_mem_functions() is broken

** Also affects: openssl via http://rt.openssl.org/Ticket/Display.html?id=4559 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1594748 Title:

[Bug 1594748] Re: CRYPTO_set_mem_functions() is broken

Ok, this is also "broken" or an issue in upstream openssl 1.0.2 when OPENSSL_FIPS is defined. See, https://rt.openssl.org/Ticket/Display.html?id=4559#txn-68189 or http://rt.openssl.org/Ticket/Display.html?id=4559 ** Bug watch added: OpenSSL RT #4559

[Bug 1594748] Re: CRYPTO_set_mem_functions() is broken

Looking into this... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1594748 Title: CRYPTO_set_mem_functions() is broken To manage notifications about this bug go to:

[Bug 1593953] Re: EC_KEY_generate_key() causes FIPS self-test failure

Looking into this... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1593953 Title: EC_KEY_generate_key() causes FIPS self-test failure To manage notifications about this bug go to:

[Bug 1591797] Re: Only run FIPS self tests when FIPS is enabled

This is a FIPS 140-2 requirement. The FIPS_mode_set(1) in init_fips_mode() called from OPENSSL_init_library is to satisfy the FIPS 140-2, Section 4.9 requirement that power-up selftest be run when the module is powered-up. This must be done regardless of whether the module is to be run in FIPS

[Bug 1588524] Re: FIPS_mode_set reports incorrect error message

Will definitely remove clearing the error as we continue completing the code. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1588524 Title: FIPS_mode_set reports incorrect error message To manage

[Bug 1588524] Re: FIPS_mode_set reports incorrect error message

I purposely cleared this error message from the queue so that no one would be distracted or thwarted by the addition of the fips code while it is a work in progress and not complete. FIPS_module_mode_set() at this point will always fail and return an error code. But yes, I see in your test

[Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

I have subscribed to openssl bug reports. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553309 Title: [FFe]: Include FIPS 140-2 into openssl package To manage notifications about this bug go to:

Re: [Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

Hi Martin, I have a newbie question, what else should I do for this feature freeze? Thanks! :-) regards, Joy On Fri, Apr 15, 2016 at 12:14 AM, Martin Pitt wrote: > Thanks! There's still an awful amount of patch noise, but indeed some of > it is unavoidable as you say.

[Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

Also, ran same testing on latest ppa version (ppa7) and they all passed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1553309 Title: [FFe]: Include FIPS 140-2 into openssl package To manage

[Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

Hi Martin, I also ran an interdiff when I re-factored to ensure alignment with original fedora patches. 2 or 3 of them did not apply cleanly, for various reasons, so I had to make very small changes. I also named each patch in debian/patches to be same as in fedora. For interdiff of

[Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

Hi Martin, my ppa has a debdiff that is against my prior version. You may find this more useful than the ppa I just attached above. here is a pointer, https://launchpadlibrarian.net/253756858/openssl_1.0.2g- 1ubuntu3~ppa6_1.0.2g-1ubuntu3~ppa7.diff.gz -- You received this bug notification because

[Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

New debdiff with fixed Origin and cleaner fedora patches. ** Attachment added: "New debdiff against openssl-1.0.2g-1ubuntu2" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+attachment/4636880/+files/debdiff-openssl_1.0.2g-1ubuntu3~ppa7 -- You received this bug notification

Re: [Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

Pitt <martin.p...@ubuntu.com> wrote: > Joy Latten [2016-04-13 18:08 -]: > > Started looking into those patch diffs... > > for the openssl-1.0.2a-fips-ec.patch one, I had a bunch of undefined > > symbols and so cleaned these up, causing my diff to be slightl

Re: [Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

Hi Martin, Cool! Started looking into those patch diffs... for the openssl-1.0.2a-fips-ec.patch one, I had a bunch of undefined symbols and so cleaned these up, causing my diff to be slightly off... my bad. Should have saved that for the last patch that was for my cleanup... sorry, I hated not

Re: [Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

upload. > > Thanks for bearing with me! > > ** Changed in: openssl (Ubuntu) >Status: Incomplete => In Progress > > ** Changed in: openssl (Ubuntu) > Assignee: (unassigned) => Joy Latten (j-latten) > > -- > You received this bug notification

[Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

New test package and debdiff. All the same testing completed successfully. New test package, https://launchpad.net/~j-latten/+archive/ubuntu/myppa ** Attachment added: "debdiff: latest patch series (6 patches) to add fips support to openssl"

Re: [Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

, Apr 8, 2016 at 9:04 AM, Joy Latten <joy.lat...@canonical.com> wrote: > Hi Martin, > > I will get to work on all the resolutions we mentioned. Thanks! > I will send you email when completed and list them. > > regards, > Joy > > On Fri, Apr 8, 2016 at 2:07 AM, Ma

[Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

Code Review Resolutions: 1. Original one patch divided up into a patch-series of 6 patches. The first 5 patches are the original patches from fedora. The 6th patch authored by me to fix compiler warnings and use updated fips compliant algorithms and tests from upstream openssl and openssl fips

[Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

** Attachment added: "debdiff: latest patch series (6 patches) to add fips support to openssl" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309/+attachment/4634739/+files/debdiff.openssl_1.0.2g-1ubuntu3~ppa5 -- You received this bug notification because you are a member of

Re: [Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

Hi Martin, I will get to work on all the resolutions we mentioned. Thanks! I will send you email when completed and list them. regards, Joy On Fri, Apr 8, 2016 at 2:07 AM, Martin Pitt <martin.p...@ubuntu.com> wrote: > Joy Latten [2016-04-08 5:07 -]: > > > -

Re: [Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

Hi Martin, Responses below. Thanks! regards, Joy On Thu, Apr 7, 2016 at 5:27 AM, Martin Pitt <martin.p...@ubuntu.com> wrote: > Hello Joy, > > thanks for your answers. I'll cut out the ones that are resolved now > from my POV. > > Joy Latten [2016-04-06 19:48 -

Re: [Bug 1553309] Re: [FFe]: Include FIPS 140-2 into openssl package

Hi Martin, My responses below. Thanks! regards, Joy On Thu, Apr 7, 2016 at 6:29 AM, Martin Pitt wrote: > I reviewed the remainder of the patch: > > crypto/evp/evp_locl.h > -# define SHA1_Init private_SHA1_Init > -# define SHA224_Init private_SHA224_Init > -#

<    1   2   3   >