[Bug 2055083] [NEW] Make fips-check script aware of commit reverts

Mon, 26 Feb 2024 14:32:34 -0800 

Public bug reported:

[Impact]

When producing a new version of some kernels, we need to check for
changes that might affect FIPS certs and justify why a commit was kept.

Currently there is a fips-check script that complains whenever a commit
with crypto-related changes is found without any justification. However,
this script does not account for cases where these commits are reverted
and will fail even in these cases.

[Fix]

After finding the commits that touch crypto source, also look for
commits that revert them.

[Test Plan]

Take a Jammy FIPS kernel from the 2024.02.05 cycle, which introduces two
commits that touch crypto source. Revert those commits (and do not
forget to follow the convention of adding `UBUNTU: SAUCE` to the commit
subject). Proceed to prepare the kernel, and at the `cranky close` step,
confirm that it can be run without any errors.

[Where problems could occur]

This only affects the preparation of FIPS kernels and not the kernel
final binary.

** Affects: linux (Ubuntu)
     Importance: Medium
     Assignee: Magali Lemes do Sacramento (magalilemes)
         Status: In Progress

** Affects: linux (Ubuntu Jammy)
     Importance: Medium
     Assignee: Magali Lemes do Sacramento (magalilemes)
         Status: In Progress

** Affects: linux (Ubuntu Noble)
     Importance: Medium
     Assignee: Magali Lemes do Sacramento (magalilemes)
         Status: In Progress

** Also affects: linux (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: linux (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Jammy)
     Assignee: (unassigned) => Magali Lemes do Sacramento (magalilemes)

** Changed in: linux (Ubuntu Noble)
     Assignee: (unassigned) => Magali Lemes do Sacramento (magalilemes)

** Changed in: linux (Ubuntu Jammy)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Noble)
   Importance: Undecided => Medium

** Changed in: linux (Ubuntu Jammy)
       Status: New => In Progress

** Changed in: linux (Ubuntu Noble)
       Status: New => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2055083

Title:
  Make fips-check script aware of commit reverts

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2055083/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to