Merged
Conversation
duzda
force-pushed
the
replace-fips-mode-setup
branch
from
8611c42 to
3d6b7e7
Compare
rcritten
reviewed
Feb 17, 2025
src/ipahealthcheck/meta/core.py
Outdated
| if not os.path.exists(paths.PROC_FIPS_ENABLED): | ||
| fips = "missing {}".format(paths.PROC_FIPS_ENABLED) | ||
| logger.debug("Can't find %s, skipping" % | ||
| paths.PROC_FIPS_ENABLED) |
Collaborator
There was a problem hiding this comment.
I'm a bit torn on this related to other distributions, whether enforcing that the file exist would break them.
When I originally wrote this I didn't want to hold it against a user that they didn't have a tool installed. But the file in /proc should be created by the kernel so if that's missing it points to a larger issue.
I think we should set rval to WARNING in this case. This file is created by the kernel so if FIPS is disabled in the KERNEL that seems odd. A user can suppress the warning if indeed they have this use-case.
Contributor
Author
There was a problem hiding this comment.
I think we can make the assumption, that this file exists, otherwise, the user is using a custom kernel and is probably not thinking about FIPS at all. Nevertheless, the return value is a warning now.
rcritten
reviewed
Feb 17, 2025
RHEL10 doesn't support fips-mode-setup, therefore this call has been replaced with simple reading of a proc file. The tests have been edited accordingly, inconsistent has been removed and instead replaced by a test supplying an arbitrary value, that should never occur. Fixes: freeipa#350 Signed-off-by: David Hanina <dhanina@redhat.com>
Also renamed test_fips_no_fips_enabled to test_fips_no_fips_available as this name is more fitting, meaning the kernel is missing fips. Signed-off-by: David Hanina <dhanina@redhat.com>
duzda
force-pushed
the
replace-fips-mode-setup
branch
from
78dfe71 to
1e3225b
Compare
rcritten
reviewed
Feb 20, 2025
rcritten
reviewed
Feb 20, 2025
The missing PROC_FIPS_ENABLED should be considered a bug in the base package, therefore no need to check here. Signed-off-by: David Hanina <dhanina@redhat.com>
duzda
force-pushed
the
replace-fips-mode-setup
branch
from
70b4ec8 to
ad2620d
Compare
Collaborator
|
thanks, looks good. |
menonsudhir
added a commit
to menonsudhir/freeipa
that referenced
this pull request
Apr 1, 2025
Fix freeipa/freeipa-healthcheck#349 was added for RHEL10 only causing the tests to fail in RHEL10.1. Hence the if condition has been changed in the testcode. Signed-off-by: Sudhir Menon <sumenon@redhat.com>
menonsudhir
added a commit
to menonsudhir/freeipa
that referenced
this pull request
Apr 1, 2025
Fix freeipa/freeipa-healthcheck#349 was added for RHEL10 only causing the tests to fail in RHEL10.1. Hence the if condition has been changed in the testcode. Signed-off-by: Sudhir Menon <sumenon@redhat.com>
menonsudhir
added a commit
to menonsudhir/freeipa
that referenced
this pull request
Apr 1, 2025
Fix freeipa/freeipa-healthcheck#349 was added for RHEL10 only causing the tests to fail in RHEL10.1. Hence the if condition has been changed in the testcode. Signed-off-by: Sudhir Menon <sumenon@redhat.com>
menonsudhir
added a commit
to menonsudhir/freeipa
that referenced
this pull request
Apr 1, 2025
Fix freeipa/freeipa-healthcheck#349 was added for RHEL10 only causing the tests to fail in RHEL10.1. Hence the if condition has been changed in the testcode. Signed-off-by: Sudhir Menon <sumenon@redhat.com>
abbra
pushed a commit
to freeipa/freeipa
that referenced
this pull request
Apr 7, 2025
Fix freeipa/freeipa-healthcheck#349 was added for RHEL10 only causing the tests to fail in RHEL10.1. Hence the if condition has been changed in the testcode. Signed-off-by: Sudhir Menon <sumenon@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
menonsudhir
added a commit
to menonsudhir/freeipa
that referenced
this pull request
Apr 7, 2025
Fix freeipa/freeipa-healthcheck#349 was added for RHEL10 only causing the tests to fail in RHEL10.1. Hence the if condition has been changed in the testcode. Signed-off-by: Sudhir Menon <sumenon@redhat.com>
abbra
pushed a commit
to freeipa/freeipa
that referenced
this pull request
Apr 8, 2025
Fix freeipa/freeipa-healthcheck#349 was added for RHEL10 only causing the tests to fail in RHEL10.1. Hence the if condition has been changed in the testcode. Signed-off-by: Sudhir Menon <sumenon@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
RHEL10 doesn't support fips-mode-setup, therefore this call has been replaced with simple reading of a proc file. The tests have been edited accordingly, inconsistent has been removed and instead replaced by a test supplying an arbitrary value, that should never occur.
Fixes: #350