Drop fips-checks script from trees
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Committed
|
Medium
|
Magali Lemes do Sacramento | ||
Focal |
Fix Committed
|
Medium
|
Magali Lemes do Sacramento | ||
Jammy |
Fix Committed
|
Medium
|
Magali Lemes do Sacramento | ||
Mantic |
Fix Committed
|
Medium
|
Magali Lemes do Sacramento | ||
Noble |
Fix Committed
|
Medium
|
Magali Lemes do Sacramento |
Bug Description
[Impact]
When producing a new version of some kernels, we need to check for changes that might affect FIPS certs and justify why a commit was kept. For that, we have a fips-checks script that lives under debian/ in Focal, Jammy, Mantic and Noble.
This script has been moved to `cranky`[1], so now there is no need to have this script in the kernel Git trees as well.
[Fix]
Remove the fips-checks script and its calls.
[Test Plan]
Prepare a kernel and ensure that the `cranky close` step runs without any errors.
[Where problems could occur]
This only affects the preparation of FIPS kernels and not the kernel final binary. Moreover, I've prepared some FIPS kernels from the 2024.03.04 cycle relying on `cranky check-fips` to ensure that
we have it working well on the cranky side too.
Changed in linux (Ubuntu Jammy): | |
assignee: | nobody → Magali Lemes do Sacramento (magalilemes) |
Changed in linux (Ubuntu Noble): | |
assignee: | nobody → Magali Lemes do Sacramento (magalilemes) |
Changed in linux (Ubuntu Jammy): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Noble): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Jammy): | |
status: | New → In Progress |
Changed in linux (Ubuntu Noble): | |
status: | New → In Progress |
summary: |
- Make fips-check script aware of commit reverts + Drop fips-check script from trees |
description: | updated |
Changed in linux (Ubuntu Focal): | |
status: | New → In Progress |
assignee: | nobody → Magali Lemes do Sacramento (magalilemes) |
Changed in linux (Ubuntu Mantic): | |
assignee: | nobody → Magali Lemes do Sacramento (magalilemes) |
status: | New → In Progress |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → Critical |
importance: | Critical → Medium |
Changed in linux (Ubuntu Mantic): | |
importance: | Undecided → Medium |
summary: |
- Drop fips-check script from trees + Drop fips-checks script from trees |
description: | updated |
Changed in linux (Ubuntu Mantic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Jammy): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Noble): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-focal-linux verification-done-jammy-linux verification-done-mantic-linux removed: verification-needed-focal-linux verification-needed-jammy-linux verification-needed-mantic-linux |
This bug is awaiting verification that the linux/5.4.0-181.201 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- focal-linux' to 'verification- done-focal- linux'. If the problem still exists, change the tag 'verification- needed- focal-linux' to 'verification- failed- focal-linux' .
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!