Ubuntu
linux package

Drop fips-checks script from trees

Bug #2055083 reported by Magali Lemes do Sacramento
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Committed
Medium
Magali Lemes do Sacramento
Focal
Fix Committed
Medium
Magali Lemes do Sacramento
Jammy
Fix Committed
Medium
Magali Lemes do Sacramento
Mantic
Fix Committed
Medium
Magali Lemes do Sacramento
Noble
Fix Committed
Medium
Magali Lemes do Sacramento

Bug Description

[Impact]

When producing a new version of some kernels, we need to check for changes that might affect FIPS certs and justify why a commit was kept. For that, we have a fips-checks script that lives under debian/ in Focal, Jammy, Mantic and Noble.

This script has been moved to `cranky`[1], so now there is no need to have this script in the kernel Git trees as well.

[1] https://git.launchpad.net/~canonical-kernel/+git/kteam-tools/commit/?id=2ab9364d4b4c18bee7d835787d7dd11990103bca

[Fix]

Remove the fips-checks script and its calls.

[Test Plan]

Prepare a kernel and ensure that the `cranky close` step runs without any errors.

[Where problems could occur]

This only affects the preparation of FIPS kernels and not the kernel final binary. Moreover, I've prepared some FIPS kernels from the 2024.03.04 cycle relying on `cranky check-fips` to ensure that
we have it working well on the cranky side too.

See original description
Magali Lemes do Sacramento (magalilemes)
Changed in linux (Ubuntu Jammy):
assignee: nobody → Magali Lemes do Sacramento (magalilemes)
Changed in linux (Ubuntu Noble):
assignee: nobody → Magali Lemes do Sacramento (magalilemes)
Changed in linux (Ubuntu Jammy):
importance: Undecided → Medium
Changed in linux (Ubuntu Noble):
importance: Undecided → Medium
Changed in linux (Ubuntu Jammy):
status: New → In Progress
Changed in linux (Ubuntu Noble):
status: New → In Progress
Magali Lemes do Sacramento (magalilemes)
summary: - Make fips-check script aware of commit reverts
+ Drop fips-check script from trees
description: updated
Magali Lemes do Sacramento (magalilemes)
Changed in linux (Ubuntu Focal):
status: New → In Progress
assignee: nobody → Magali Lemes do Sacramento (magalilemes)
Changed in linux (Ubuntu Mantic):
assignee: nobody → Magali Lemes do Sacramento (magalilemes)
status: New → In Progress
Changed in linux (Ubuntu Focal):
importance: Undecided → Critical
importance: Critical → Medium
Changed in linux (Ubuntu Mantic):
importance: Undecided → Medium
Magali Lemes do Sacramento (magalilemes)
summary: - Drop fips-check script from trees
+ Drop fips-checks script from trees
description: updated
Stefan Bader (smb)
Changed in linux (Ubuntu Mantic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Jammy):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Focal):
status: In Progress → Fix Committed
Magali Lemes do Sacramento (magalilemes)
Changed in linux (Ubuntu Noble):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.4.0-181.201 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux' to 'verification-done-focal-linux'. If the problem still exists, change the tag 'verification-needed-focal-linux' to 'verification-failed-focal-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-v2 verification-needed-focal-linux
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/5.15.0-104.114 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy-linux' to 'verification-done-jammy-linux'. If the problem still exists, change the tag 'verification-needed-jammy-linux' to 'verification-failed-jammy-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-jammy-linux-v2 verification-needed-jammy-linux
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux/6.5.0-33.33 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-mantic-linux' to 'verification-done-mantic-linux'. If the problem still exists, change the tag 'verification-needed-mantic-linux' to 'verification-failed-mantic-linux'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-mantic-linux-v2 verification-needed-mantic-linux
Roxana Nicolescu (roxanan)
tags: added: verification-done-focal-linux verification-done-jammy-linux verification-done-mantic-linux
removed: verification-needed-focal-linux verification-needed-jammy-linux verification-needed-mantic-linux
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.