Ubuntu
libnvme package

Feature Request: SRU/Backport upstream commits to Ubuntu 24.04 LTS (Noble Numbat)

Bug #2093127 reported by Jaimes Joschko
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libnvme (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Hi team,

Would it be possible to SRU/Backport the following commits to Ubuntu 24.04 LTS (Noble Numbat)?

# Commits

fabrics: do not attempt to import keys if tls is not enabled - [https://github.com/linux-nvme/libnvme/commit/2d92c354d58be032b248fb8f85d3118088cdfef4]

linux: do not do any keyring ops when no key is provided - [https://github.com/linux-nvme/libnvme/commit/21f5e8617507bd3e8e14879fe7c5a20707b5a7d0]

linux: fix derive_psk_digest OpenSSL 1.1 version - [https://github.com/linux-nvme/libnvme/commit/81073a178c198a1b7f08964300905cbec595c14e]

tree: do no export tls keys when not provided by user - [https://github.com/linux-nvme/libnvme/commit/f8f82abe4fff8ba2ca71da5d3635200931dae118]

linux: fixup PSK HMAC type '0' handling - [https://github.com/linux-nvme/libnvme/commit/e48845ecba1aa72d45f3fa4c8aa257072c25dcd0]

util: added error code for ENOKEY - [https://github.com/linux-nvme/libnvme/commit/dd1daf34d11754dc9e1e8d026e2aa3b552e9b0b3]

fabrics: use hex numbers when generating command line options - [https://github.com/linux-nvme/libnvme/commit/e0db450d260302921b630f2da5e505478dc5134f]

linux: handle key import correctly - [https://github.com/linux-nvme/libnvme/commit/2201d1375b877356eb3e3cf6b61ad932b852a66b]

linux: export keys to config - [https://github.com/linux-nvme/libnvme/commit/6e8e03a3d16c12bf6dd5440254c1c1c12ffa9b94]

tree: read tls_configured_key and tls_keyring from sysfs - [https://github.com/linux-nvme/libnvme/commit/b9f08d5bd3d84c0df0eb6a3321a8006801214fd1]

tree: move dhchap and tls sysfs parser into separate functions - [https://github.com/linux-nvme/libnvme/commit/f23ae8cd59fa20e98f587dd0717b380c65325119]

json: move keystore operations out of the JSON parser - [https://github.com/linux-nvme/libnvme/commit/9c4a34b54542e26948a8b5f817c31d72b02f69a0]

tree: add getter/setters for TLS PSK - [https://github.com/linux-nvme/libnvme/commit/c5a9371c1c0581c2000a07d2ba8d3e55629bc09a]

linux: add import/export function for TLS pre-shared keys - [https://github.com/linux-nvme/libnvme/commit/454373a2a4007ccab1574288252e4a2423786d45]

linux: only return the description of a key - [https://github.com/linux-nvme/libnvme/commit/40230e61282353ae8d8e73b1748a6df3be44c7c9]

Thanks in advance!

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libnvme (Ubuntu):
status: New → Confirmed
Revision history for this message
Benjamin Drung (bdrung) wrote :

Technical analysis
------------------

I just tried to cherry-pick the commits in the correct order to the v1.8 branch:

```
commits=(40230e61282353ae8d8e73b1748a6df3be44c7c9
454373a2a4007ccab1574288252e4a2423786d45
c5a9371c1c0581c2000a07d2ba8d3e55629bc09a
9c4a34b54542e26948a8b5f817c31d72b02f69a0
f23ae8cd59fa20e98f587dd0717b380c65325119
b9f08d5bd3d84c0df0eb6a3321a8006801214fd1
6e8e03a3d16c12bf6dd5440254c1c1c12ffa9b94
2201d1375b877356eb3e3cf6b61ad932b852a66b
e0db450d260302921b630f2da5e505478dc5134f
dd1daf34d11754dc9e1e8d026e2aa3b552e9b0b3
e48845ecba1aa72d45f3fa4c8aa257072c25dcd0
f8f82abe4fff8ba2ca71da5d3635200931dae118
81073a178c198a1b7f08964300905cbec595c14e
21f5e8617507bd3e8e14879fe7c5a20707b5a7d0
2d92c354d58be032b248fb8f85d3118088cdfef4)
git co -b noble v1.8
for commit in ${commits[*]}; do git cherry-pick "$commit" || git cherry-pick --abort; done
```

Only the first commit applied cleanly. The other would need adjustments.

Commit 454373a2a4007ccab1574288252e4a2423786d45 adds the new nvme_export_tls_key_versioned and nvme_import_tls_key_versioned functions from the v1.11 release.

Policy check
------------

For an SRU, the changes must comply with the requirements: https://documentation.ubuntu.com/sru/en/latest/reference/requirements/
This change might fall under following categories:

* For Long Term Support releases we regularly want to enable new hardware
* For Long Term Support releases we sometimes want to introduce new features.

See also https://documentation.ubuntu.com/sru/en/latest/explanation/requirements/

This ticket needs to be updated using the SRU template: https://documentation.ubuntu.com/sru/en/latest/reference/bug-template/ and following question needs to be answered:

* Impact: Why should it be backported?
* Test plan: How to test these new changes?

Skia (hyask)
tags: added: rls-nn-incoming
Skia (hyask)
tags: removed: rls-nn-incoming
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.