[FFe]: Include FIPS into the ubuntu-advantage tool
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-advantage-tools (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
This is a request for a feature freeze exception to include FIPS into the ubuntu-
This will allow UA customers to use the ubuntu-advantage script to do the following
when "ubuntu-advantage enable-fips <token>" is issued from commandline,
- configure the private PPA where the FIPS modules are located
- install the FIPS modules from this PPA to the local machine from where the script is run
- configure the bootloader to enable fips
Upon successful completion of these steps, the customer then gets a message stating to reboot
the machine to complete the fips enablement process.
Without the script, customers must perform the steps manually.
The following fips packages are installed:
linux-fips, fips-initramfs (fips kernel)
openssl, libssl1.0.0, libssl1.0.0-hmac
openssh-server, openssh-server-hmac
openssh-client, openssh-client-hmac
strongswan, strongswan-hmac
The patchset to include fips into ubuntu-
- additional code to script to support "enable-fips" option/flag
- additional code to script to support "is-fips-enabled" which reports if fips is
enabled or not
- additional code to support "status" for fips
- addition to man page
- additional testcases for fips
- the fips private ppa keyring
**NOTE: The enable-fips component of the script will only work/run on xenial. FIPS modules are currently certified for xenial only. The intention is to upload to artful (althought doesn't enable fips on artful) in preparation for a xenial SRU.
tags: | added: patch |
description: | updated |
tags: | added: upgrade-software-version |
information type: | Public → Public Security |
changelog diff: /github. com/CanonicalLt d/ubuntu- advantage- script/ pull/65/ commits/ 3a4ca12cef796d9 30aebc7f6570783 cb1f6e6fb1
https:/
PPA with daily builds: /code.launchpad .net/~ahasenack /+recipe/ ubuntu- advantage- script- daily
A PPA setup with daily builds from a github mirror using a launchpad recipe: https:/