Bug 1789609

Summary: gnome-shell crashes when FIPS mode is enabled
Product: [Fedora] Fedora Reporter: Evan McClain <aeroevan>
Component: gdmAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 31CC: caillon+fedoraproject, crypto-team, gnome-sig, john.j5live, lef, mclasen, nmavrogi, normand, philip.wyett, rhughes, rstrode, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-31 14:49:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Evan McClain 2020-01-09 21:55:56 UTC 
Description of problem:
When FIPS mode is enabled, GDM fails to start. In jour

Version-Release number of selected component (if applicable):
20191128-2.gitcd267a5.fc31

How reproducible:


Steps to Reproduce:
1. fips-mode-setup --enable

Actual results:
GDM fails to start

Expected results:
GDM should work as expected in FIPS mode

Additional info:
gnome-shell is crashing with:
Process 1555 (gnome-shell) of user 42 dumped core.

Stack trace of thread 1555:
#0  0x00007fcc1370d968 gnutls_x509_trust_list_add_trust_file (libgnutls.so.30)
#1  0x00007fcc13681c41 gnutls_x509_trust_list_add_system_trust (libgnutls.so.30)
#2  0x00007fcbc2f75cbd g_tls_database_gnutls_populate_trust_list (libgiognutls.so)
#3  0x00007fcbc2f75ee1 g_tls_database_gnutls_initable_init (libgiognutls.so)
#4  0x00007fcc17a0edea g_initable_new_valist (libgio-2.0.so.0)
#5  0x00007fcc17a0ee9d g_initable_new (libgio-2.0.so.0)
#6  0x00007fcbc2f70ceb g_tls_backend_gnutls_get_default_database (libgiognutls.so)

Reverting crypto-policies back to 20190816-4.gitbb9bf99.fc31 gets GDM/GNOME Shell to work again under FIPS mode
Comment 1 Evan McClain 2020-03-31 14:49:44 UTC 
This appears to be fixed by #1813384

*** This bug has been marked as a duplicate of bug 1813384 ***