2067971 – Consequences of FIPS crypto policy tightening in RHEL 9

Bug 2067971 - Consequences of FIPS crypto policy tightening in RHEL 9

Summary: Consequences of FIPS crypto policy tightening in RHEL 9

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	9.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Florence Blanc-Renaud
QA Contact:	ipa-qe
Docs Contact:
URL:
Whiteboard:
Depends On:	2039684 2053135 2057471 2060798 2064823 2066316 2066319 2067121
Blocks:	2124308 2124310
TreeView+	depends on / blocked

Reported:	2022-03-24 07:22 UTC by Florence Blanc-Renaud
Modified:	2022-11-15 10:32 UTC (History)
CC List:	11 users (show)
Fixed In Version:	ipa-4.9.8-8.el9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	2057471
Clones:	2124308 2124310 (view as bug list)
Environment:
Last Closed:	2022-11-15 10:00:08 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	FREEIPA-8050	None	None	None	2022-03-24 07:35:41 UTC
Red Hat Issue Tracker	RHELPLAN-116601	None	None	None	2022-03-24 07:36:10 UTC
Red Hat Product Errata	RHBA-2022:7988	None	None	None	2022-11-15 10:00:33 UTC

Comment 3 Florence Blanc-Renaud 2022-03-24 07:26:06 UTC

Moving to POST as the fix is already available upstream.

Comment 4 Florence Blanc-Renaud 2022-03-25 09:25:19 UTC

An additional test fix is required:
master:
https://pagure.io/freeipa/c/5a42ab115e85698866219e3edc98ceaf439bab55

Comment 5 Florence Blanc-Renaud 2022-03-25 13:36:17 UTC

Additional test fix:
ipa-4-9:
https://pagure.io/freeipa/c/09481117b58f1a237bb1048d3fe8d44caf9e167f

Comment 6 Florence Blanc-Renaud 2022-03-29 06:14:01 UTC

Additional test fix:
master:
    27ab216 ipatests: fix check for AD topology being present

ipa-4-9:
    b6b5f60 ipatests: fix check for AD topology being present

Comment 12 Michal Polovka 2022-04-13 14:51:45 UTC

Verified using T1 nightly FIPS pipeline for RHEL9.1 with ipa-server-4.9.8-8.el9.x86_64

https://ci-jenkins-csb-idmops.apps.ocp-c1.prod.psi.redhat.com/view/IPA/job/ipa-RHEL9.1/job/Nightly-FIPS/view/tier-1/

Example particular run: https://ci-jenkins-csb-idmops.apps.ocp-c1.prod.psi.redhat.com/view/IPA/job/ipa-RHEL9.1/job/Nightly-FIPS/job/tier-1-RHEL9.1-Nightly-FIPS-bash-ipa-automember-cli/5/

Relevant problems fixed, marking as verified.

Comment 16 errata-xmlrpc 2022-11-15 10:00:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ipa bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:7988

Note You need to log in before you can comment on or make changes to this bug.