[Swan-dev] issues based on last night's laptop run that need to be fixed / explained before release
paul at nohats.ca
Tue Oct 2 23:50:49 UTC 2018
On Mon, 1 Oct 2018, Andrew Cagney wrote:
> I'm not seeing these FIPS falures?
[root at west ~]# /usr/bin/fipscheck /usr/local/libexec/ipsec/pluto
[root at west ~]# echo $?
According to the man page this means: 1 Checksum mismatch
[root at west ~]# ls -l /usr/local/libexec/ipsec/pluto /usr/local/libexec/ipsec/.pluto.hmac
-rwxr-xr-x. 1 root root 8424104 Oct 1 19:46 /usr/local/libexec/ipsec/pluto
-rw-r--r--. 1 root root 65 Aug 23 19:41 /usr/local/libexec/ipsec/.pluto.hmac
Hmm, First I blamed 'make install-base' but 'make install' also didn't
write the file there. I also don't see the .hmac file for pluto in /usr/lib64/fipscheck
It seems 'make install-fipshmac' installs it.
I guess that makes sense since we do this manually in the spec file for
rpm and otherwise the two would clash. So I think we should remove the
handling in the spec file and have install-fipsmac called when invoking
'install' or 'install-base'. Although depending on the fipscheck
version, we want the hmac file in a different location. Perhaps a
variable we can set in make/rpm ?
> On Sun, 30 Sep 2018 at 19:33, Paul Wouters <paul at nohats.ca> wrote:
>> #FIPS check fialing?
>> #FIPS startup failures
More information about the Swan-dev