| opendevreview | Alistair Coles proposed openstack/swift master: sharder: fix and expand CleavingContext docstrings https://review.opendev.org/c/openstack/swift/+/833654 | 16:34 |
|---|---|---|
| acoles | ^^ easy review (I hope!) | 16:35 |
| afaranha | timburke__, hi, I think we still have some issues with the tempurl patch, https://141a6634077a6c4f5d94-d97b0a3b599d6de6d0673faefd2f08b5.ssl.cf5.rackcdn.com/790535/28/check/cinder-tempest-lvm-multibackend-fips/1caa505/testr_results.html | 16:54 |
| afaranha | could you please take a look when you have time? | 16:55 |
| afaranha | https://review.opendev.org/c/openstack/glance/+/831921/3 | 16:55 |
| timburke__ | huh. `_hashlib.UnsupportedDigestmodError: Unsupported digestmod functools.partial(<function __hash_new at 0x7fc71822a310>, 'sha256')` | 16:59 |
| afaranha | where do you see this log? | 17:06 |
| timburke__ | https://141a6634077a6c4f5d94-d97b0a3b599d6de6d0673faefd2f08b5.ssl.cf5.rackcdn.com/790535/28/check/cinder-tempest-lvm-multibackend-fips/1caa505/controller/logs/screen-s-proxy.txt -- search for "Traceback" | 17:06 |
| timburke__ | it's strange to me, because i *know* we use sha256 hmacs with swift's encryption feature, and we've seen those tests pass... | 17:08 |
| clarkb | is this possibly related to centos 9 using openssl 3? | 17:09 |
| clarkb | I know there were issues with sha1 on that platform without fips | 17:09 |
| timburke__ | ah... could be, then | 17:10 |
| afaranha | yea, no type either | 17:10 |
| afaranha | https://review.opendev.org/c/openstack/swift/+/525771/7/swift/common/middleware/tempurl.py#346 | 17:10 |
| afaranha | ade_lee__ ^ | 17:10 |
| afaranha | but since the tests passed on the patch: https://review.opendev.org/c/openstack/tempest/+/831607 https://405753feed1a3d88e398-67452faa46fddf50e0cf1e389c2c8597.ssl.cf5.rackcdn.com/831607/5/check/tempest-full-centos-9-stream/3e66d56/testr_results.html shouldn't it be okay? | 17:12 |
| afaranha | the libssh issue | 17:12 |
| afaranha | the tests failing there is due to libvirt issue | 17:13 |
| clarkb | ya I'm just throwing out ideas. | 17:13 |
| clarkb | You might need to boot a centos 9 machine with fips and inspect hashlib directly | 17:13 |
| afaranha | ack | 17:19 |
| afaranha | I'll let you know tomorrow if there's an issue there on hashlib | 17:19 |
| afaranha | thanks | 17:19 |
| clarkb | I just did a quick check on a non fips centos 9 stream instance and hashlib.sha256 is there | 17:21 |
| clarkb | and hmac.new(key=b'stuff', digestmod='sha256') also works | 17:24 |
| clarkb | so ya you probably need to get on a machien and inspect more closely as the trivial cehcks all seem fine | 17:25 |
| timburke__ | afaranha, fwiw i think you only *really* need https://review.opendev.org/c/openstack/tempest/+/832771 -- i don't think https://review.opendev.org/c/openstack/swift/+/525771 is a hard dependency for any of the stuff you're working on | 17:42 |
| opendevreview | Tim Burke proposed openstack/python-swiftclient master: Add Python3 zed unit tests https://review.opendev.org/c/openstack/python-swiftclient/+/832039 | 22:21 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!