Skip to content
This repository has been archived by the owner on Oct 26, 2023. It is now read-only.

fips: remove the enable-fips service #339

Merged
merged 1 commit into from
Oct 10, 2023
Merged

fips: remove the enable-fips service #339

merged 1 commit into from
Oct 10, 2023

Conversation

tormath1
Copy link
Contributor

@tormath1 tormath1 commented Oct 4, 2023

it's not required to do so since gentoo/gentoo@f4cbfc0. This works on OpenSSL >= 3.0.8 so with the LTS-2023 it still requires the enable-fips service.

Testing done

@tormath1 tormath1 self-assigned this Oct 4, 2023
@tormath1 tormath1 requested a review from a team October 4, 2023 14:58
krnowak
krnowak reviewed Oct 10, 2023
View reviewed changes
Copy link
Contributor

@krnowak krnowak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm wondering if this needs a separate section for LTS then as we don't have versioned docs, do we?

@tormath1
Copy link
Contributor Author

@krnowak already got some similar situation here: #328 (comment) - as a trade-off we can mention something like:

For Flatcar LTS, you might need to generate the FIPS configuration file with https://www.openssl.org/docs/man3.0/man1/openssl-fipsinstall.html#EXAMPLES

@krnowak
Copy link
Contributor

krnowak commented Oct 10, 2023

@krnowak already got some similar situation here: #328 (comment) - as a trade-off we can mention something like:

For Flatcar LTS, you might need to generate the FIPS configuration file with https://www.openssl.org/docs/man3.0/man1/openssl-fipsinstall.html#EXAMPLES

Sounds good.

krnowak
krnowak approved these changes Oct 10, 2023
View reviewed changes
Copy link
Contributor

@krnowak krnowak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small nitpick, otherwise looks godd.

docs/setup/security/fips.md Outdated
```

NOTE: For Flatcar LTS-2023 (with OpenSSL < 3.0.8), it's still required to generate the fipsmodule configuration see upstream [documentation][openssl-fipsinstall].
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
NOTE: For Flatcar LTS-2023 (with OpenSSL < 3.0.8), it's still required to generate the fipsmodule configuration see upstream [documentation][openssl-fipsinstall].
NOTE: For Flatcar LTS-2023 (with OpenSSL < 3.0.8), it's still required to generate the fipsmodule configuration, see upstream [documentation][openssl-fipsinstall] on how to do it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@tormath1
fips: remove the enable-fips service
a1520ad 
it's not required to do so since gentoo/gentoo@f4cbfc0

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
@tormath1 tormath1 merged commit e64ca4b into main Oct 10, 2023
@tormath1 tormath1 deleted the tormath1/fips branch October 10, 2023 11:46
@github-actions github-actions bot mentioned this pull request Nov 9, 2023
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@krnowak krnowak krnowak approved these changes

Assignees

@tormath1 tormath1

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@tormath1 @krnowak