canonical-ubuntu-qa team mailing list archive

[Po-Hsu Lin <2057867@xxxxxxxxxxxxxxxxxx>]

** Summary changed:

- ubuntu_kvm_smoke_test fail with B-FIPS kernel (dsa keys not allowed)
+ ubuntu_kvm_smoke_test fail with FIPS kernel (dsa keys not allowed)

** Tags added: jammy sru-20240429

-- 
You received this bug notification because you are a member of Canonical
Platform QA Team, which is subscribed to ubuntu-kernel-tests.
https://bugs.launchpad.net/bugs/2057867

Title:
  ubuntu_kvm_smoke_test fail with FIPS kernel (dsa keys not allowed)

Status in ubuntu-kernel-tests:
  New

Bug description:
  After enabling the fips-dev ppa and using user-space tool there. The ubuntu_kvm_smoke_test starts failing with:
   + uvt-kvm create bjf-test release=bionic arch=s390x
   DSA keys are not allowed in FIPS mode

  Take a closer look inside /usr/lib/python2.7/dist-
  packages/uvtool/libvirt/kvm.py, which calls
  uvtool.ssh.generate_ssh_host_keys() from /usr/lib/python2.7/dist-
  packages/uvtool/ssh.py

  From ssh.py, you will find it will try to generate 4 different key
  types, includes "dsa":

  KEY_TYPES = ['rsa', 'dsa', 'ecdsa', 'ed25519']
  ...
  def generate_ssh_host_keys():
      cloud_init_result = {}
      known_hosts_result = []
      tmp_dir = tempfile.mkdtemp(prefix='uvt-kvm.sshtmp')
      try:
          for key_type in KEY_TYPES:
              private_path = os.path.join(tmp_dir, key_type)
              _keygen(key_type, private_path)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2057867/+subscriptions