-
Bug
-
Resolution: Done-Errata
-
Critical
-
None
-
4.15.0
-
Quality / Stability / Reliability
-
False
-
-
3
-
Important
-
No
-
None
-
Proposed
-
OCPEDGE Sprint 246
-
1
-
In Progress
-
Release Note Not Required
-
None
-
None
-
None
-
None
-
None
Description of problem:
Running the FIPS check-payload tool (https://github.com/openshift/check-payload) against the LVMS operator results in one failure:
---- Failure Report
+----------------------------+-----------------+-----------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
| OPERATOR NAME | EXECUTABLE NAME | STATUS | IMAGE |
+----------------------------+-----------------+-----------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
| lvms-must-gather-container | /usr/bin/oc | could not find dependent openssl version within container image: libcrypto.so.1.1 | brew.registry.redhat.io/lvms4/lvms-must-gather-rhel9@sha256:c694132415ea5135193be4e201436f71f91dc8f01ee23ba47a6ef482cf98caf6 |
+----------------------------+-----------------+-----------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+
F1205 11:04:05.796196 1 main.go:259] Error: run failed
###test result for brew.registry.redhat.io/openshift4/ose-csi-external-snapshotter@sha256:d3ca815f773d1f6825443ea6a612cd10f3222fbfd973d96b504896d02ddd1b12 is: I1205 11:04:10.135806 1 main.go:278] using embedded config
I1205 11:04:10.136368 1 types_config.go:12] using config &{Components:[] FailOnWarnings:false FilterFile: FromFile: FromURL: InsecurePull:false Limit:-1 ContainerImageComponent: ContainerImage: OutputFile: OutputFormat:table Parallelism:5 Java:false PrintExceptions:false PullSecret: TimeLimit:1h0m0s Verbose:false UseRPMScan:false ConfigFile:{FilterFiles:[] FilterDirs:[/lib/firmware /lib/modules /usr/lib/.build-id /usr/lib/firmware /usr/lib/grub /usr/lib/modules /usr/share/app-info /usr/share/doc /usr/share/fonts /usr/share/icons /usr/share/openshift /usr/src/plugins /rootfs /sysroot] FilterImages:[] JavaDisabledAlgorithms:[DH keySize < 2048 TLSv1.1 TLSv1 SSLv3 SSLv2 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 DHE_DSS RSA_EXPORT DHE_DSS_EXPORT DHE_RSA_EXPORT DH_DSS_EXPORT DH_RSA_EXPORT DH_anon ECDH_anon DH_RSA DH_DSS ECDH 3DES_EDE_CBC DES_CBC RC4_40 RC4_128 DES40_CBC RC2 HmacMD5] PayloadIgnores:map[openshift-enterprise-pod-container:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrNotDynLinked Files:[/usr/bin/pod] Dirs:[]}]} operator-lifecycle-manager-container:{FilterFiles:[/usr/bin/cpb /usr/bin/copy-content] FilterDirs:[] ErrIgnores:[]} ose-olm-rukpak-container:{FilterFiles:[/unpack] FilterDirs:[] ErrIgnores:[]}] TagIgnores:map[] RPMIgnores:map[containernetworking-plugins:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[] Dirs:[/usr/libexec/cni]}]} cri-o:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[/usr/bin/crio /usr/bin/crio-status] Dirs:[]} {Error:ErrNotDynLinked Files:[/usr/bin/pinns] Dirs:[]}]} cri-tools:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[/usr/bin/crictl] Dirs:[]}]} glibc:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrNotDynLinked Files:[/usr/sbin/ldconfig /sbin/ldconfig] Dirs:[]}]} glibc-common:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrNotDynLinked Files:[/usr/sbin/build-locale-archive] Dirs:[]}]} ignition:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[/usr/lib/dracut/modules.d/30ignition/ignition] Dirs:[]}]} podman:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[/usr/bin/podman /usr/libexec/podman/quadlet /usr/libexec/podman/rootlessport] Dirs:[]} {Error:ErrNotDynLinked Files:[/usr/libexec/podman/catatonit] Dirs:[]}]} podman-catatonit:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrNotDynLinked Files:[/usr/libexec/catatonit/catatonit] Dirs:[]}]} runc:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[/usr/bin/runc] Dirs:[]}]} skopeo:{FilterFiles:[] FilterDirs:[] ErrIgnores:[{Error:ErrGoMissingTag Files:[/usr/bin/skopeo] Dirs:[]}]}] ErrIgnores:[]}}
I1205 11:04:10.136474 1 main.go:101] "scan" version="0.3.1-53-ge50c152a-dirty"
Version-Release number of selected component (if applicable):
lvms-must-gather-rhel9@sha256:c694132415ea5135193be4e201436f71f91dc8f01ee23ba47a6ef482cf98caf6
How reproducible:
Always
Steps to Reproduce:
Run the check-payload tool against the lvms operator (QE has a job to do this)
Actual results:
Failure listed above
Expected results:
No warnings or failures for LVMS 4.15
Additional info:
- links to
-
RHBA-2024:126443
LVMS 4.15 Bug Fix and Enhancement update
