[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Condor_master aborting because of FIPS mode

Hello Douglas,

I am sorry that you went to so much effort to try and reconstruct a
tarball from the packaged builds. The executables in the RPM don't have
RPATH defined as it is forbidden in RPM packages. I only put up
repositories for the FIPS builds, because that is what was requested.
You are obviously requesting FIPS compliant tarballs. Remember, these
tarballs will not interoperate with the regular tarballs.

You will find the FIPS compliant tarballs in:


On 7/31/20 8:44 AM, Vechinski, Douglas wrote:
> So I've finally had some time to get around to trying this. I downloaded many of the 8.8.9 RPMs from your link and extracted the files from them. After extraction I noticed that there /lib, /lib64, and /libexec subdirectories under the "usr"  subdirectory. However, on the tarball from the non-FIPS version that I initially began with, there were just /lib and /libexec subdirectories. Anyway, I copied the files under the "usr" subdirectory over to the NFS share location.
> Before attempting to start condor_master I thought I'd give condor_config_val a test to see if the config files were being located and such. However, when I attempted to run condor_config_val it complained that it couldn't find some shared libraries (libclassadd.so & libcondor_utils_8_8_9.so). (I assume this would be true for most of the other executables as well). I looked and these libraries are present under the "NFS_path/condor-8.8.9_fips/lib64" directory. Comparing with the non-FIPS layout, these libraries are located under the /lib subdirectory (in the associated location where the tarball was extracted). If I do an ldd on the non-FIPS executable, it seems to located these libraries with a path something like "NFS_path/condor-8.8.9/bin/../lib/libclassadd.so". However, on the corresponding FIPS executable, when I do an ldd, it simply is unable to locate it. I'm guessing that is it trying to find in under /lib64 (or /usr/lib64) relative to the system root directory and n!
>  ot something like "NFS_path/condor-8.8.9_fips/bin/../lib64". (Note, I tried making symbolic links for those files in lib64 to lib in this NFS location but that didn't work.)
> As a test, I set my LD_LIBRARY_PATH environment variable to include "NFS_path/condor-8.8.9_fips/lib64" and then was able to run condor_config_val. I don't really want to do this as every user and root would have to set this. I assume something could be done with /etc/ld.so.conf but I assume I would have to do this on each system that is added to the pool. Any other solutions? And, why does the non-FIPS version from the tarball know to look in a lib directory this is relative to executable location and the FIPS version does not?
> _______________________________________________
> HTCondor-users mailing list
> To unsubscribe, send a message to htcondor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/htcondor-users
> The archives can be found at:
> https://lists.cs.wisc.edu/archive/htcondor-users/

Tim Theisen
Release Manager
HTCondor & Open Science Grid
Center for High Throughput Computing
Department of Computer Sciences
University of Wisconsin - Madison
4261 Computer Sciences and Statistics
1210 W Dayton St
Madison, WI 53706-1685
+1 608 265 5736