Topics

Guidance Downgrading Python2 in Zeus #python


MikeB
 

I'm working on a set of platforms that have a FIPs certified OpenSSL.  We are at version 1.0.2l.

I've found that the new version of python in Zeus (2.7.17) requires a newer version of OpenSSL (1.1).

We really don't want to go through a new round of certification, so we want to keep our current OpenSSL (1.0.2l).

I think the easiest solution is to downgrade python 2 back to the version used by Sumo (2.7.15).

I know how to downgrade simple recipes, but python is far from simple.

Can someone give me some guidance on how to approach the downgrade of python2 in Zeus?

Thanks, Mike


Alexander Kanavin
 

I think python2 *recipe* requires openssl 1.1, but python2 itself will work just fine with openssl 1.0. So you only need to adjust the dependency, there are several ways to do that.

Alex


On Wed, 15 Apr 2020 at 18:16, MikeB <mabnhdev@...> wrote:
I'm working on a set of platforms that have a FIPs certified OpenSSL.  We are at version 1.0.2l.

I've found that the new version of python in Zeus (2.7.17) requires a newer version of OpenSSL (1.1).

We really don't want to go through a new round of certification, so we want to keep our current OpenSSL (1.0.2l).

I think the easiest solution is to downgrade python 2 back to the version used by Sumo (2.7.15).

I know how to downgrade simple recipes, but python is far from simple.

Can someone give me some guidance on how to approach the downgrade of python2 in Zeus?

Thanks, Mike


akuster
 



On 4/15/20 9:16 AM, MikeB wrote:
I'm working on a set of platforms that have a FIPs certified OpenSSL.  We are at version 1.0.2l.

I've found that the new version of python in Zeus (2.7.17) requires a newer version of OpenSSL (1.1).

We really don't want to go through a new round of certification, so we want to keep our current OpenSSL (1.0.2l).

I think the easiest solution is to downgrade python 2 back to the version used by Sumo (2.7.15).

I know how to downgrade simple recipes, but python is far from simple.

Can someone give me some guidance on how to approach the downgrade of python2 in Zeus?

Have had a chance to look at this layer?
http://git.yoctoproject.org/cgit/cgit.cgi/meta-openssl102-fips/

- armin

Thanks, Mike

    


Sean McKay
 

FYI, we’re doing the same internally (vendor supplied FIPS supported openssl 1.0.2), and the layer Armin suggests worked for us on zeus with minimal additional tweaking.

 

Good luck!

-Sean

 

From: yocto@... <yocto@...> On Behalf Of akuster
Sent: Wednesday, April 15, 2020 9:23 AM
To: MikeB <mabnhdev@...>; yocto@...
Subject: Re: [yocto] Guidance Downgrading Python2 in Zeus #python

 

 

On 4/15/20 9:16 AM, MikeB wrote:

I'm working on a set of platforms that have a FIPs certified OpenSSL.  We are at version 1.0.2l.

I've found that the new version of python in Zeus (2.7.17) requires a newer version of OpenSSL (1.1).

We really don't want to go through a new round of certification, so we want to keep our current OpenSSL (1.0.2l).

I think the easiest solution is to downgrade python 2 back to the version used by Sumo (2.7.15).

I know how to downgrade simple recipes, but python is far from simple.

Can someone give me some guidance on how to approach the downgrade of python2 in Zeus?


Have had a chance to look at this layer?
http://git.yoctoproject.org/cgit/cgit.cgi/meta-openssl102-fips/

- armin


Thanks, Mike

 

 


MikeB
 

Thank you all.  The new layer did the trick for me also.

Regards, Mike

On Wed, Apr 15, 2020 at 12:33 PM McKay, Sean <sean.mckay@...> wrote:

FYI, we’re doing the same internally (vendor supplied FIPS supported openssl 1.0.2), and the layer Armin suggests worked for us on zeus with minimal additional tweaking.

 

Good luck!

-Sean

 

From: yocto@... <yocto@...> On Behalf Of akuster
Sent: Wednesday, April 15, 2020 9:23 AM
To: MikeB <mabnhdev@...>; yocto@...
Subject: Re: [yocto] Guidance Downgrading Python2 in Zeus #python

 

 

On 4/15/20 9:16 AM, MikeB wrote:

I'm working on a set of platforms that have a FIPs certified OpenSSL.  We are at version 1.0.2l.

I've found that the new version of python in Zeus (2.7.17) requires a newer version of OpenSSL (1.1).

We really don't want to go through a new round of certification, so we want to keep our current OpenSSL (1.0.2l).

I think the easiest solution is to downgrade python 2 back to the version used by Sumo (2.7.15).

I know how to downgrade simple recipes, but python is far from simple.

Can someone give me some guidance on how to approach the downgrade of python2 in Zeus?


Have had a chance to look at this layer?
http://git.yoctoproject.org/cgit/cgit.cgi/meta-openssl102-fips/

- armin


Thanks, Mike