Project

Profile

Help

Task #3753

closed

Pulp - Story #3637: As a user, I can run pulp in a FIPS-enabled environment

Confirm that pulp_puppet works in FIPS mode

Added by daviddavis almost 6 years ago. Updated almost 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
2.16.2
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Actions #1

Updated by daviddavis almost 6 years ago

Looks like our puppet plugin uses md5. I get this during sync:

Jun 12 16:37:13 pulp2.dev pulp[23171]: pulp_puppet.plugins.distributors.publish:ERROR: [fd5d206b] (23171-44384) Exception during metadata generation step for repository <forge>
Jun 12 16:37:13 pulp2.dev pulp[23171]: pulp_puppet.plugins.distributors.publish:ERROR: [fd5d206b] (23171-44384) Traceback (most recent call last):
Jun 12 16:37:13 pulp2.dev pulp[23171]: pulp_puppet.plugins.distributors.publish:ERROR: [fd5d206b] (23171-44384)   File "/home/vagrant/devel/pulp_puppet/pulp_puppet_plugins/pulp_puppet/plugins/distributors/publ
Jun 12 16:37:13 pulp2.dev pulp[23171]: pulp_puppet.plugins.distributors.publish:ERROR: [fd5d206b] (23171-44384)     self._generate_dependency_data(modules)
Jun 12 16:37:13 pulp2.dev pulp[23171]: pulp_puppet.plugins.distributors.publish:ERROR: [fd5d206b] (23171-44384)   File "/home/vagrant/devel/pulp_puppet/pulp_puppet_plugins/pulp_puppet/plugins/distributors/publ
Jun 12 16:37:13 pulp2.dev pulp[23171]: pulp_puppet.plugins.distributors.publish:ERROR: [fd5d206b] (23171-44384)     file_hash = hashlib.md5()
Jun 12 16:37:13 pulp2.dev pulp[23171]: pulp_puppet.plugins.distributors.publish:ERROR: [fd5d206b] (23171-44384) ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips

Link to code:

https://github.com/pulp/pulp_puppet/blob/3a07fd8fabf8d79e2c42ead5051fc09888177845/pulp_puppet_plugins/pulp_puppet/plugins/distributors/publish.py#L320

Actions #2

Updated by dalley almost 6 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to dalley

Added by dalley almost 6 years ago

Revision 9ce98ae2 | View on GitHub

Use pulp-provided md5 util for fips compatibility

closes #3753 https://pulp.plan.io/issues/3753

Actions #3

Updated by dalley almost 6 years ago

  • Status changed from ASSIGNED to POST
Actions #4

Updated by dalley almost 6 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions #5

Updated by dkliban@redhat.com almost 6 years ago

  • Platform Release set to 2.16.2

Added by dalley over 5 years ago

Revision f1ae408b | View on GitHub

Use pulp-provided md5 util for fips compatibility

closes #3753 https://pulp.plan.io/issues/3753

(cherry picked from commit 9ce98ae2851fab6a029a3ccc3a3dcb1a150cabb9)

Actions #6

Updated by ragbalak over 5 years ago

Ran pulp smash against FIPS enabled 2.16 beta for the puppet plugins and found that all tests to be passing.

Actions #7

Updated by ipanova@redhat.com over 5 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions #8

Updated by bmbouter almost 5 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF