Task #6984
Updated by bmbouter about 4 years ago
## Background Users need to install pulpcore in a FIPS compatible environments, therefore all dependencies need to be FIPS compatible. Django specifically we know is *not* FIPS compatible. ## The Plan Test pulpcore and it's dependencies in the CentOS 8 pulplift FIPS environment. Then for any dependencies that are not FIPS compatible, develop a patch and then contribute that patch in one of the following ways ways. These are listed further down. ## Developing the patch before contributing it Use a fork in order of the dependency preference with (1) being most preferred and apply your patch to a branch on top of the tag Pulp uses as it's dependency. So for example, for Django we use the latest 2.2 tag. So apply the patch onto a forked Django 2.2.16. ## Adding these branches to the pulplift environment We need the pulplift EL7 and EL8 environments to use these branches instead of the ones from PyPI. For example the CI job in pulp_installer for FIPS EL7 and EL8 fail due to Django not (3) being patched. least preferred. ## Where to go with a patch once its finalized? Two things should be done for each patch: 1. Contribute the patch to upstream. This will cause both PyPI and RPM packaged versions to be FIPS compatible. 2. Produce Contribute the patch to an RPM from a .patch file well known source, e.g. EPEL 3. Contribute the patch to be included in anyone's a not-well-known source, e.g. the Katello or Galaxy NG RPM and store it in the [pulp-packaging](https://github.com/pulp/pulp-packaging/) repo. repositories.