Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Digest Mismatch error on Enterprise Linux installations when FIPS… #3194

Merged
merged 2 commits into from
Nov 18, 2024
Merged

Fix Digest Mismatch error on Enterprise Linux installations when FIPS… #3194

merged 2 commits into from
Nov 18, 2024

Conversation

jonathan-dove
Copy link
Contributor

Summary

Added fpm argument to the package.json file to change the hashing algorithm from md5 to sha256. This fixes an issue introduced in RHEL8+ and/or clones where if FIPS mode is enabled rpm digests must be hashed with at minimum sha256 to be allowed to be installed without bypassing security measures put in place by the FIPS standards.

Ticket Link

#3190

Checklist

Device Information

This PR was tested on: RHEL 8, RHEL 9, Rocky9, Rocky8

Release Note

Modified rpm-digest to utilize sha256 instead of md5 to all for rpm installation on FIPS mode enabled Enterprise Linux systems.

@mattermost-build
Copy link
Contributor

Hello @jonathan-dove,

Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here.

devinbinnie
devinbinnie approved these changes Nov 4, 2024
View reviewed changes
Copy link
Member

@devinbinnie devinbinnie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks @jonathan-dove!

@devinbinnie devinbinnie requested a review from toninis November 4, 2024 15:02
@devinbinnie devinbinnie added the 2: Dev Review Requires review by a core committer label Nov 4, 2024
@devinbinnie
Copy link
Member

@toninis Can you check to make sure this doesn't harm our RPM build process?

@toninis
Copy link
Contributor

toninis commented Nov 4, 2024

@devinbinnie I need to manually build a rpm package from this PR and test that so this needs to wait a bit .
Alternatively we can merge and check the nightly builds .
I might have capacity to test that locally on a box end of week if that's ok 😄

@devinbinnie
Copy link
Member

@devinbinnie I need to manually build a rpm package from this PR and test that so this needs to wait a bit . Alternatively we can merge and check the nightly builds . I might have capacity to test that locally on a box end of week if that's ok 😄

Yep we can test locally whenever you have time. Let's do that before we merge. If I can be of help let me know.

@mattermost-build
Copy link
Contributor

This PR has been automatically labelled "stale" because it hasn't had recent activity.
A core team member will check in on the status of the PR to help with questions.
Thank you for your contribution!

@devinbinnie
Copy link
Member

@toninis Any progress on locally testing this?

@toninis
Copy link
Contributor

toninis commented Nov 18, 2024

@devinbinnie I tested the rpm locally and installs . This change only affects the checksum . Once merged we will also check the nightly build repo

@toninis
Copy link
Contributor

toninis commented Nov 18, 2024

/update-branch

@devinbinnie
Copy link
Member

@toninis Feel free to approve if you think it's ready to merge.

@toninis toninis merged commit 21487e2 into mattermost:master Nov 18, 2024
10 checks passed
@amyblais amyblais added this to the v5.11.0 milestone Nov 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devinbinnie devinbinnie devinbinnie approved these changes

@toninis toninis toninis approved these changes

Assignees
No one assigned
Labels
2: Dev Review Requires review by a core committer Contributor Docs/Needed release-note
Projects
None yet
Milestone
v5.11.0
Development

Successfully merging this pull request may close these issues.
6 participants
@jonathan-dove @mattermost-build @devinbinnie @toninis @amyblais @mm-cloud-bot