Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Digest Mismatch error on Enterprise Linux installations when FIPS mode enabled #3191

Closed
wants to merge 0 commits into from
Closed

Fix Digest Mismatch error on Enterprise Linux installations when FIPS mode enabled #3191

wants to merge 0 commits into from

Conversation

jonathan-dove
Copy link

Summary

Added fpm argument to the package.json file to change the hashing algorithm from md5 to sha256. This fixes an issue introduced in RHEL8+ and/or clones where if FIPS mode is enabled rpm digests must be hashed with at minimum sha256 to be allowed to be installed without bypassing security measures put in place by the FIPS standards.

Ticket Link

#3190

Checklist

Device Information

This PR was tested on: RHEL 8, RHEL 9, Rocky9, Rocky8

Release Note

Modified rpm-digest to utilize sha256 instead of md5 to all for rpm installation on FIPS mode enabled Enterprise Linux systems.

@mattermost-build
Copy link
Contributor

Hello @jonathan-dove,

Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here.

@devinbinnie
Copy link
Member

@jonathan-dove Thanks for the PR! So those changes actually need to go into electron-builder.json. There's already an fpm section there, so you can add the command line option there.

@devinbinnie devinbinnie self-requested a review November 4, 2024 14:00
@devinbinnie devinbinnie added the 2: Dev Review Requires review by a core committer label Nov 4, 2024
@jonathan-dove
Copy link
Author

jonathan-dove commented Nov 4, 2024
edited
Loading

@jonathan-dove Thanks for the PR! So those changes actually need to go into electron-builder.json. There's already an fpm section there, so you can add the command line option there.

Fantastic. I will move this there. Thanks!
@devinbinnie Should this be a seperate pull request or should I just add a commit to this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devinbinnie devinbinnie Awaiting requested review from devinbinnie

@toninis toninis Awaiting requested review from toninis

Assignees
No one assigned
Labels
2: Dev Review Requires review by a core committer Contributor release-note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jonathan-dove @mattermost-build @devinbinnie @mm-cloud-bot