Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

RPM packages fail to install when FIPS Enabled

Description

During a customer installation we observed the following behavior when starting the initial installation of the Meridian 2022.1.5 packages: 

 

We found that this error came up because FIPS was enabled in the customer environment. We were able to use the following command to see if FIPS was enabled:

 

 

We were able to use the following command to disable FIPS: 

 

After disabling FIPS, we were able to download and instal the JICMP/JICMP6 packages without any issues. We were also able to bypass the issue by downloading the JICMP/JICMP6 packages locally and installing them with the following command: 

 

 

 

Environment

RHEL 8 VM

Acceptance / Success Criteria

None

Lucidchart Diagrams

Activity

Show:

Benjamin Reed December 13, 2022 at 5:43 PM

pushed fixed packages to meridian 2020/2021/2022 repos as well; re-marking as resolved

Jeff Gehlbach December 13, 2022 at 4:30 PM

Reopening so that can resolve once the updated RPMs have been synced out to all the live Meridians.

Benjamin Reed December 5, 2022 at 8:19 PM

Fixed by building new RPM packages with the proper signatures attached for JICMP and JICMP6. I paired with to show him how manual (re)builds happen for these types of one-off packages. The updated packages are live and in repos.

Jeff Gehlbach August 10, 2022 at 2:13 PM

Let's spawn a research issue from this one to investigate normalizing the digest algorithms used in our RPM headers.

Dino Yancey August 9, 2022 at 2:15 AM

This appears to be because the jicmp packages do not offer header and payload digests using sha256: (which would make sense as these are el7 packages)

Versus the Meridian core package:

Fixed

Details

Assignee

Reporter

Labels

HB Grooming Date

HB Backlog Status

Story Points

Components

Sprint

Fix versions

Affects versions

Priority

Parent

PagerDuty

Created August 8, 2022 at 8:13 PM
Updated December 13, 2022 at 5:43 PM
Resolved December 13, 2022 at 5:43 PM