RPM packages fail to install when FIPS Enabled
Description
Environment
RHEL 8 VM
Acceptance / Success Criteria
None
Lucidchart Diagrams
Activity
Show:
Benjamin Reed December 13, 2022 at 5:43 PM
pushed fixed packages to meridian 2020/2021/2022 repos as well; re-marking as resolved
Jeff Gehlbach December 13, 2022 at 4:30 PM
Reopening so that can resolve once the updated RPMs have been synced out to all the live Meridians.
Benjamin Reed December 5, 2022 at 8:19 PM
Fixed by building new RPM packages with the proper signatures attached for JICMP and JICMP6. I paired with to show him how manual (re)builds happen for these types of one-off packages. The updated packages are live and in repos.
Jeff Gehlbach August 10, 2022 at 2:13 PM
Let's spawn a research issue from this one to investigate normalizing the digest algorithms used in our RPM headers.
Dino Yancey August 9, 2022 at 2:15 AM
This appears to be because the jicmp packages do not offer header and payload digests using sha256: (which would make sense as these are el7 packages)
Versus the Meridian core package:
Fixed
Details
Assignee
Benjamin ReedBenjamin ReedReporter
Sergio GarciaSergio GarciaHB Grooming Date
Aug 10, 2022HB Backlog Status
BacklogStory Points
4Components
Sprint
NoneAffects versions
Priority
Minor
Details
Details
Assignee
Benjamin ReedReporter
Sergio GarciaHB Grooming Date
Aug 10, 2022
HB Backlog Status
Backlog
Story Points
4
Components
Sprint
None
Affects versions
Priority
Minor
PagerDuty
PagerDuty Incident
PagerDuty
PagerDuty Incident
PagerDuty
PagerDuty Incident
Created August 8, 2022 at 8:13 PM
Updated December 13, 2022 at 5:43 PM
Resolved December 13, 2022 at 5:43 PM
During a customer installation we observed the following behavior when starting the initial installation of the Meridian 2022.1.5 packages:
We found that this error came up because FIPS was enabled in the customer environment. We were able to use the following command to see if FIPS was enabled:
We were able to use the following command to disable FIPS:
After disabling FIPS, we were able to download and instal the JICMP/JICMP6 packages without any issues. We were also able to bypass the issue by downloading the JICMP/JICMP6 packages locally and installing them with the following command: