Bug 1238769
Summary: | Satellite 5.6: Upgrading past rhncfg-5.10.55-8 breaks rhncfg-client with FIPS enabled | ||
---|---|---|---|
Product: | Red Hat Satellite 5 | Reporter: | Michael Hood <mihood> |
Component: | Client | Assignee: | Tomáš Kašpárek <tkasparek> |
Status: | CLOSED ERRATA | QA Contact: | Red Hat Satellite QA List <satqe-list> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 560 | CC: | dyordano, jdobes, pstudeni |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | rhncfg-5.10.74-9 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-12-10 13:22:24 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 924189 |
Description
Michael Hood
2015-07-02 14:58:58 UTC
The problem was caused by using md5 algorithm without saying system that it's not used for security purposes as getting md5 hash of the file is not by any mean security issue. This is fixed in following commit: spacewalk.git(master): 189973baa6381a479208a5ca5f11de5470866b7d Reproducer with rhncfg-5.10.74-8.el7sat.noarch
1 ) register system in FIPS mode to satellite 5.6
>> rhncfg-client verify
Using server name smqa-x3550m3-02.lab.eng.brq.redhat.com
Traceback (most recent call last):
File "/usr/bin/rhncfg-client", line 38, in <module>
sys.exit(Main().main() or 0)
File "/usr/share/rhn/config_common/rhn_main.py", line 207, in main
handler.run()
File "/usr/share/rhn/config_client/rhncfgcli_verify.py", line 73, in run
(src, file_info, dirs_created) = self.repository.get_file_info(file)
File "/usr/share/rhn/config_client/rpc_cli_repository.py", line 91, in get_file_info
temp_file, dirs_created = f.process(result, directory=dest_directory)
File "/usr/share/rhn/config_common/file_utils.py", line 85, in process
file_struct['checksum_type'], contents):
File "/usr/share/rhn/config_common/utils.py", line 171, in getContentChecksum
engine = hashlib.new(checksum_type)
File "/usr/lib64/python2.7/hashlib.py", line 105, in __hash_new
return _hashlib.new(name, string, usedforsecurity)
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips
Verified with rhncfg-client-5.10.74-10.el6sat.noarch rhncfg-client-5.10.74-10.el7sat.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2614.html |