Bug 1022078 - spacewalk-repo-sync of MD-5 signed packages on a FIPS enabled Satellite produces errors
spacewalk-repo-sync of MD-5 signed packages on a FIPS enabled Satellite produ...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Server (Show other bugs)
560
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Milan Zazrivec
Jan Hutař
:
Depends On:
Blocks: 843620
  Show dependency treegraph
 
Reported: 2013-10-22 11:35 EDT by Milan Zazrivec
Modified: 2015-01-13 05:44 EST (History)
5 users (show)

See Also:
Fixed In Version: spacewalk-backend-2.2.13-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-01-13 05:44:51 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Milan Zazrivec 2013-10-22 11:35:15 EDT
Description of problem:
Import of MD-5 signed packages (i.e. RHEL-5 content) using spacewalk-repo-sync
on a FIPS enabled Satellite produces following errors:

# spacewalk-repo-sync -c test-channel-vt-01
Repo URL: http://whatever.com/directory/
Packages in repo:                59
Packages already synced:          0
Packages to sync:                59
1/59 : python-virtinst-0.400.3-13.el5-0.noarch
error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips
2/59 : kmod-kvm-83-262.el5_9.4-0.x86_64
error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips
3/59 : virt-who-0.7-9.el5-0.noarch
error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips

The process completes successfully, nonetheless the packages are not imported
into the associated channel.


Version-Release number of selected component (if applicable):
Satellite 5.6

How reproducible:
Always

Steps to Reproduce:
1. Install Satellite 5.6 on a FIPS enabled RHEL system
2. spacewalk-repo-sync of a yum repo containing MD-5 signed packages

Actual results:
Above results.

Expected results:
With FIPS enabled, either the import completes successfully, or the process
informs the user that the import is not possible.

Additional info:
SHA-256 signed packages (RHEL-6 content) imports successfully.
Comment 1 Milan Zazrivec 2014-04-01 10:58:47 EDT
Fixed in spacewalk.git master: a478498e201f94cff1b4bacd187cf33c8f61c7a8
Comment 4 Pavel Studeník 2015-01-13 05:33:51 EST
Reverified  with phonon-backend-gstreamer-4.6.2-28.el6_5.x86_64

>>> import hashlib; hashlib.md5()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips

# /usr/bin/spacewalk-repo-sync --channel fedora-21-aarch64 --type yum
Repo URL: http://fr2.rpmfind.net/linux/fedora-secondary/development/21/aarch64/os/
Packages in repo:             34088
Packages passed filter rules:    22
Packages already synced:          0
Packages to sync:                22
1/22 : kernel-tools-3.17.4-302.fc21-0.aarch64
...
22/22 : redhat-rpm-config-26-1.fc21-0.noarch
Linking packages to channel.
Repo http://fr2.rpmfind.net/linux/fedora-secondary/development/21/aarch64/os/ has comps file a60f6bd88244e1b01551d2429d39380b28e7b771c8b60201689d78a88123df5b-comps-f21.xml.xz.
Repo http://fr2.rpmfind.net/linux/fedora-secondary/development/21/aarch64/os/ has 0 errata.
Sync completed.
Comment 5 Clifford Perry 2015-01-13 05:44:51 EST
With the release of Red Hat Satellite 5.7 on January 12th 2015 this bug is
being moved to a Closed Current Release state. 

The Satellite 5.7 GA Errata:
 - https://rhn.redhat.com/errata/RHSA-2015-0033.html 

Satellite 5.7 Release Notes:
 -
https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/html-single/Release_Notes/index.html

Satellite Customer Portal Blog announcement for release:
 - https://access.redhat.com/blogs/1169563/posts/1315743 

Cliff

Note You need to log in before you can comment on or make changes to this bug.