Description of problem: Import of MD-5 signed packages (i.e. RHEL-5 content) using spacewalk-repo-sync on a FIPS enabled Satellite produces following errors: # spacewalk-repo-sync -c test-channel-vt-01 Repo URL: http://whatever.com/directory/ Packages in repo: 59 Packages already synced: 0 Packages to sync: 59 1/59 : python-virtinst-0.400.3-13.el5-0.noarch error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips 2/59 : kmod-kvm-83-262.el5_9.4-0.x86_64 error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips 3/59 : virt-who-0.7-9.el5-0.noarch error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips The process completes successfully, nonetheless the packages are not imported into the associated channel. Version-Release number of selected component (if applicable): Satellite 5.6 How reproducible: Always Steps to Reproduce: 1. Install Satellite 5.6 on a FIPS enabled RHEL system 2. spacewalk-repo-sync of a yum repo containing MD-5 signed packages Actual results: Above results. Expected results: With FIPS enabled, either the import completes successfully, or the process informs the user that the import is not possible. Additional info: SHA-256 signed packages (RHEL-6 content) imports successfully.
Fixed in spacewalk.git master: a478498e201f94cff1b4bacd187cf33c8f61c7a8
Reverified with phonon-backend-gstreamer-4.6.2-28.el6_5.x86_64 >>> import hashlib; hashlib.md5() Traceback (most recent call last): File "<stdin>", line 1, in <module> ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips # /usr/bin/spacewalk-repo-sync --channel fedora-21-aarch64 --type yum Repo URL: http://fr2.rpmfind.net/linux/fedora-secondary/development/21/aarch64/os/ Packages in repo: 34088 Packages passed filter rules: 22 Packages already synced: 0 Packages to sync: 22 1/22 : kernel-tools-3.17.4-302.fc21-0.aarch64 ... 22/22 : redhat-rpm-config-26-1.fc21-0.noarch Linking packages to channel. Repo http://fr2.rpmfind.net/linux/fedora-secondary/development/21/aarch64/os/ has comps file a60f6bd88244e1b01551d2429d39380b28e7b771c8b60201689d78a88123df5b-comps-f21.xml.xz. Repo http://fr2.rpmfind.net/linux/fedora-secondary/development/21/aarch64/os/ has 0 errata. Sync completed.
With the release of Red Hat Satellite 5.7 on January 12th 2015 this bug is being moved to a Closed Current Release state. The Satellite 5.7 GA Errata: - https://rhn.redhat.com/errata/RHSA-2015-0033.html Satellite 5.7 Release Notes: - https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/html-single/Release_Notes/index.html Satellite Customer Portal Blog announcement for release: - https://access.redhat.com/blogs/1169563/posts/1315743 Cliff