[PUP-10859] Red Hat and CentOS 8.3 cannot install RPMs in FIPS mode - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: PUP 6.18.0, PUP 7.1.0, PUP 6.19.1
Fix Version/s: PUP 7.6.0
Component/s: None
Labels:
- community
- os

Master OS:
Other
Epic Link:
Add RedHat 8 FIPS x86_64 FOSS support
Team:
Release Engineering
Method Found:
Needs Assessment

QA Risk Assessment:
Needs Assessment

Description

Puppet Version: All
Puppet Server Version: All
OS Name/Version: CentOS and RHEL 8.3+ in FIPS mode

CentOS and RHEL 8.3+, when running in FIPS mode, require SHA-256 signatures on both repository metadata and RPMs.

StarLab has a good summary of the issue and I can confirm that resigning the RPMs using a CentOS 8.3+ base container/image will allow for correct installation.

Desired Behavior: Ability to install puppet RPMs on an EL8 system in FIPS mode.

Actual Behavior: RPMs fail to install.

Docs: An example of the failure can be found in the pupmod-simp-pupmod beaker tests.

How To Test:

fips-mode-setup --enable

reboot

fips-mode-setup --check (should say enabled)

dnf -y install  https://yum.puppet.com/puppet-release-el-8.noarch.rpm

dnf -y install puppetserver

Attachments

Issue Links

relates to

PA-3766 Add RedHat 8 FIPS x86_64 FOSS support

Closed

CPR-786 The puppetserver RPM packages are not correctly signed for EL8

Resolved

Activity

People

Assignee:: Morgan Rhodes

Reporter:: Trevor Vaughan

Votes:: 1 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 2021/01/23 10:33 AM

Updated:: 2022/02/20 1:02 PM

Resolved:: 2022/02/20 1:02 PM