Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9991

`puppet module uninstall` does not work on FIPS

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.9.0
    • Component/s: None
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      The `puppet module uninstall` command now works in FIPS mode provided the `--ignore_changes` or `--force` arguments are specified. If the arguments are not specified, then uninstall will fail, so that local changes to the module are not lost.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Currently, the uninstall action is disabled on FIPS systems by this line because the default uninstall process relies on comparing MD5 hashes of the module that's being uninstalled.

      Josh Cooper had suggestions for how to enable this command on FIPS without running into MD5 issues. Namely, the suggestions are enabling the command so that a user can pass the force or ignore_changes options, which will bypass the MD5-related parts of the uninstall process, and updating the command so that when it is called on a FIPS system without either of those options, a message is emitted telling the user that changes will be ignored and then setting the @ignore_changes option itself.

        Attachments

          Activity

            People

            • Assignee:
              josh Josh Cooper
              Reporter:
              barr.iserloth Barr Iserloth
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support