Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9991

`puppet module uninstall` does not work on FIPS


    • Type: Task
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.9.0
    • Component/s: None
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      The `puppet module uninstall` command now works in FIPS mode provided the `--ignore_changes` or `--force` arguments are specified. If the arguments are not specified, then uninstall will fail, so that local changes to the module are not lost.
    • QA Risk Assessment:
      Needs Assessment


      Currently, the uninstall action is disabled on FIPS systems by this line because the default uninstall process relies on comparing MD5 hashes of the module that's being uninstalled.

      Josh Cooper had suggestions for how to enable this command on FIPS without running into MD5 issues. Namely, the suggestions are enabling the command so that a user can pass the force or ignore_changes options, which will bypass the MD5-related parts of the uninstall process, and updating the command so that when it is called on a FIPS system without either of those options, a message is emitted telling the user that changes will be ignored and then setting the @ignore_changes option itself.




            • Assignee:
              josh Josh Cooper
              barr.iserloth Barr Iserloth
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created:

                Zendesk Support