MSVSphere Packaging Team
1 year ago
parent
f0ab861bca
commit
c8dee36161
@ -1 +1 @@
|
||||
SOURCES/libstoragemgmt-1.9.5.tar.gz
|
||||
SOURCES/libstoragemgmt-1.9.7.tar.gz
|
||||
|
||||
@ -1 +1 @@
|
||||
43714185f0cda2f18de370e62e1d959efea691a5 SOURCES/libstoragemgmt-1.9.5.tar.gz
|
||||
d1d300522b73f1db12763100d0bc0abcd01af5e4 SOURCES/libstoragemgmt-1.9.7.tar.gz
|
||||
|
||||
@ -0,0 +1,63 @@
|
||||
From bbb13a7970c4d82d2e7bace5e96056ef469eb7b3 Mon Sep 17 00:00:00 2001
|
||||
From: Tony Asleson <tasleson@redhat.com>
|
||||
Date: Fri, 14 Apr 2023 10:43:27 -0500
|
||||
Subject: [PATCH] Correction for fips error
|
||||
|
||||
When running on a fips enabled system we encounter the following
|
||||
error:
|
||||
|
||||
PLUGIN_BUG(2): [digital envelope routines] unsupported Data: Traceback (most recent call last):
|
||||
...
|
||||
File "/usr/lib64/python3.9/site-packages/lsm/_common.py", line 348, in md5
|
||||
h = hashlib.md5()
|
||||
ValueError: [digital envelope routines] unsupported
|
||||
|
||||
Utilize the usedforsecurity=False parameter to md5 to indicate that our
|
||||
use is not for security related purposes.
|
||||
|
||||
Signed-off-by: Tony Asleson <tasleson@redhat.com>
|
||||
---
|
||||
plugin/nfs_plugin/nfs.py | 8 +++++++-
|
||||
python_binding/lsm/_common.py | 7 ++++++-
|
||||
2 files changed, 13 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/plugin/nfs_plugin/nfs.py b/plugin/nfs_plugin/nfs.py
|
||||
index 8a87652..11ce3c2 100644
|
||||
--- a/plugin/nfs_plugin/nfs.py
|
||||
+++ b/plugin/nfs_plugin/nfs.py
|
||||
@@ -55,7 +55,13 @@ def _export_id(path, auth_type, anon_uid, anon_gid, options):
|
||||
if auth_type is None:
|
||||
auth_type = 'sec'
|
||||
|
||||
- hsh = hashlib.md5()
|
||||
+ try:
|
||||
+ # The use of md5 is not used for security, indicate
|
||||
+ # this to hashlib so that we can run when fips is enabled
|
||||
+ hsh = hashlib.md5(usedforsecurity=False)
|
||||
+ except Exception:
|
||||
+ hsh = hashlib.md5()
|
||||
+
|
||||
hsh.update(path.encode('utf-8'))
|
||||
hsh.update(auth_type.encode('utf-8'))
|
||||
if anon_uid is not None and anon_uid != NfsExport.ANON_UID_GID_NA:
|
||||
diff --git a/python_binding/lsm/_common.py b/python_binding/lsm/_common.py
|
||||
index 1220381..163f726 100644
|
||||
--- a/python_binding/lsm/_common.py
|
||||
+++ b/python_binding/lsm/_common.py
|
||||
@@ -345,7 +345,12 @@ def uri_parameters(uri):
|
||||
# @param t Item to generate signature on.
|
||||
# @returns md5 hex digest.
|
||||
def md5(t):
|
||||
- h = hashlib.md5()
|
||||
+ try:
|
||||
+ # The use of md5 is not used for security, indicate
|
||||
+ # this to hashlib so that we can run when fips is enabled
|
||||
+ h = hashlib.md5(usedforsecurity=False)
|
||||
+ except Exception:
|
||||
+ h = hashlib.md5()
|
||||
h.update(t.encode("utf-8"))
|
||||
return h.hexdigest()
|
||||
|
||||
--
|
||||
2.39.2
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
diff --git a/packaging/daemon/libstoragemgmt.conf b/packaging/daemon/libstoragemgmt.conf
|
||||
index 1c118a9..cdb43c2 100644
|
||||
--- a/packaging/daemon/libstoragemgmt.conf
|
||||
+++ b/packaging/daemon/libstoragemgmt.conf
|
||||
@@ -1,2 +1,2 @@
|
||||
-D /var/run/lsm 0775 root libstoragemgmt -
|
||||
-D /var/run/lsm/ipc 0775 root libstoragemgmt -
|
||||
+D /run/lsm 0775 root libstoragemgmt -
|
||||
+D /run/lsm/ipc 0775 root libstoragemgmt -
|
||||
Loading…
Reference in new issue