Skip to content
This repository has been archived by the owner on Jan 27, 2023. It is now read-only.

Updates for running engine on fips-enabled hosts #1193

Merged
merged 3 commits into from
Aug 28, 2021
Merged

Conversation

zhill
Copy link
Member

@zhill zhill commented Aug 27, 2021

Resolves #882

Fixes md5 usage (non-crypto related) to be explicit that it is not used for security.

Updates Dockerfile (from @nurmi 's branch) to install skopeo and psycopg from CentOS sources that are compiled for FIPs compliance.

Updates all indexes created by SQLAlchemy to have explicit names that do not require SQLAlchemy's truncation mechanism for names, which uses md5 hashes.

zhill and others added 3 commits August 27, 2021 14:16

Verified

This commit was signed with the committer’s verified signature.
* Adds usedforsecurity=false for all hashlib invocations for fips support
* Switch from hashlib.md5 to hashlib.new("md5",...) for MacOS and linux support of usedforsecurity=False option
* Switch to use psycopg2 instead of psycopg2-binary for FIPs compatibility

MacOS users will need to install postgres and openssl (brew install postgres openssl) and
setup LIBRARY_PATH and DYLD_LIBRARY_PATH to point to the openssl lib dir
in order for the install of psycopg2 to work from source instead of
using psycopg2-binary.

Signed-off-by: Zach Hill <[email protected]>
updates.

* Reformat files updated in dev/nurmi/fipsbase with black to pass linter
* Update requirements-test.txt to include psycopg so test virtualenvs
  have it since it is now installed via rpm in Dockerfile
* Fixes missing reference to Index class

Signed-off-by: Zach Hill <[email protected]>
@zhill zhill merged commit 86935fa into v0.10.2-dev Aug 28, 2021
@zhill zhill deleted the issue-882 branch September 4, 2021 04:35
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants