Jira (PUP-8141) Replace hardcoded use of md5 for FIPS compliance
Title: Message Title Josh Cooper updated an issue Puppet / PUP-8141 Replace hardcoded use of md5 for FIPS compliance Change By: Josh Cooper Release Notes Summary: When puppet is running on a FIPS enabled platform, it will modify its default digest_algorithm and supported_checksum_types settings to exclude MD5, as that is not a FIPS compliant algorithm. By default puppet will use SHA256 when managing file resources, including filebucketing. It will also affect the values returned by the `fqdn_rand` function. Some puppet module tool actions, e.g. install, are unsupported when FIPS is enabled due module tools reliance on MD5. Release Notes: New Feature Add Comment This message was sent by Atlassian JIRA (v7.5.1#75006-sha1:7df2574) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group
Jira (PUP-8141) Replace hardcoded use of md5 for FIPS compliance
Title: Message Title Kenn Hussey commented on PUP-8141 Re: Replace hardcoded use of md5 for FIPS compliance Jayant Sane please add release notes for this issue, if needed. Thanks! Add Comment This message was sent by Atlassian JIRA (v7.5.1#75006-sha1:7df2574) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8141) Replace hardcoded use of md5 for FIPS compliance
Title: Message Title Jayant Sane updated an issue Puppet / PUP-8141 Replace hardcoded use of md5 for FIPS compliance Change By: Jayant Sane QA Risk Assessment: Needs Assessment No Action Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8141) Replace hardcoded use of md5 for FIPS compliance
Title: Message Title Josh Cooper updated an issue Puppet / PUP-8141 Replace hardcoded use of md5 for FIPS compliance Change By: Josh Cooper Team: Security Platform Core Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8141) Replace hardcoded use of md5 for FIPS compliance
Title: Message Title Josh Cooper commented on PUP-8141 Re: Replace hardcoded use of md5 for FIPS compliance Moving to Platform Core team for visibility Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8141) Replace hardcoded use of md5 for FIPS compliance
Title: Message Title Josh Cooper commented on PUP-8141 Re: Replace hardcoded use of md5 for FIPS compliance Merged to master in https://github.com/puppetlabs/puppet/commit/b7c7b08413a69fb3d6b8000e4c74ea00270dc26f Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8141) Replace hardcoded use of md5 for FIPS compliance
Title: Message Title Jayant Sane commented on PUP-8141 Re: Replace hardcoded use of md5 for FIPS compliance Submitted PR: https://github.com/puppetlabs/puppet/pull/6445 Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8141) Replace hardcoded use of md5 for FIPS compliance
Title: Message Title Jayant Sane updated an issue Puppet / PUP-8141 Replace hardcoded use of md5 for FIPS compliance Change By: Jayant Sane Acceptance Criteria: All puppet flows, except any module flows, should work in a mixed environment:Current puppet agents (not running in FIPS) w/ and without FIPS agents. Specifically: - Master's global digest_algorithm can be default md5- FIPS versions of agents should be provisioned using file resource with different source attributes of http, puppet and from within a module. - If possible case of upgrading existing agent to FIPS version Add Comment This message was sent by Atlassian JIRA (v7.0.2#70111-sha1:88534db) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-8141) Replace hardcoded use of md5 for FIPS compliance
Title: Message Title Jayant Sane created an issue Puppet / PUP-8141 Replace hardcoded use of md5 for FIPS compliance Issue Type: Task Assignee: Jayant Sane Created: 2017/11/09 11:47 AM Priority: Normal Reporter: Jayant Sane There are a couple of instances where MD5 is being hard coded in puppet. FIPS compliant versions of agents need to use one of the FIPS approved algorithms instead. Following places need to be changed: 1. Agents processing file resources specifying http as their source need to be able to accept checksums computed using hash alg other than md5. 2. fqdn_rand 3. Files synched to agents via the plugin-sync mechanism are checksummed using md5. That needs to be overridden to use a FIPS approved alg. Add Comment This message was sent by Atlassian JIRA (