[wal-e] Problem with wal-e on FIPS enabled linux

Fri, 07 Aug 2020 09:53:40 -0700 

Hello wal-e devs,
    I'm having an issue with wal-e archiving to S3 on a FIPS enabled linux server. Apparently FIPS does not support the MD5 hashing algorithm so archiving with FIPS enabled fails: 


File 
"/opt/wal-e-venv/lib64/python3.6/site-packages/wal_e/worker/worker_util.py", 
line 40, in do_lzop_pu


k = blobstore.uri_put_file(creds, url, tf)


File 
"/opt/wal-e-venv/lib64/python3.6/site-packages/wal_e/blobstore/s3/s3_util.py", 
line 57, in uri_put_file


k.set_contents_from_file(fp, encrypt_key=True)


File "/opt/wal-e-venv/lib64/python3.6/site-packages/boto/s3/key.py", 
line 1285, in set_contents_from_file


md5 = self.compute_md5(fp, size)


File "/opt/wal-e-venv/lib64/python3.6/site-packages/boto/s3/key.py", 
line 1036, in compute_md5


hex_digest, b64_digest, data_size = compute_md5(fp, size=size)


File "/opt/wal-e-venv/lib64/python3.6/site-packages/boto/utils.py", line 
1000, in compute_md5


return compute_hash(fp, buf_size, size, hash_algorithm=md5)


File "/opt/wal-e-venv/lib64/python3.6/site-packages/boto/utils.py", line 
1004, in compute_hash


hash_obj = hash_algorithm()


*ValueError: error:060800A3:digital envelope 
routines:EVP_DigestInit_ex:disabled for fips*



2020-07-07T20:26:20Z <Greenlet at 0x7f24a90cd148: 
<wal_e.worker.upload.WalUploader object at 
0x7f24a9125cc0>(<wal_e.worker.pg.wal_transfer.WalSegment object at)> 
failed with ValueError



I've read that the S3 tags uses MD5 and other software has worked around 
it by using the 'overwrite' option which disables the MD5 check 
(https://github.com/ansible/ansible/issues/52188).



Does anyone know if there a workaround or option to disable the use of 
the S3 tags in wal-e?


Has wal-g solved this issue? Is wal-g FIPS compliant?

Thanks,
Hans

--
Hans Hrasna
Principal Architect
EnterpriseDB Corporation
The Enterprise PostgreSQL Company



--
You received this message because you are subscribed to the Google Groups 
"wal-e" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/wal-e/dfb2e48d-b34a-9bc8-4c17-30bd9e84d443%40enterprisedb.com.














    











					Reply via email to