Update oscap-anaconda-addon for RHEL 9.6
Resolves: RHEL-40367
This commit is contained in:
Evgeny Kolesnikov
parent
fe02c2fd31
commit
27123da35e
83
oscap-anaconda-addon-2.0.1-fix_fips_hashes_PR_255.patch
Normal file
83
oscap-anaconda-addon-2.0.1-fix_fips_hashes_PR_255.patch
Normal file
@ -0,0 +1,83 @@
|
|||||||
|
From fa02df9da7ce26dcd8051df541bf6d1da52dd849 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Evgeny Kolesnikov <ekolesni@redhat.com>
|
||||||
|
Date: Fri, 4 Oct 2024 14:15:13 +0200
|
||||||
|
Subject: [PATCH] Do not assume availability of hashing algorithms in hashlib
|
||||||
|
|
||||||
|
Particular offender at this moment is 'md5', which is not available
|
||||||
|
in FIPS build of Python.
|
||||||
|
---
|
||||||
|
org_fedora_oscap/utils.py | 5 +++--
|
||||||
|
tests/test_utils.py | 38 ++++++++++++++++++++++++++++++++------
|
||||||
|
2 files changed, 35 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/org_fedora_oscap/utils.py b/org_fedora_oscap/utils.py
|
||||||
|
index 3be83254..26fe40df 100644
|
||||||
|
--- a/org_fedora_oscap/utils.py
|
||||||
|
+++ b/org_fedora_oscap/utils.py
|
||||||
|
@@ -146,8 +146,9 @@ def get_hashing_algorithm(fingerprint):
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
- hashes = (hashlib.md5(), hashlib.sha1(), hashlib.sha224(),
|
||||||
|
- hashlib.sha256(), hashlib.sha384(), hashlib.sha512())
|
||||||
|
+ expected_hash_ids = {'md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512'}
|
||||||
|
+ available_hash_ids = expected_hash_ids.intersection(hashlib.algorithms_available)
|
||||||
|
+ hashes = (hashlib.new(hash_id) for hash_id in available_hash_ids)
|
||||||
|
|
||||||
|
if len(fingerprint) % 2 == 1:
|
||||||
|
return None
|
||||||
|
diff --git a/tests/test_utils.py b/tests/test_utils.py
|
||||||
|
index c2d663f6..7fe3332e 100644
|
||||||
|
--- a/tests/test_utils.py
|
||||||
|
+++ b/tests/test_utils.py
|
||||||
|
@@ -27,6 +27,9 @@
|
||||||
|
|
||||||
|
from org_fedora_oscap import utils
|
||||||
|
|
||||||
|
+import hashlib
|
||||||
|
+import warnings
|
||||||
|
+
|
||||||
|
|
||||||
|
@pytest.fixture()
|
||||||
|
def mock_os():
|
||||||
|
@@ -146,11 +149,34 @@ def test_gen():
|
||||||
|
|
||||||
|
|
||||||
|
def test_hash():
|
||||||
|
- file_hash = '87fcda7d9e7a22412e95779e2f8e70f929106c7b27a94f5f8510553ebf4624a6'
|
||||||
|
- hash_obj = utils.get_hashing_algorithm(file_hash)
|
||||||
|
- assert hash_obj.name == "sha256"
|
||||||
|
+ file_hashes = {
|
||||||
|
+ 'md5': 'ea38136ca349e139c59f09e09d2aa956',
|
||||||
|
+ 'sha1': 'f905458483be8ac21002ab2c6409d3a10b3813f1',
|
||||||
|
+ 'sha224': '2b1e795db6b7397f47a270fbb5059e76b94a8c972240b17c45db1f13',
|
||||||
|
+ 'sha256': '87fcda7d9e7a22412e95779e2f8e70f929106c7b27a94f5f8510553ebf4624a6',
|
||||||
|
+ 'sha384': 'b3ffdfad2bf33caf6e44a8b34386ad741bb80fb02306d3889b8a5645cde31e9d'
|
||||||
|
+ '31ec44e0b0e6ce84d83a57339b75b9bf',
|
||||||
|
+ 'sha512': '7b05940e8d69e804a90f5110d22ad3a1cd03adc5bf4d0a4779790c78118b3c61'
|
||||||
|
+ 'b7f3a3cd39fcf2902ec92ac80df71b952a7aeb2d53c16f0e77436eeb91e33e1d'
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ for hash_id, file_hash in file_hashes.items():
|
||||||
|
+ if hash_id not in hashlib.algorithms_available:
|
||||||
|
+ warnings.warn(RuntimeWarning('Expected hash algorithm \'%s\' is not '
|
||||||
|
+ 'available in this build of Python' % hash_id))
|
||||||
|
+ continue
|
||||||
|
+
|
||||||
|
+ hash_obj = utils.get_hashing_algorithm(file_hash)
|
||||||
|
+ assert hash_obj.name == hash_id
|
||||||
|
|
||||||
|
- filepath = os.path.join(os.path.dirname(__file__), 'data', 'file')
|
||||||
|
- computed_hash = utils.get_file_fingerprint(filepath, hash_obj)
|
||||||
|
+ filepath = os.path.join(os.path.dirname(__file__), 'data', 'file')
|
||||||
|
+ computed_hash = utils.get_file_fingerprint(filepath, hash_obj)
|
||||||
|
|
||||||
|
- assert file_hash == computed_hash
|
||||||
|
+ assert file_hash == computed_hash
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+def test_hash_unknown():
|
||||||
|
+ file_hash = 'XXXX'
|
||||||
|
+
|
||||||
|
+ hash_obj = utils.get_hashing_algorithm(file_hash)
|
||||||
|
+ assert hash_obj is None
|
||||||
@ -10,7 +10,7 @@
|
|||||||
|
|
||||||
Name: oscap-anaconda-addon
|
Name: oscap-anaconda-addon
|
||||||
Version: 2.0.0
|
Version: 2.0.0
|
||||||
Release: 17%{?dist}
|
Release: 18%{?dist}
|
||||||
Summary: Anaconda addon integrating OpenSCAP to the installation process
|
Summary: Anaconda addon integrating OpenSCAP to the installation process
|
||||||
|
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
@ -36,6 +36,7 @@ Patch13: oscap-anaconda-addon-2.1.0-content_paths-PR_227.patch
|
|||||||
Patch14: oscap-anaconda-addon-null-http_only_uri-PR_233.patch
|
Patch14: oscap-anaconda-addon-null-http_only_uri-PR_233.patch
|
||||||
Patch15: oscap-anaconda-addon-2.0.1-tar-extraction-PR_250.patch
|
Patch15: oscap-anaconda-addon-2.0.1-tar-extraction-PR_250.patch
|
||||||
Patch16: oscap-anaconda-addon-2.0.1-package-groups-PR_248.patch
|
Patch16: oscap-anaconda-addon-2.0.1-package-groups-PR_248.patch
|
||||||
|
Patch17: oscap-anaconda-addon-2.0.1-fix_fips_hashes_PR_255.patch
|
||||||
|
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
@ -75,6 +76,9 @@ make install DESTDIR=%{buildroot}
|
|||||||
%doc COPYING ChangeLog README.md
|
%doc COPYING ChangeLog README.md
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Oct 14 2024 Evgenii Kolesnikov <ekolesni@redhat.com> - 2.0.0-18
|
||||||
|
- Fix checksums in FIPS mode (RHEL-40367)
|
||||||
|
|
||||||
* Wed Jul 19 2023 Jan Černý <jcerny@redhat.com> - 2.0.0-17
|
* Wed Jul 19 2023 Jan Černý <jcerny@redhat.com> - 2.0.0-17
|
||||||
- Update translations (rhbz#2189526)
|
- Update translations (rhbz#2189526)
|
||||||
- Fix tar file extraction (rhbz#2218875)
|
- Fix tar file extraction (rhbz#2218875)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user