Not sure if this is the correct place to post but I figured this to be a better option than the user group.
Would it be possible to build the Red Hat packages with a FIPS compliant hash when building RPMs for a RHEL 6 environment (that will also be FIPS compliant by default), you must build the RPM with the appropriate digest algorithm and if desired, sign it with a FIPS compliant key. Building a FIPS compliant RPM would require updating the .rpmmacros file or passing a command line argument to the rpmbuild command as follows: $ rpmbuild -ba --define "_source_filedigest_algorithm 8" --define "_binary_filedigest_algorithm 8" /home/rpmbuild/rpmbuild/SPECS/package.spec The values associated with the _source_filedigest_algorithm and _binary_filedigest_algorithm options comes from the following list, which by default is set to 1 (MD5): # If not specified or 0, MD5 is used. # 1 MD5 (default) # 2 SHA1 # 8 SHA256 # 9 SHA384 # 10 SHA512 # #%_source_filedigest_algorithm 1 #%_binary_filedigest_algorithm 1 OR To configure you .rpmmacros file to do this automatically without passing the options to the rpmbuild command, you can set the following lines to at least SHA256, as follows: %_source_filedigest_algorithm 8 %_binary_filedigest_algorithm 8 Let me know if you have any questions. Regards, Ifeanyi Ezeh -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
