Hi Mark,
Looks like signatures are there for SHA256, but the Payload SHA256 digest is
still missing which is still halting installation:
rpm --checksig -v perl-Net-HTTPS-NB-0.14-2.noarch.rpm
perl-Net-HTTPS-NB-0.14-2.noarch.rpm:
Header V3 RSA/SHA256 Signature, key ID ca548a47: OK
Header SHA1 digest: OK
Payload SHA256 digest: NOTFOUND
V3 RSA/SHA256 Signature, key ID ca548a47: OK
MD5 digest: NOTFOUND
Error: Transaction test error:
package perl-Net-HTTPS-NB-0.14-2.noarch does not verify: no digest
Thanks,
Scott Groel
Clemson University
Executive Director – Research Computing and Data Infrastructure
Email: sgr...@clemson.edu<mailto:sgr...@clemson.edu>
Phone: (864) 656-9235
From: Mark Gurevich via xCAT-user <xcat-user@lists.sourceforge.net>
Sent: Tuesday, July 25, 2023 5:22 PM
To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
Cc: Mark Gurevich <gurev...@us.ibm.com>
Subject: Re: [xcat-user] Installing with FIPS Mode Enabled
Try taking xcat-dep rpms from https: //www. xcat.
org/files/xcat/repos/yum/devel/xcat-dep/rh9/ Those were rebuild last December
with SHA256 signatures. From: Scott W Groel <sgroel@ clemson. edu> Sent:
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
Use caution when opening links or attachments if you do not recognize the
sender.
ZjQcmQRYFpfptBannerEnd
Try taking xcat-dep rpms from
https://www.xcat.org/files/xcat/repos/yum/devel/xcat-dep/rh9/<https://urldefense.com/v3/__https:/www.xcat.org/files/xcat/repos/yum/devel/xcat-dep/rh9/__;!!PTd7Sdtyuw!TUKHEUDfIhHEE-It7MyNvUrJmb_C3NAbZUc1uAxg5A0gAYqyRSupSLyuTROb_x_I9IC9eXnQna7ujCKTlCDfYeitPlC_$>
Those were rebuild last December with SHA256 signatures.
From: Scott W Groel <sgr...@clemson.edu<mailto:sgr...@clemson.edu>>
Sent: Tuesday, July 25, 2023 3:32 PM
To: xcat-user@lists.sourceforge.net<mailto:xcat-user@lists.sourceforge.net>
Subject: [EXTERNAL] [xcat-user] Installing with FIPS Mode Enabled
Running into a bit of an issue installing xcat on a machine with FIPS mode
enabled. I am seeing some issues with signing on RPMs in the XCAT repos. These
look to be the affected packages: Error: Transaction test error: package
perl-Net-HTTPS-NB-0. 14-2. noarch
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
Report Suspicious
<https://us-phishalarm-ewt.proofpoint.com/EWT/v1/PjiDSg!1e-ublFzRvmadYv7uKFFzm2_TqytAmw3KWf-KOPz-P-s4pAS1aoqdT3-nxSRbmBnTFcWoddQaTvz9L7XDgHHpuP1Z8GCyN0AeQiFxSmtOdV3FJ1zp1Mpsw0p5wR_77uSxCgzU3TisCM$>
ZjQcmQRYFpfptBannerEnd
Running into a bit of an issue installing xcat on a machine with FIPS mode
enabled. I am seeing some issues with signing on RPMs in the XCAT repos.
These look to be the affected packages:
Error: Transaction test error:
package perl-Net-HTTPS-NB-0.14-2.noarch does not verify: no digest
package xCAT-genesis-base-x86_64-2:2.14.5-snap201811190037.noarch does not
verify: no digest
package syslinux-xcat-3.86-2.noarch does not verify: no digest
package grub2-xcat-2.02-0.76.el7.1.snap201905160255.noarch does not verify:
no digest
package elilo-xcat-3.14-6.noarch does not verify: no digest
package yaboot-xcat-1.3.17-rc1.noarch does not verify: no digest
Looks like some signatures are missing:
rpm --checksig -v perl-Net-HTTPS-NB-0.14-2.noarch.rpm
perl-Net-HTTPS-NB-0.14-2.noarch.rpm:
Header V4 RSA/SHA1 Signature, key ID ca548a47: OK
Header SHA1 digest: OK
Payload SHA256 digest: NOTFOUND
V4 RSA/SHA1 Signature, key ID ca548a47: OK
MD5 digest: NOTFOUND
Here is what we expect to see:
rpm --checksig -v xCAT-openbmc-py-2.16.5-snap202303030907.noarch.rpm
xCAT-openbmc-py-2.16.5-snap202303030907.noarch.rpm:
Header V4 RSA/SHA256 Signature, key ID ca548a47: OK
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA256 Signature, key ID ca548a47: OK
I can use some DNF flags to get around this, but I don’t believe that is the
ideal solution… Could these packages be rebuilt to include the proper digests?
Thanks,
Scott Groel
Clemson University
Executive Director – Research Computing and Data Infrastructure
Email: sgr...@clemson.edu<mailto:sgr...@clemson.edu>
Phone: (864) 656-9235
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
