Closed QuLogic closed 1 month ago
So is this not part of the the FIPS restrictions but something Fedora has patched? We typically use skip_if(fips_mode())
on a tests to skip legacy algorithms.
If this is really a fedora feature, I guess we'll need to use skip_if(grepl("Fedora", osVersion))
or maybe skip_if(grepl("redhat", R.version$platform))
@QuLogic could confirm if the problems are fixed on the master branch?
So is this not part of the the FIPS restrictions but something Fedora has patched? We typically use
skip_if(fips_mode())
on a tests to skip legacy algorithms.
I don't believe it has to do with FIPS, just a change in Fedora. But also note that the change page says that RHEL9 has disabled SHA1 signatures for 2 years already.
@QuLogic could confirm if the problems are fixed on the master branch?
Yes, it all works; thanks for also fixing the engine.h
header problem that I didn't get around to reporting.
OK I have released a new version to CRAN now.
As of Fedora 41, the SHA1 signatures are going to be treated as invalid due to https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
This causes 5 tests to fail:
At the moment, I am following this guidance to temporarily enable SHA1 signatures during package builds. However, this workaround may go away at any point in the future.
It would be nice if the tests that used SHA1 signatures were made independent and marked somehow so that they could be skipped.