Closed jonathan-dove closed 3 days ago
mattermost-build
commented
2 weeks ago Hello @jonathan-dove,
Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here.
devinbinnie
commented
2 weeks ago @toninis Can you check to make sure this doesn't harm our RPM build process?
toninis
commented
2 weeks ago @devinbinnie I need to manually build a rpm package from this PR and test that so this needs to wait a bit . Alternatively we can merge and check the nightly builds . I might have capacity to test that locally on a box end of week if that's ok 😄
devinbinnie
commented
2 weeks ago @devinbinnie I need to manually build a rpm package from this PR and test that so this needs to wait a bit . Alternatively we can merge and check the nightly builds . I might have capacity to test that locally on a box end of week if that's ok 😄
Yep we can test locally whenever you have time. Let's do that before we merge. If I can be of help let me know.
mattermost-build
commented
1 week ago This PR has been automatically labelled "stale" because it hasn't had recent activity. A core team member will check in on the status of the PR to help with questions. Thank you for your contribution!
devinbinnie
commented
6 days ago @toninis Any progress on locally testing this?
toninis
commented
3 days ago @devinbinnie I tested the rpm locally and installs . This change only affects the checksum . Once merged we will also check the nightly build repo
toninis
commented
3 days ago /update-branch
devinbinnie
commented
3 days ago @toninis Feel free to approve if you think it's ready to merge.
Summary
Added fpm argument to the package.json file to change the hashing algorithm from md5 to sha256. This fixes an issue introduced in RHEL8+ and/or clones where if FIPS mode is enabled rpm digests must be hashed with at minimum sha256 to be allowed to be installed without bypassing security measures put in place by the FIPS standards.
Ticket Link
https://github.com/mattermost/desktop/issues/3190
Checklist
npm run lint:jsfor proper code formattingDevice Information
This PR was tested on: RHEL 8, RHEL 9, Rocky9, Rocky8
Release Note