ChrisLeinbach
commented
4 months ago Building a virtual machine to test out the build and install now. Will create pull request if successful.
Open ChrisLeinbach opened 4 months ago
ChrisLeinbach
commented
4 months ago Building a virtual machine to test out the build and install now. Will create pull request if successful.
ChrisLeinbach
commented
4 months ago This appears to be more nuanced that I originally thought. I was able to build an RPM with my change but both my build and the one i pulled from the releases page have SHA256 digests.
The result of signature/digest checking both RPMs:
# rpm --checksig -v ./*pulsar*.rpm
./Linux.pulsar-1.117.0.x86_64.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
./pulsar-1.117.0-dev.x86_64.rpm:
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OKThe result of trying to install the 1.117.0 release RPM:
# rpm -i Linux.pulsar-1.117.0.x86_64.rpm
error: unpacking of archive failed on file /opt/Pulsar/LICENSE.electron.txt;6659d276: cpio: Digest mismatch
error: pulsar-1.117.0-1.x86_64: install failedIts almost like something in the release binary pipeline is mangling that license file or its digest.
Thanks in advance for your bug report!
What happened?
The Pulsar RPM packages fail to install on systems that have FIPS mode enabled when installing via both the RPM and DNF/Yum commands.
This happens due to MD5 digests being the default digest method for RPM but MD5, being non-FIPS compliant, is blocked on FIPS enabled systems.
Pulsar version
1.117.0
Which OS does this happen on?
🐧 Red Hat based (Fedora, Alma, RockyLinux, CentOS Stream, etc.)
OS details
AlmaLinux 9.4
Which CPU architecture are you running this on?
x86_64/AMD64
What steps are needed to reproduce this?
fips=1kernel command line argument.Additional Information:
See Elastic Beats #23670 for a similar issue and how it was fixed for that project.