Permalink
Browse files

Merge pull request #6508 from jsane/bug/master/PUP-4963-Puppet_module…

…_build_fails_on_FIPS_enabled_systems

(PUP-4963) Puppet module build fails on FIPS enabled system
  • Loading branch information...
joshcooper committed Jan 18, 2018
2 parents df00a22 + 0df67c6 commit 3f151a24e337d104c39a9cbf812821e4ac7915e4
@@ -4,6 +4,7 @@
description <<-EOT
Prepares a local module for release on the Puppet Forge by building a
ready-to-upload archive file.
Note: Module build uses MD5 checksums, which are prohibited on FIPS enabled systems.
This action uses the metadata.json file in the module directory to set metadata
used by the Forge. See <https://docs.puppetlabs.com/puppet/latest/reference/modules_publishing.html> for more
@@ -8,6 +8,7 @@
summary _("Install a module from the Puppet Forge or a release archive.")
description <<-EOT
Installs a module from the Puppet Forge or from a release archive file.
Note: Module install uses MD5 checksums, which are prohibited on FIPS enabled systems.
The specified module will be installed into the directory
specified with the `--target-dir` option, which defaults to the first
@@ -4,6 +4,7 @@
description <<-EOT
Uninstalls a puppet module from the modulepath (or a specific
target directory).
Note: Module uninstall uses MD5 checksums, which are prohibited on FIPS enabled systems.
EOT
returns _("Hash of module objects representing uninstalled modules and related errors.")
@@ -5,6 +5,7 @@
summary _("Upgrade a puppet module.")
description <<-EOT
Upgrades a puppet module.
Note: Module upgrade uses MD5 checksums, which are prohibited on FIPS enabled systems.
EOT
returns "Hash"
@@ -2,6 +2,7 @@
require 'json'
require 'puppet/file_system'
require 'pathspec'
require 'facter'
module Puppet::ModuleTool
module Applications
@@ -14,6 +15,9 @@ def initialize(path, options = {})
end
def run
# Disallow anything that invokes md5 to avoid un-friendly termination due to FIPS
raise _("Module building is prohibited in FIPS mode.") if Facter.value(:fips_enabled)
load_metadata!
create_directory
copy_contents
@@ -52,6 +52,9 @@ def initialize(name, install_dir, options = {})
end
def run
# Disallow anything that invokes md5 to avoid un-friendly termination due to FIPS
raise _("Module install is prohibited in FIPS mode.") if Facter.value(:fips_enabled)
name = @name.tr('/', '-')
version = options[:version] || '>= 0.0.0'
@@ -16,6 +16,9 @@ def initialize(name, options)
end
def run
# Disallow anything that invokes md5 to avoid un-friendly termination due to FIPS
raise _("Module uninstall is prohibited in FIPS mode.") if Facter.value(:fips_enabled)
results = {
:module_name => @name,
:requested_version => @version,
@@ -27,6 +27,9 @@ def initialize(name, options)
end
def run
# Disallow anything that invokes md5 to avoid un-friendly termination due to FIPS
raise _("Module upgrade is prohibited in FIPS mode.") if Facter.value(:fips_enabled)
name = @name.tr('/', '-')
version = options[:version] || '>= 0.0.0'
@@ -429,4 +429,11 @@ def create_symlink_gitignore_file
it_behaves_like "a packagable module"
end
context 'when in FIPS mode...' do
it 'module builder refuses to run' do
Facter.stubs(:value).with(:fips_enabled).returns(true)
expect { builder.run }.to raise_error(/Module building is prohibited in FIPS mode/)
end
end
end
@@ -366,6 +366,14 @@ def options
end
end
end
context 'when in FIPS mode...' do
it 'module installer refuses to run' do
Facter.stubs(:value).with(:fips_enabled).returns(true)
expect {application.run}.to raise_error(/Module install is prohibited in FIPS mode./)
end
end
end
end
@@ -162,4 +162,12 @@ def options
end
end
end
context 'when in FIPS mode...' do
it 'module uninstaller refuses to run' do
Facter.stubs(:value).with(:fips_enabled).returns(true)
expect {application.run}.to raise_error(/Module uninstall is prohibited in FIPS mode/)
end
end
end
@@ -327,5 +327,11 @@ def options
end
end
end
context 'when in FIPS mode...' do
it 'module unpgrader refuses to run' do
Facter.stubs(:value).with(:fips_enabled).returns(true)
expect { application.run }.to raise_error(/Module upgrade is prohibited in FIPS mode/)
end
end
end
end

0 comments on commit 3f151a2

Please sign in to comment.