Use FIPS-compatible SHA256 for comparing files13.0.3

On systems in FIPS mode MD5 is not available, just use SHA256.

NOTE: I'm not sure if this changes makes ironic fully operational
      in FIPS mode, merely fixing an immediate issue.

Story: 2007306
Task: 38792

Change-Id: I9a9e0286c88ed5a1a05e405d251b46a4708dd556
(cherry picked from commit 8982ef574f28992c4622d98660998fab77ae0238)

2 files changed, 6 insertions, 2 deletions

diff --git a/ironic/common/utils.py b/ironic/common/utils.py
index fc61fd02f..6dbb0e326 100644
--- a/ironic/common/utils.py
+++ b/ironic/common/utils.py
@@ -230,12 +230,12 @@ def _get_hash_object(hash_algo_name):
     return getattr(hashlib, hash_algo_name)()
 
 
-def file_has_content(path, content, hash_algo='md5'):
+def file_has_content(path, content, hash_algo='sha256'):
     """Checks that content of the file is the same as provided reference.
 
     :param path: path to file
     :param content: reference content to check against
-    :param hash_algo: hashing algo from hashlib to use, default is 'md5'
+    :param hash_algo: hashing algo from hashlib to use, default is 'sha256'
     :returns: True if the hash of reference content is the same as
         the hash of file's content, False otherwise
     """
diff --git a/releasenotes/notes/fips-hashlib-bca9beacc2b48fe7.yaml b/releasenotes/notes/fips-hashlib-bca9beacc2b48fe7.yaml
new file mode 100644
index 000000000..1c96a1600
--- /dev/null
+++ b/releasenotes/notes/fips-hashlib-bca9beacc2b48fe7.yaml
@@ -0,0 +1,4 @@
+fixes:
+  - |
+    Use SHA256 for comparing file contents instead of MD5. This improves FIPS
+    compatibility.