Use SHA256 for remote_file when in fips mode

author: Jay Mundrawala <jdmundrawala@gmail.com> 2015-09-22 10:37:01 -0700
committer: Jay Mundrawala <jdmundrawala@gmail.com> 2015-09-22 11:18:28 -0700
commit: dacafa2a0aa2ff9d8ff24cc70c1777da07e6a739 (patch)
tree: 48328c20705c62202a66ac3356362f3f458731df
parent: 2cf81f51d7f3cf2290025f41de6d3754a004f897 (diff)
download: chef-dacafa2a0aa2ff9d8ff24cc70c1777da07e6a739.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/chef/provider/remote_file/cache_control_data.rb b/lib/chef/provider/remote_file/cache_control_data.rb
index f9b729362c..837286d95c 100644
--- a/lib/chef/provider/remote_file/cache_control_data.rb
+++ b/lib/chef/provider/remote_file/cache_control_data.rb
@@ -153,7 +153,15 @@ class Chef
           # human-readable but within the bounds of local file system
           # path length limits
           scrubbed_uri = uri.gsub(/\W/, '_')[0..63]
-          uri_md5 = Chef::Digester.instance.generate_md5_checksum(StringIO.new(uri))
+          uri_md5 = if Chef::Config.fips_mode
+                      # We can probably just use sha256 everywhere. The problem
+                      # is that uri_md5 would change, and that means people upgrading
+                      # would have the resource converge again, even though the file
+                      # could be there
+                      Chef::Digester.instance.generate_checksum(StringIO.new(uri))
+                    else
+                      Chef::Digester.instance.generate_md5_checksum(StringIO.new(uri))
+                    end
           "#{scrubbed_uri}-#{uri_md5}.json"
         end
author	Jay Mundrawala <jdmundrawala@gmail.com>	2015-09-22 10:37:01 -0700
committer	Jay Mundrawala <jdmundrawala@gmail.com>	2015-09-22 11:18:28 -0700
commit	dacafa2a0aa2ff9d8ff24cc70c1777da07e6a739 (patch)
tree	48328c20705c62202a66ac3356362f3f458731df
parent	2cf81f51d7f3cf2290025f41de6d3754a004f897 (diff)
download	chef-dacafa2a0aa2ff9d8ff24cc70c1777da07e6a739.tar.gz