diff options
author | Jay Mundrawala <jdmundrawala@gmail.com> | 2015-09-22 10:37:01 -0700 |
---|---|---|
committer | Jay Mundrawala <jdmundrawala@gmail.com> | 2015-09-22 11:18:28 -0700 |
commit | dacafa2a0aa2ff9d8ff24cc70c1777da07e6a739 (patch) | |
tree | 48328c20705c62202a66ac3356362f3f458731df | |
parent | 2cf81f51d7f3cf2290025f41de6d3754a004f897 (diff) | |
download | chef-dacafa2a0aa2ff9d8ff24cc70c1777da07e6a739.tar.gz |
Use SHA256 for remote_file when in fips mode
-rw-r--r-- | lib/chef/provider/remote_file/cache_control_data.rb | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/chef/provider/remote_file/cache_control_data.rb b/lib/chef/provider/remote_file/cache_control_data.rb index f9b729362c..837286d95c 100644 --- a/lib/chef/provider/remote_file/cache_control_data.rb +++ b/lib/chef/provider/remote_file/cache_control_data.rb @@ -153,7 +153,15 @@ class Chef # human-readable but within the bounds of local file system # path length limits scrubbed_uri = uri.gsub(/\W/, '_')[0..63] - uri_md5 = Chef::Digester.instance.generate_md5_checksum(StringIO.new(uri)) + uri_md5 = if Chef::Config.fips_mode + # We can probably just use sha256 everywhere. The problem + # is that uri_md5 would change, and that means people upgrading + # would have the resource converge again, even though the file + # could be there + Chef::Digester.instance.generate_checksum(StringIO.new(uri)) + else + Chef::Digester.instance.generate_md5_checksum(StringIO.new(uri)) + end "#{scrubbed_uri}-#{uri_md5}.json" end |