diff options
author | Jay Mundrawala <jdmundrawala@gmail.com> | 2015-09-25 12:33:28 -0700 |
---|---|---|
committer | Jay Mundrawala <jdmundrawala@gmail.com> | 2015-09-30 09:30:55 -0700 |
commit | 2b3ee909302354050011e92086ea282100ecf8bc (patch) | |
tree | 7dd00b1d3a794a81b7267b6ca5a1f286f343681e | |
parent | f47ebcad88a9ac5300bba80d3c034ff73d64c784 (diff) | |
download | chef-jdm/fips2.tar.gz |
Allow md5 even in fips modejdm/fips2
-rw-r--r-- | lib/chef/chef_fs/file_system/cookbook_file.rb | 10 | ||||
-rw-r--r-- | lib/chef/cookbook_version.rb | 7 | ||||
-rw-r--r-- | lib/chef/util/fips.rb | 17 |
3 files changed, 23 insertions, 11 deletions
diff --git a/lib/chef/chef_fs/file_system/cookbook_file.rb b/lib/chef/chef_fs/file_system/cookbook_file.rb index 88d82d4ea7..61e379f79a 100644 --- a/lib/chef/chef_fs/file_system/cookbook_file.rb +++ b/lib/chef/chef_fs/file_system/cookbook_file.rb @@ -18,6 +18,7 @@ require 'chef/chef_fs/file_system/base_fs_object' require 'chef/http/simple' +require 'chef/util/fips' require 'openssl' class Chef @@ -74,12 +75,9 @@ class Chef private def calc_checksum(value) - alg = if Chef::Config.fips_mode - OpenSSL::Digest::SHA256 - else - OpenSSL::Digest::MD5 - end - alg.new.hexdigest(value) + Chef::Util::FIPS.disable do + OpenSSL::Digest::MD5.new.hexdigest(value) + end end end end diff --git a/lib/chef/cookbook_version.rb b/lib/chef/cookbook_version.rb index 7e79e15a6e..e944264d3d 100644 --- a/lib/chef/cookbook_version.rb +++ b/lib/chef/cookbook_version.rb @@ -25,6 +25,7 @@ require 'chef/cookbook/metadata' require 'chef/version_class' require 'chef/digester' require 'chef/cookbook_manifest' +require 'chef/util/fips' class Chef @@ -96,11 +97,7 @@ class Chef # This is the one and only method that knows how cookbook files' # checksums are generated. def self.checksum_cookbook_file(filepath) - if Chef::Config.fips_mode - # This will require a chef server that can handle - # sha256 checksums - Chef::Digester.checksum_for_file(filepath) - else + Chef::Util::FIPS.disable do Chef::Digester.generate_md5_checksum_for_file(filepath) end rescue Errno::ENOENT diff --git a/lib/chef/util/fips.rb b/lib/chef/util/fips.rb new file mode 100644 index 0000000000..630fb49db8 --- /dev/null +++ b/lib/chef/util/fips.rb @@ -0,0 +1,17 @@ +require 'openssl' +class Chef + class Util + class FIPS + def self.disable(&block) + if Chef::Config.fips_mode + OpenSSL.fips_mode = false + val = block.call + OpenSSL.fips_mode = true + val + else + block.call + end + end + end + end +end |