diff options
author | Tim Smith <tsmith@chef.io> | 2017-12-21 12:59:55 -0800 |
---|---|---|
committer | Tim Smith <tsmith@chef.io> | 2017-12-21 12:59:55 -0800 |
commit | b1ec137c431844175515599476745b9442108888 (patch) | |
tree | 11fc4dc8b1fef9a6f1d63b11a11e8c3572c07da3 | |
parent | 434b28a16d81d3623d284476ba1b86fb19b6ee07 (diff) | |
download | ohai-shard_FIPS.tar.gz |
Use SHA256 for the shard seed for FIPS complianceshard_FIPS
MD5 is not allowed in FIPS140/180. We can use SHA256 and then this
passes FIPS and all the government users can use this plugin. Yes I
realize we just trim the value anyways. Still can't use it in FIPS.
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r-- | lib/ohai/plugins/shard.rb | 4 | ||||
-rw-r--r-- | spec/unit/plugins/shard_spec.rb | 6 |
2 files changed, 5 insertions, 5 deletions
diff --git a/lib/ohai/plugins/shard.rb b/lib/ohai/plugins/shard.rb index e8e55717..2e2f1391 100644 --- a/lib/ohai/plugins/shard.rb +++ b/lib/ohai/plugins/shard.rb @@ -17,7 +17,7 @@ # Ohai.plugin(:ShardSeed) do - require "digest/md5" + require "digest/sha2" depends "hostname", "dmi", "machine_id", "machinename" provides "shard_seed" @@ -52,7 +52,7 @@ Ohai.plugin(:ShardSeed) do yield(src) end end - shard_seed Digest::MD5.hexdigest(data)[0...7].to_i(16) + shard_seed Digest::SHA256.hexdigest(data)[0...7].to_i(16) end collect_data(:darwin) do diff --git a/spec/unit/plugins/shard_spec.rb b/spec/unit/plugins/shard_spec.rb index b8945660..3cddadce 100644 --- a/spec/unit/plugins/shard_spec.rb +++ b/spec/unit/plugins/shard_spec.rb @@ -16,7 +16,7 @@ # limitations under the License. # -require "digest/md5" +require "digest/sha2" require_relative "../../spec_helper.rb" describe Ohai::System, "shard plugin" do @@ -40,7 +40,7 @@ describe Ohai::System, "shard plugin" do it "should provide a shard with a default-safe set of sources" do plugin.run - result = Digest::MD5.hexdigest( + result = Digest::SHA256.hexdigest( "#{machinename}#{serial}#{uuid}" )[0...7].to_i(16) expect(plugin[:shard_seed]).to eq(result) @@ -49,7 +49,7 @@ describe Ohai::System, "shard plugin" do it "should provide a shard with a configured source" do Ohai.config[:plugin][:shard_seed][:sources] = [:fqdn] plugin.run - result = Digest::MD5.hexdigest(fqdn)[0...7].to_i(16) + result = Digest::SHA256.hexdigest(fqdn)[0...7].to_i(16) expect(plugin[:shard_seed]).to eq(result) end |