powerel7
/
base
2
0
Fork 0
Code Issues Pull Requests Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1049 Commits
1 Branch
0 Tags
390 MiB
 
 
 
 
 
 
Tree: 6441ca8477
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6441ca8477'
${ noResults }
base/SOURCES/BZ-1287610-fips-dont-pollut...

83 lines
3.4 KiB
Raw Blame History

diff -up yum-3.4.3/yum/Errors.py.orig yum-3.4.3/yum/Errors.py
--- yum-3.4.3/yum/Errors.py.orig 2017-09-14 18:42:26.740558383 +0200
+++ yum-3.4.3/yum/Errors.py 2017-09-14 18:42:30.371541754 +0200
@@ -99,6 +99,11 @@ class ConfigError(YumBaseError):
class MiscError(YumBaseError):
pass
+class FIPSNonCompliantError(MiscError):
+ def __init__(self, sumtype):
+ MiscError.__init__(
+ self, '%s algorithm is not FIPS compliant' % sumtype)
+
class GroupsError(YumBaseError):
pass
diff -up yum-3.4.3/yum/misc.py.orig yum-3.4.3/yum/misc.py
--- yum-3.4.3/yum/misc.py.orig 2017-09-14 18:42:26.794558135 +0200
+++ yum-3.4.3/yum/misc.py 2017-09-14 18:42:30.372541749 +0200
@@ -58,11 +58,20 @@ except ImportError:
raise ValueError, "Bad checksum type"
# some checksum types might be disabled
+_fips_noncompliant = set()
for ctype in list(_available_checksums):
try:
hashlib.new(ctype)
- except:
- print >> sys.stderr, 'Checksum type %s disabled' % repr(ctype)
+ except Exception as e:
+ # Print an error unless this is due to FIPS mode (in which case it's
+ # not really an error and we don't want to pollute the output
+ # needlessly; if someone actually tries to instantiate a Checksum with
+ # a FIPS non-compliant ctype, we'll raise an explanatory exception
+ # anyway).
+ if isinstance(e, ValueError) and str(e).endswith('disabled for fips'):
+ _fips_noncompliant.add(ctype)
+ else:
+ print >> sys.stderr, 'Checksum type %s disabled' % repr(ctype)
_available_checksums.remove(ctype)
for ctype in 'sha256', 'sha1':
if ctype in _available_checksums:
@@ -71,7 +80,7 @@ for ctype in 'sha256', 'sha1':
else:
raise ImportError, 'broken hashlib'
-from Errors import MiscError
+from Errors import MiscError, FIPSNonCompliantError
# These are API things, so we can't remove them even if they aren't used here.
# pylint: disable-msg=W0611
from i18n import to_utf8, to_unicode
@@ -271,6 +280,8 @@ class Checksums:
sumalgo = hashlib.new(sumtype)
elif ignore_missing:
continue
+ elif sumtype in _fips_noncompliant:
+ raise FIPSNonCompliantError(sumtype)
else:
raise MiscError, 'Error Checksumming, bad checksum type %s' % sumtype
done.add(sumtype)
diff -up yum-3.4.3/yum/yumRepo.py.orig yum-3.4.3/yum/yumRepo.py
--- yum-3.4.3/yum/yumRepo.py.orig 2017-09-14 18:42:26.879557746 +0200
+++ yum-3.4.3/yum/yumRepo.py 2017-09-14 18:43:23.422298802 +0200
@@ -497,7 +497,10 @@ class YumRepository(Repository, config.R
except (Errors.MiscError, EnvironmentError), e:
if checksum_can_fail:
return None
- raise Errors.RepoError, 'Error opening file for checksum: %s' % e
+ msg = 'Error opening file for checksum: %s' % e
+ if isinstance(e, Errors.FIPSNonCompliantError):
+ msg = str(e)
+ raise Errors.RepoError(msg)
def dump(self):
output = '[%s]\n' % self.id
@@ -1799,7 +1802,7 @@ Insufficient space in download directory
except Errors.RepoError, e:
if check_can_fail:
return None
- raise URLGrabError(-3, 'Error performing checksum')
+ raise URLGrabError(-3, 'Error performing checksum: %s' % e)
if l_csum == r_csum:
_xattr_set_chksum(file, r_ctype, l_csum)