Yum fails with SHA-1 RPM signature and digest under FIPS

Solution Unverified - Updated -

Issue

  • A Red Hat Enterprise Linux 6 system that is FIPS enabled is unable to yum install SHA-1 packages and fails with a traceback:
Total download size: 394 k
Installed size: 0  
Downloading Packages:
(1/3): kmod-vmware-tools-pvscsi-1.1.1.0-2.6.32.71.el6.x86_64.3.x86_64.rpm                          |  46 kB     00:00     
Traceback (most recent call last):
  File "/usr/bin/yum", line 29, in <module>
    yummain.user_main(sys.argv[1:], exit_code=True)
  File "/usr/share/yum-cli/yummain.py", line 285, in user_main
    errcode = main(args)
  File "/usr/share/yum-cli/yummain.py", line 219, in main
    return_code = base.doTransaction()
  File "/usr/share/yum-cli/cli.py", line 498, in doTransaction
    problems = self.downloadPkgs(downloadpkgs, callback_total=self.download_callback_total_cb) 
  File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 2035, in downloadPkgs
    cache=po.repo.http_caching != 'none',
  File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 858, in getPackage
    size=package.size,
  File "/usr/share/yum-plugins/rhnplugin.py", line 347, in _getFile
    start, end, copy_local, checkfunc, text, reget, cache, size)
  File "/usr/share/yum-plugins/rhnplugin.py", line 449, in _noExceptionWrappingGet
    size = size
  File "/usr/lib/python2.6/site-packages/urlgrabber/grabber.py", line 985, in urlgrab
    return self._retry(opts, retryfunc, url, filename)
  File "/usr/lib/python2.6/site-packages/urlgrabber/grabber.py", line 886, in _retry
    r = apply(func, (opts,) + args, {})
  File "/usr/lib/python2.6/site-packages/urlgrabber/grabber.py", line 980, in retryfunc
    apply(cb_func, (obj, )+cb_args, cb_kwargs)
  File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 1881, in verifyPkg
    if not po.verifyLocalPkg():
  File "/usr/lib/python2.6/site-packages/yum/packages.py", line 879, in verifyLocalPkg
    datasize=self.packagesize)
  File "/usr/lib/python2.6/site-packages/yum/misc.py", line 327, in checksum
    data = Checksums([sumtype])
  File "/usr/lib/python2.6/site-packages/yum/misc.py", line 241, in __init__
    sumalgo = hashlib.new(sumtype)
  File "/usr/lib64/python2.6/hashlib.py", line 83, in __hash_new
    return _hashlib.new(name, string, usedforsecurity)
ValueError: error:060800A0:digital envelope routines:EVP_DigestInit_ex:unknown cipher

Environment

  • Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content