Yum fails with SHA-1 RPM signature and digest under FIPS
Issue
- A Red Hat Enterprise Linux 6 system that is FIPS enabled is unable to yum install SHA-1 packages and fails with a traceback:
Total download size: 394 k
Installed size: 0
Downloading Packages:
(1/3): kmod-vmware-tools-pvscsi-1.1.1.0-2.6.32.71.el6.x86_64.3.x86_64.rpm | 46 kB 00:00
Traceback (most recent call last):
File "/usr/bin/yum", line 29, in <module>
yummain.user_main(sys.argv[1:], exit_code=True)
File "/usr/share/yum-cli/yummain.py", line 285, in user_main
errcode = main(args)
File "/usr/share/yum-cli/yummain.py", line 219, in main
return_code = base.doTransaction()
File "/usr/share/yum-cli/cli.py", line 498, in doTransaction
problems = self.downloadPkgs(downloadpkgs, callback_total=self.download_callback_total_cb)
File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 2035, in downloadPkgs
cache=po.repo.http_caching != 'none',
File "/usr/lib/python2.6/site-packages/yum/yumRepo.py", line 858, in getPackage
size=package.size,
File "/usr/share/yum-plugins/rhnplugin.py", line 347, in _getFile
start, end, copy_local, checkfunc, text, reget, cache, size)
File "/usr/share/yum-plugins/rhnplugin.py", line 449, in _noExceptionWrappingGet
size = size
File "/usr/lib/python2.6/site-packages/urlgrabber/grabber.py", line 985, in urlgrab
return self._retry(opts, retryfunc, url, filename)
File "/usr/lib/python2.6/site-packages/urlgrabber/grabber.py", line 886, in _retry
r = apply(func, (opts,) + args, {})
File "/usr/lib/python2.6/site-packages/urlgrabber/grabber.py", line 980, in retryfunc
apply(cb_func, (obj, )+cb_args, cb_kwargs)
File "/usr/lib/python2.6/site-packages/yum/__init__.py", line 1881, in verifyPkg
if not po.verifyLocalPkg():
File "/usr/lib/python2.6/site-packages/yum/packages.py", line 879, in verifyLocalPkg
datasize=self.packagesize)
File "/usr/lib/python2.6/site-packages/yum/misc.py", line 327, in checksum
data = Checksums([sumtype])
File "/usr/lib/python2.6/site-packages/yum/misc.py", line 241, in __init__
sumalgo = hashlib.new(sumtype)
File "/usr/lib64/python2.6/hashlib.py", line 83, in __hash_new
return _hashlib.new(name, string, usedforsecurity)
ValueError: error:060800A0:digital envelope routines:EVP_DigestInit_ex:unknown cipher
Environment
- Red Hat Enterprise Linux 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.