Identify component with MD5 in Amazon Linux 2 FIPS build
Summary
Add branch pipeline for the Amazon Linux 2 FIPS... (!6314 - merged) requested the addition of Amazon Linux 2 FIPS builds.
During testing, it was discovered that the build does not seem to correctly apply the FIPS changes to the resulting package.
gitlab: ffi-libarchive could not be loaded, libarchive is probably not installed on system, archive_file will not be available
gitlab: [2022-09-12T21:19:03+00:00] INFO: Started Chef Infra Zero at chefzero://localhost:1 with repository at /opt/gitlab/embedded (One version per cookbook)
gitlab: Chef Infra Client, version 17.10.0
gitlab: Patents: https://www.chef.io/patents
gitlab: Infra Phase starting
gitlab: [2022-09-12T21:19:03+00:00] INFO: *** Chef Infra Client 17.10.0 ***
gitlab: [2022-09-12T21:19:03+00:00] INFO: Platform: x86_64-linux
gitlab: [2022-09-12T21:19:03+00:00] INFO: Chef-client pid: 5122
gitlab: [2022-09-12T21:19:04+00:00] INFO: Setting the run_list to ["recipe[gitlab-ee]"] from CLI options
gitlab: [2022-09-12T21:19:04+00:00] INFO: Run List is [recipe[gitlab-ee]]
gitlab: [2022-09-12T21:19:04+00:00] INFO: Run List expands to [gitlab-ee]
gitlab: [2022-09-12T21:19:04+00:00] INFO: Starting Chef Infra Client Run for vagrant
gitlab: [2022-09-12T21:19:04+00:00] INFO: Running start handlers
gitlab: [2022-09-12T21:19:04+00:00] INFO: Start handlers complete.
gitlab: Resolving cookbooks for run list: ["gitlab-ee"]
gitlab: md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
This error was generated on a Vagrant box by @rmarshall and confirmed in EC2 by @niklasjanz
Deliverables
- Merge request to fix the issue
➡ !6357 (merged) - If this issue is resolved, and another discovered, a follow up issue logged to correct the next issue
➡ Chef (and Berksfile) need to stop using MD5: https://github.com/chef/chef/pull/13186
Edited by Stan Hu