agent: Grafana Agent still unable to install on FIPS-mode CentOS 9
What’s wrong?
This was first reported in #4267, and an attempt to fix was made in #4268, but the release since that PR was merged still is not able to be installed on a FIPS-mode EL system.
Steps to reproduce
# On a test CentOS 9 Stream box, enable FIPS mode (warning, irreversible)
fips-mode-setup --enable
shutdown -r now
And then with an /etc/yum.repos.d/grafana.repo with GPG checking turned on or off:
[grafana]
baseurl = https://rpm.grafana.com
enabled = 1
gpgcheck = 0
gpgkey = https://rpm.grafana.com/gpg.key
name = grafana
repo_gpgcheck = 0
sslcacert = /etc/pki/tls/certs/ca-bundle.crt
sslverify = 1
$ sudo dnf install grafana-agent-flow -y
Last metadata expiration check: 2:29:44 ago on Wed 12 Jul 2023 02:58:43 PM UTC.
Dependencies resolved.
=============================================================================================================================================================================
Package Architecture Version Repository Size
=============================================================================================================================================================================
Installing:
grafana-agent-flow x86_64 0.34.3-1 grafana 51 M
Transaction Summary
=============================================================================================================================================================================
Install 1 Package
Total download size: 51 M
Installed size: 177 M
Downloading Packages:
grafana-agent-flow-0.34.3-1.amd64.rpm 17 MB/s | 51 MB 00:03
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 17 MB/s | 51 MB 00:03
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : grafana-agent-flow-0.34.3-1.x86_64 1/1
Error unpacking rpm package grafana-agent-flow-0.34.3-1.x86_64
Verifying : grafana-agent-flow-0.34.3-1.x86_64 1/1
Failed:
grafana-agent-flow-0.34.3-1.x86_64
Error: Transaction failed
System information
CentOS 9 Stream kernel 5.14.0-333.el9.x86_64
Software version
Grafana Flow Agent 0.34.3-1
Configuration
No response
Logs
No response
About this issue
- Original URL
- State: closed
- Created a year ago
- Comments: 15 (3 by maintainers)
Commits related to this issue
- Make RPM file digests use FIPS-compliant sha256 instead of MD5 Closes #4419, relates to #4267 Signed-off-by: Andrew Imeson <andrew@andrewimeson.com> — committed to andrewimeson/agent by andrewimeson a year ago
- Make RPM file digests use FIPS-compliant sha256 instead of MD5 Closes #4419, relates to #4267 Signed-off-by: Andrew Imeson <andrew@andrewimeson.com> — committed to andrewimeson/agent by andrewimeson a year ago
- Make RPM file digests use FIPS-compliant sha256 instead of MD5 Closes #4419, relates to #4267 Signed-off-by: Andrew Imeson <andrew@andrewimeson.com> — committed to andrewimeson/agent by andrewimeson a year ago
- Make RPM file digests use FIPS-compliant sha256 instead of MD5 Closes #4419, relates to #4267 Signed-off-by: Andrew Imeson <andrew@andrewimeson.com> — committed to andrewimeson/agent by andrewimeson a year ago
I just tested it, and the installation of v0.35.4 now works! Thank you!
The RPMs that get published are re-signed by the publish process, which might be making your change a no-op. @julienduchesne knows the most about the RPM publish process, but he’s on PTO until the 31st.