-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Sha256 header in elasticsearch RPMs #75569
Conversation
To verify the change this PR introduces you can run
which should result in:
|
Pinging @elastic/es-delivery (Team:Delivery) |
This adds support for Sha256 header signature in our RPMs by updating the dependency to the readline library to a version we have patched until the provided PR (craigwblake/redline#157) got merged and released by the redline folks. This work is related to elastic#58257
37549b2
to
7677c5f
Compare
// We rely on a patched version of the redline library used to build rpm packages | ||
// to support sha256header in our elasticsearch RPMs | ||
// TODO: Update / remove this dependency once https://github.com/craigwblake/redline/pull/157 got merged | ||
// Be aware that it seems the redline project hasnt been active for a while |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think we might end up forking it under an Elastic org?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I followed the steps and got the same results 👍
@breskeby great! |
We don't have an RHEL 8 FIPS environment by hand to evaluate this I think Who would we ping at fed field folks to test this? |
I'm reaching out some folks and check if they can help. If this makes things easier, I'm ok merging this PR and iterate further if needed after the validation round. |
@bytebilly @mark-vieira I got confirmation from @mgreau that our nightly rpms are signed in the build process similar to the release builds. So once merged we can wait for a nightly and then test the rpm installation on an centos tips enabled gcs image |
} | ||
} | ||
} | ||
|
||
dependencies { | ||
classpath "com.github.breskeby:gradle-ospackage-plugin:98455c1" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't realize we're also using a patched version of the os-package plugin as well. Curiosity, what's that for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because this hasn't been merged and released yet: nebula-plugins/gradle-ospackage-plugin#400
This is a follow up on elastic#75569 and should fix installation problems in FIPS enabled environments.
This is a follow up on #75569 and should fix installation problems in FIPS enabled environments.
This is a follow up on elastic#75569 and should fix installation problems in FIPS enabled environments.
This adds support for Sha256 header signature in our RPMs by updating the dependency to the readline library to a version we have patched until the provided PR (craigwblake/redline#157) got merged and released by the redline folks. This work is related to elastic#58257
This is a follow up on elastic#75569 and should fix installation problems in FIPS enabled environments.
This adds support for Sha256 header signature in our RPMs by
updating the dependency to the readline library to a version
we have patched until the provided PR (craigwblake/redline#157)
got merged and released by the redline folks.
This work is related to #58257