Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(#153) Enable FIPs if required #278

Merged
merged 2 commits into from
Oct 18, 2024
Merged

(#153) Enable FIPs if required #278

merged 2 commits into from
Oct 18, 2024

Conversation

steviecoaster
Copy link
Contributor

@steviecoaster steviecoaster commented Oct 10, 2024
edited
Loading

If we detect that FIPs is enabled on a system when we
install Chocolatey, we should also configure Chocolatey
to use FIPs-compliant checksums. Without enabling this
feature, package installations will fail as Chocolatey
will not use a compliant hashing mechanism.

Description Of Changes

This change adds detection for FIPs and sets Chocolatey configuration to use FIPS compliant checksums if FIPs is detected to be enabled

Motivation and Context

When FIPs is enabled, Chocolatey does not use a checksum mechanism that is strong enough to meet the requirements of FIPs security.

Testing

Tested locally in AutomatedLab and confirmed when FIPs is enabled, chocolatey configures FIPs compliant checksums.

Operating Systems Testing

Server 2022

Change Types Made

  • Bug fix (non-breaking change).
  • Feature / Enhancement (non-breaking change).
  • Breaking change (fix or feature that could cause existing functionality to change).
  • Documentation changes.
  • PowerShell code changes.

Change Checklist

  • Requires a change to the documentation.
  • Documentation has been updated.
  • Tests to cover my changes, have been added.
  • All new and existing tests passed?
  • PowerShell code changes: PowerShell v3 compatibility checked?

Related Issue

Fixes #153

@steviecoaster steviecoaster added the 3 - Review This is for tickets that need to be reviewed prior to being complete. label Oct 10, 2024
@steviecoaster @JPRuskin
(chocolatey#153) Enable FIPS if required
fd86416 
If we detect that FIPS is enabled on a system when we
install Chocolatey, we should also configure Chocolatey
to use FIPs-compliant checksums. Without enabling this
feature, package installations will fail as Chocolatey
will not use a compliant hashing mechanism.
@JPRuskin
(fix) Pester Package is Broken by Internalization
12b2c0e 
The Pester package breaks when you internalize it, due to the added code at the top of the chocolateyInstall script.

This commit ensures the package is not internalized.
@JPRuskin
Copy link
Member

Added a little fix for the Pester issue we were seeing. Turns out, internalization really really hates param blocks and begin/process/end. I'll create a support issue for that.

JPRuskin
JPRuskin approved these changes Oct 18, 2024
View reviewed changes
Copy link
Member

@JPRuskin JPRuskin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@JPRuskin JPRuskin merged commit ff4cfc0 into chocolatey:main Oct 18, 2024
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ryanrichter94 ryanrichter94 ryanrichter94 left review comments

@JPRuskin JPRuskin JPRuskin approved these changes

Assignees
No one assigned
Labels
3 - Review This is for tickets that need to be reviewed prior to being complete.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Account for FIPS Environments in Setup
3 participants
@steviecoaster @JPRuskin @ryanrichter94