Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add sha256 digests to RPM packages #27103

Merged
merged 1 commit into from
Jul 30, 2021
Merged

Add sha256 digests to RPM packages #27103

merged 1 commit into from
Jul 30, 2021

Conversation

andrewkroh
Copy link
Member

What does this PR do?

Adds sha256 digests to RPM packages.

# rpm --checksig -v filebeat-8.0.0-SNAPSHOT-x86_64.rpm
filebeat-8.0.0-SNAPSHOT-x86_64.rpm:
    Header SHA256 digest: OK
    Header SHA1 digest: OK
    Payload SHA256 digest: OK
    MD5 digest: OK

Fixes #23670

Why is it important?

This allows the RPMs to be installed on RHEL8 without any additional flags to disable digest checks. RHEL8 no longer trust the sha1 and md5 we were adding.

Checklist

  • My code follows the style guidelines of this project
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

  • Install unsigned RPM on centos:8
  • Install unsigned RPM on centos:6

How to test this PR locally

Related issues

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jul 28, 2021
@andrewkroh andrewkroh mentioned this pull request Jul 28, 2021
Closed
@elasticmachine
Copy link
Collaborator

Pinging @elastic/agent (Team:Agent)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jul 28, 2021
@andrewkroh andrewkroh added backport-v7.14.0 Automated backport with mergify backport-v7.15.0 Automated backport with mergify labels Jul 28, 2021
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jul 28, 2021
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2021-07-29T12:31:26.950+0000

  • Duration: 202 min 34 sec

  • Commit: 1a0c26d

Test stats 🧪

Test Results
Failed 0
Passed 49609
Skipped 5329
Total 54938

Trends 🧪

Image of Build Times

Image of Tests

💚 Flaky test report

Tests succeeded.

Expand to view the summary

Test stats 🧪

Test Results
Failed 0
Passed 49609
Skipped 5329
Total 54938

@andrewkroh
Copy link
Member Author

run tests

@ruflin
Copy link
Contributor

ruflin commented Jul 29, 2021

The change overall LGTM and it seems it is also applied. Unfortunately it creates some errors on CI:

[2021-07-29T05:10:30.233Z] Error: failed building metricbeat-oss type=rpm for platform=linux/386: failed while running FPM in docker: running "docker run -e EXEC_UID=1166 -e EXEC_GID=1167 --rm -w /app -v /var/lib/jenkins/workspace/PR-27103-2-40f03fad-a84a-40b6-a27b-97d4b3340237/src/github.com/elastic/beats/metricbeat:/app docker.elastic.co/beats-dev/fpm:1.13.1 fpm --force --input-type tar --output-type rpm --name metricbeat --architecture i686 --rpm-rpmbuild-define _build_id_links none --rpm-digest sha256 --version 8.0.0 --vendor Elastic --license ASL-2.0 --description Metricbeat is a lightweight shipper for metrics. --url https://www.elastic.co/beats/metricbeat --after-install build/package/metricbeat-oss-linux-386.rpm/scripts/systemd-daemon-reload.sh --config-files /etc/metricbeat/modules.d --config-files /etc/metricbeat/metricbeat.yml -p build/distributions/metricbeat-oss-8.0.0-SNAPSHOT-i686.rpm build/distributions/tmp-rpm-metricbeat-8.0.0-SNAPSHOT-linux-i686-1172900051.tar.gz" failed with exit code 125

[2021-07-29T05:10:30.234Z] failed building metricbeat-oss type=deb for platform=linux/386: failed while running FPM in docker: running "docker run -e EXEC_UID=1166 -e EXEC_GID=1167 --rm -w /app -v /var/lib/jenkins/workspace/PR-27103-2-40f03fad-a84a-40b6-a27b-97d4b3340237/src/github.com/elastic/beats/metricbeat:/app docker.elastic.co/beats-dev/fpm:1.13.1 fpm --force --input-type tar --output-type deb --name metricbeat --architecture i386 --version 8.0.0 --vendor Elastic --license ASL-2.0 --description Metricbeat is a lightweight shipper for metrics. --url https://www.elastic.co/beats/metricbeat --after-install build/package/metricbeat-oss-linux-386.deb/scripts/systemd-daemon-reload.sh --config-files /etc/metricbeat/metricbeat.yml --config-files /etc/metricbeat/modules.d -p build/distributions/metricbeat-oss-8.0.0-SNAPSHOT-i386.deb build/distributions/tmp-deb-metricbeat-8.0.0-SNAPSHOT-linux-i386-1912085850.tar.gz" failed with exit code 125

[2021-07-29T05:10:30.234Z] failed building metricbeat-oss type=rpm for platform=linux/arm64: failed while running FPM in docker: running "docker run -e EXEC_UID=1166 -e EXEC_GID=1167 --rm -w /app -v /var/lib/jenkins/workspace/PR-27103-2-40f03fad-a84a-40b6-a27b-97d4b3340237/src/github.com/elastic/beats/metricbeat:/app docker.elastic.co/beats-dev/fpm:1.13.1 fpm --force --input-type tar --output-type rpm --name metricbeat --architecture aarch64 --rpm-rpmbuild-define _build_id_links none --rpm-digest sha256 --version 8.0.0 --vendor Elastic --license ASL-2.0 --description Metricbeat is a lightweight shipper for metrics. --url https://www.elastic.co/beats/metricbeat --after-install build/package/metricbeat-oss-linux-arm64.rpm/scripts/systemd-daemon-reload.sh --config-files /etc/metricbeat/modules.d --config-files /etc/metricbeat/metricbeat.yml -p build/distributions/metricbeat-oss-8.0.0-SNAPSHOT-aarch64.rpm build/distributions/tmp-rpm-metricbeat-8.0.0-SNAPSHOT-linux-aarch64-1436084208.tar.gz" failed with exit code 125

[2021-07-29T05:10:30.234Z] failed building metricbeat-oss type=rpm for platform=linux/amd64: failed while running FPM in docker: running "docker run -e EXEC_UID=1166 -e EXEC_GID=1167 --rm -w /app -v /var/lib/jenkins/workspace/PR-27103-2-40f03fad-a84a-40b6-a27b-97d4b3340237/src/github.com/elastic/beats/metricbeat:/app docker.elastic.co/beats-dev/fpm:1.13.1 fpm --force --input-type tar --output-type rpm --name metricbeat --architecture x86_64 --rpm-rpmbuild-define _build_id_links none --rpm-digest sha256 --version 8.0.0 --vendor Elastic --license ASL-2.0 --description Metricbeat is a lightweight shipper for metrics. --url https://www.elastic.co/beats/metricbeat --after-install build/package/metricbeat-oss-linux-amd64.rpm/scripts/systemd-daemon-reload.sh --config-files /etc/metricbeat/modules.d --config-files /etc/metricbeat/metricbeat.yml -p build/distributions/metricbeat-oss-8.0.0-SNAPSHOT-x86_64.rpm build/distributions/tmp-rpm-metricbeat-8.0.0-SNAPSHOT-linux-x86_64-1601631772.tar.gz" failed with exit code 125

[2021-07-29T05:10:30.234Z] failed building metricbeat-oss type=deb for platform=linux/arm64: failed while running FPM in docker: running "docker run -e EXEC_UID=1166 -e EXEC_GID=1167 --rm -w /app -v /var/lib/jenkins/workspace/PR-27103-2-40f03fad-a84a-40b6-a27b-97d4b3340237/src/github.com/elastic/beats/metricbeat:/app docker.elastic.co/beats-dev/fpm:1.13.1 fpm --force --input-type tar --output-type deb --name metricbeat --architecture arm64 --version 8.0.0 --vendor Elastic --license ASL-2.0 --description Metricbeat is a lightweight shipper for metrics. --url https://www.elastic.co/beats/metricbeat --after-install build/package/metricbeat-oss-linux-arm64.deb/scripts/systemd-daemon-reload.sh --config-files /etc/metricbeat/metricbeat.yml --config-files /etc/metricbeat/modules.d -p build/distributions/metricbeat-oss-8.0.0-SNAPSHOT-arm64.deb build/distributions/tmp-deb-metricbeat-8.0.0-SNAPSHOT-linux-arm64-3552961256.tar.gz" failed with exit code 125

[2021-07-29T05:10:30.234Z] failed building metricbeat-oss type=deb for platform=linux/amd64: failed while running FPM in docker: running "docker run -e EXEC_UID=1166 -e EXEC_GID=1167 --rm -w /app -v /var/lib/jenkins/workspace/PR-27103-2-40f03fad-a84a-40b6-a27b-97d4b3340237/src/github.com/elastic/beats/metricbeat:/app docker.elastic.co/beats-dev/fpm:1.13.1 fpm --force --input-type tar --output-type deb --name metricbeat --architecture amd64 --version 8.0.0 --vendor Elastic --license ASL-2.0 --description Metricbeat is a lightweight shipper for metrics. --url https://www.elastic.co/beats/metricbeat --after-install build/package/metricbeat-oss-linux-amd64.deb/scripts/systemd-daemon-reload.sh --config-files /etc/metricbeat/modules.d --config-files /etc/metricbeat/metricbeat.yml -p build/distributions/metricbeat-oss-8.0.0-SNAPSHOT-amd64.deb build/distributions/tmp-deb-metricbeat-8.0.0-SNAPSHOT-linux-amd64-1256691479.tar.gz" failed with exit code 125

@andrewkroh Any idea what is causing it?

@andrewkroh
Copy link
Member Author

run tests

@andrewkroh
Copy link
Member Author

@andrewkroh Any idea what is causing it?

The new fpm container wasn't published to the container registry.

ruflin
ruflin approved these changes Jul 30, 2021
View reviewed changes
Copy link
Contributor

@ruflin ruflin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I'll remove the automatic 7.14 backport as I would not consider this a bug? @andresrc @andrewkroh How do you think about this change?

@ruflin ruflin removed the backport-v7.14.0 Automated backport with mergify label Jul 30, 2021
@andresrc
Copy link
Contributor

andresrc commented Jul 30, 2021
edited
Loading

I'm ok with leaving it in 7.14.x, but no strong opinion Let's avoid risks and leave it for 7.15

@andrewkroh andrewkroh merged commit be63e87 into elastic:master Jul 30, 2021
mergify bot pushed a commit that referenced this pull request Jul 30, 2021
@andrewkroh
Add sha256 digests to RPM packages (#27103)
5be4d0f 
Fixes #23670

(cherry picked from commit be63e87)
@mergify mergify bot mentioned this pull request Jul 30, 2021
Merged
andrewkroh added a commit that referenced this pull request Aug 3, 2021
@mergify @andrewkroh
Add sha256 digests to RPM packages (#27103) (#27152)
0bf2fe7 
Fixes #23670

(cherry picked from commit be63e87)

Co-authored-by: Andrew Kroh <[email protected]>
@andrewimeson andrewimeson mentioned this pull request Jul 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruflin ruflin ruflin approved these changes

Assignees
No one assigned
Labels
backport-v7.15.0 Automated backport with mergify enhancement Packaging Team:Elastic-Agent Label for the Agent team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sign Beats RPMs w/ SHA256 header for FIPS-enabled Operating Systems
4 participants
@andrewkroh @elasticmachine @ruflin @andresrc