Install failure on RHEL9, FIPS mode
Options
jandersonsgss
Community Member
in Linux
I had a problem installing latest 1password on RHEL9 with FIPS mode enabled. I'm fairly certain it's FIPS mode deprecating sha1
sudo dnf -y install 1password Updating Subscription Management repositories. 1Password Stable Channel 14 kB/s | 3.0 kB 00:00 Dependencies resolved. ========================================================================================================================================================== Package Architecture Version Repository Size ========================================================================================================================================================== Installing: 1password x86_64 8.10.30-1 1password 134 M Transaction Summary ========================================================================================================================================================== Install 1 Package Total download size: 134 M Installed size: 615 M Downloading Packages: 1password-8.10.30.x86_64.rpm 48 MB/s | 134 MB 00:02 ---------------------------------------------------------------------------------------------------------------------------------------------------------- Total 48 MB/s | 134 MB 00:02 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : 1password-8.10.30-1.x86_64 1/1 Error unpacking rpm package 1password-8.10.30-1.x86_64 Verifying : 1password-8.10.30-1.x86_64 1/1 Installed products updated. Failed: 1password-8.10.30-1.x86_64 Error: Transaction failed
I was able to install it successfully by downloading the rpm and disabling cpio digest checking. I didn't have any trouble with the 1password-cli package.
[janderson@XXXX Downloads]$ sudo dnf -y install 1password-cli Updating Subscription Management repositories. 1Password Stable Channel 14 kB/s | 3.0 kB 00:00 Dependencies resolved. ================================================================================ Package Architecture Version Repository Size ================================================================================ Installing: 1password-cli x86_64 2.28.0-1 1password 6.8 M Transaction Summary ================================================================================ Install 1 Package Total download size: 6.8 M Installed size: 22 M Downloading Packages: 1password-cli-2.28.0-1.x86_64.rpm 14 MB/s | 6.8 MB 00:00 -------------------------------------------------------------------------------- Total 14 MB/s | 6.8 MB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : 1password-cli-2.28.0-1.x86_64 1/1 Running scriptlet: 1password-cli-2.28.0-1.x86_64 1/1 Verifying : 1password-cli-2.28.0-1.x86_64 1/1 Installed products updated. Installed: 1password-cli-2.28.0-1.x86_64 Complete!
See this related bug at RH: https://access.redhat.com/solutions/5336451
Also:
$ rpm --checksig -v ./1password-latest.rpm
./1password-latest.rpm:
Header V4 RSA/SHA512 Signature, key ID 2012ea22: OK
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA512 Signature, key ID 2012ea22: OK
$ update-crypto-policies --show
FIPS
Maybe it's the SHA1 header digest, which is not allowed in FIPS mode.
JA
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
0