Skip to content

Install Stork packages in FIPS mode

We got a report on our mailing list that it may be impossible to install Stork packages on the RedHat 9 in FIPS mode enabled.

User's logs:

The error messages from the install are as follows…



Error unpacking rpm package isc-stork-server-1.12.0.230802125029-1.x86_64

Error occurred during transaction.

  Verifying       :  isc-stork-server-1.12.0.230802125029-1.x86_64

Completion plugin: generating completion cache…

Failed: isc-stork-server-1.12.0.230802125029-1.x86_64



Failed:

  isc-stork-server-1.12.0.230802125029-1.x86_64



Error: Transaction failed



###



The dnf.log is showing…



DDEBUG RPM transaction start.

DDEBUG RPM transaction over.

DEBUG Errors occurred during transaction.

DDEBUG timer: verify transaction: 70 ms

DDEBUG timer: transaction: 172 ms

DEBUG Comletion plugin: Generating completion cache…

DEBUG Failed: isc-stork-server-1.12.0.230802125029-1.x86_64

DDEBUG Cleaning up.

DDEBUG Cleaning up.

DDEBUG Plugins were unloaded.

SUBDEBUG

Traceback (most recent call last):

  File “/user/lib/python3.9/site-packages/dnf/cli/main.py”, line 67, in main

    return _main(base, args, cli_class, option_parser_class)

  File “/usr/lib/python3.9/site-package/dnf/cli/main.py”, line 106, in _main

    return cli_run(clci, base)

  File “/usr/lib/python3.9/site-package/dnf/cli/main.py”, line 130, in
cli_run

    ret = resolving(cli, base)

  File “/usr/lib/python3.9/site-package/dnf/cli/main.py”, line 176, in
resolving

    base.do_transaction(display=disiplays)

  File “/usr/lib/python3.9/site-package/dnf/cli/main.py”, line 264, in
do_transaction

    raise dnf.exceptions.Error(_(‘Transaction failed’))

dnf.exceptions.Error: Transaction failed

CRITICAL Error: Transaction failed



###



The dnf.librepo.log is showing…



INFO --- logging initialized ---

SUBDEBUG Installed: isc-stork-server-1.12.0.230802125029-1.x86_64

ERROR ERROR unpacking rpm package
isc-stork-server-1.12.0.230802125029-1.x86_64

User's workaround:

It looks like there are two things you can do.

1. Skip the evaluation of the digest

rpm -ivh isc-stork-server-1.12.0.230802125029-1.x86_64.rpm --nofiledigest --noidgest

2. Disable, run the dnf, then re-enable FIPS

# fips-mode-setup --check
# fips-mode-setup --disable
# fips-mode-setup --check
# shutdown -r now

# dnf install isc-stork-server-1.12.0.230802125029-1.x86_64.rpm
# flips-mode-setup --enable
# fips-mode-setup --check
# shutdown -r now

You may have to reset your update-crypto-policies setting to fix and other issues after reboot.