Support for SHA256/SHA512 checksumming

Brantley_West · September 9, 2014, 2:44pm

I’m running into an issue using Ansible and MD5 checksumming on a FIPS compliant CentOS KVM system (ValueError: error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips). Unfortunately FIPS-compliant systems/software typically disallow use of MD5 due to collision attack vulnerabilities. Is it possible to add support for SHA256 or SHA512 checksumming, and possibly make it the default option? I’m happy to write up a GitHub Issue if needed.

-bw

Michael_DeHaan1 · September 9, 2014, 3:44pm

Basically referring to the logic to decide if a file needs to be transferred or not?

A GitHub issue doesn’t really do us a lot of good - Open Source is about itch scratching and the likelihood of someone else wanting to scratch your particular itch might be low - but a pull request would be interesting to see.

I’d probably expect to see something configurable in ansible.cfg

Topic		Views
get_url: accepting sha1 checksums Ansible Project	1	July 20, 2015
Ansible on AIX Ansible Project	10	February 13, 2014
copy module identical contents Ansible Project	4	April 20, 2015
Concerns about the vault implementation Ansible Project	3	February 26, 2015
Another warning after update to version 2.2 Ansible Project	2	December 16, 2016

Support for SHA256/SHA512 checksumming

Related topics