-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: replace hash routine md5 with sha256 #12722
Conversation
swapping out the md5 hash routine with sha256 (truncated to 32 chars) and base64url encoded. this allows jest to run on a system where openssl is in a fips enabled mode.
Hi @darmbrust! Thank you for your pull request and welcome to our community. Action RequiredIn order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you. ProcessIn order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with If you have received this in error or have any questions, please contact us at [email protected]. Thanks! |
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool thanks! Do you know of a way we can run our tests on a fips system? Via some docker image or something?
Also, please add a changelog entry 🙂
I'm unable to find any way of actually testing this (and not even any eslint rule to ban md5), so this is a best effort thing that will probably break. However, can land for now to hopefully unblock folks |
If you have redhat 8 running in a VM or something, enabling fips mode is pretty easy: Its a bit trickier in a docker image, because there is a kernel boot flag involved, which you can't set independently for a docker container. I couldn't find any way to get openssl to come back out of fips mode when it saw that kernel flag. |
If we could get something running on GH Actions, that'd be awesome. Or some other CI provider I guess |
Co-authored-by: Dan Armbrust <[email protected]>
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
swapping out the md5 hash routine with sha256 (truncated to 32 chars)
and base64url encoded.
this allows jest to run on a system where openssl is in a fips enabled
mode.
Summary
#10726
Test plan
ran e2e tests.