Forum Discussion

jandersonsgss's avatar
jandersonsgss
New Contributor
2 years ago

Install failure on RHEL9, FIPS mode

I had a problem installing latest 1password on RHEL9 with FIPS mode enabled. I'm fairly certain it's FIPS mode deprecating sha1

```
sudo dnf -y install 1password
Updating Subscription Management repositories.
1Password Stable Channel 14 kB/s | 3.0 kB 00:00

Dependencies resolved.

Package Architecture Version Repository Size

Installing:
1password x86_64 8.10.30-1 1password 134 M

Transaction Summary

Install 1 Package

Total download size: 134 M
Installed size: 615 M
Downloading Packages:

1password-8.10.30.x86_64.rpm 48 MB/s | 134 MB 00:02

Total 48 MB/s | 134 MB 00:02

Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : 1password-8.10.30-1.x86_64 1/1
Error unpacking rpm package 1password-8.10.30-1.x86_64
Verifying : 1password-8.10.30-1.x86_64 1/1
Installed products updated.

Failed:
1password-8.10.30-1.x86_64

Error: Transaction failed

```

I was able to install it successfully by downloading the rpm and disabling cpio digest checking. I didn't have any trouble with the 1password-cli package.

```
[janderson@XXXX Downloads]$ sudo dnf -y install 1password-cli
Updating Subscription Management repositories.
1Password Stable Channel 14 kB/s | 3.0 kB 00:00

Dependencies resolved.

Package Architecture Version Repository Size

Installing:
1password-cli x86_64 2.28.0-1 1password 6.8 M

Transaction Summary

Install 1 Package

Total download size: 6.8 M
Installed size: 22 M
Downloading Packages:

1password-cli-2.28.0-1.x86_64.rpm 14 MB/s | 6.8 MB 00:00

Total 14 MB/s | 6.8 MB 00:00

Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : 1password-cli-2.28.0-1.x86_64 1/1
Running scriptlet: 1password-cli-2.28.0-1.x86_64 1/1
Verifying : 1password-cli-2.28.0-1.x86_64 1/1
Installed products updated.

Installed:
1password-cli-2.28.0-1.x86_64

Complete!
```

See this related bug at RH: https://access.redhat.com/solutions/5336451

Also:
```
$ rpm --checksig -v ./1password-latest.rpm
./1password-latest.rpm:
Header V4 RSA/SHA512 Signature, key ID 2012ea22: OK
Header SHA256 digest: OK
Header SHA1 digest: OK
Payload SHA256 digest: OK
V4 RSA/SHA512 Signature, key ID 2012ea22: OK

$ update-crypto-policies --show
FIPS
```
Maybe it's the SHA1 header digest, which is not allowed in FIPS mode.

JA


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

No RepliesBe the first to reply