Install fails for gcsfuse and FIPS on RHEL8 -> cpio: Digest mismatch

Question

Install fails for gcsfuse and FIPS on RHEL8 -> cpio: Digest mismatch

graham-m-dunn opened this issue a year ago · comments

Describe the issue
RHEL8 system with FIPS enabled fails to install gcsfuse package

On a plain RHEL8 GCE VM (rhel-8-v20230509),

enable FIPS
reboot
get gcsfuse rpm (curl -v -O -L https://github.com/GoogleCloudPlatform/gcsfuse/releases/download/v0.42.5/gcsfuse-0.42.5-1.x86_64.rpm)
attempt to install package

[grahamdunn@rhel-8-test ~]$ sudo rpm -ivh gcsfuse-0.42.5-1.x86_64.rpm 
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:gcsfuse-0.42.5-1                 ################################# [100%]
error: unpacking of archive failed on file /sbin/mount.gcsfuse;64821726: cpio: Digest mismatch
error: gcsfuse-0.42.5-1.x86_64: install failed

System (please complete the following information):

OS: RHEL 8
Platform GCE VM
Version gcsfuse-0.42.5-1

Additional context

-rw-rw-r--. 1 grahamdunn grahamdunn 13932365 Jun  8 17:25 gcsfuse-0.42.5-1.x86_64.rpm
[grahamdunn@rhel-8-test ~]$ sudo rpm -i gcsfuse-0.42.5-1.x86_64.rpm 
error: unpacking of archive failed on file /sbin/mount.gcsfuse;64820f2d: cpio: Digest mismatch
error: gcsfuse-0.42.5-1.x86_64: install failed
[grahamdunn@rhel-8-test ~]$ rpm --checksig -v gcsfuse-0.42.5-1.x86_64.rpm 
gcsfuse-0.42.5-1.x86_64.rpm:
    Header V4 RSA/SHA512 Signature, key ID 3e1ba8d5: OK
    Header SHA256 digest: OK
    Header SHA1 digest: OK
    Payload SHA256 digest: OK

Force works

[grahamdunn@rhel-8-test ~]$ sudo rpm -ivh --nodigest --nofiledigest gcsfuse-0.42.5-1.x86_64.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:gcsfuse-0.42.5-1                 ################################# [100%]
[grahamdunn@rhel-8-test ~]$

dnf.log

2023-06-08T17:58:15+0000 INFO --- logging initialized ---
2023-06-08T17:58:15+0000 DDEBUG timer: config: 5 ms
2023-06-08T17:58:15+0000 DEBUG Loaded plugins: builddep, changelog, config-manager, copr, debug, debuginfo-install, download, generate_completion_cache, groups-manager, needs-restarting, playground, repoclosure, repodiff, repograph, repomanage, reposync
2023-06-08T17:58:15+0000 DEBUG YUM version: 4.7.0
2023-06-08T17:58:15+0000 DDEBUG Command: yum install gcsfuse
2023-06-08T17:58:15+0000 DDEBUG Installroot: /
2023-06-08T17:58:15+0000 DDEBUG Releasever: 8
2023-06-08T17:58:15+0000 DEBUG cachedir: /var/cache/dnf
2023-06-08T17:58:15+0000 DDEBUG Base command: install
2023-06-08T17:58:15+0000 DDEBUG Extra commands: ['install', 'gcsfuse']
2023-06-08T17:58:15+0000 DEBUG User-Agent: constructed: 'libdnf (Red Hat Enterprise Linux 8.7; generic; Linux.x86_64)'
2023-06-08T17:58:15+0000 DEBUG repo: using cache for: gcsfuse
2023-06-08T17:58:15+0000 DEBUG gcsfuse: using metadata from Fri 19 Jan 1940 03:29:18 AM UTC.
2023-06-08T17:58:15+0000 DEBUG repo: using cache for: google-compute-engine
2023-06-08T17:58:15+0000 DEBUG google-compute-engine: using metadata from Sun 18 Nov 1923 05:38:59 PM UTC.
2023-06-08T17:58:15+0000 DEBUG repo: using cache for: google-cloud-sdk
2023-06-08T17:58:15+0000 DEBUG google-cloud-sdk: using metadata from Sat 11 Apr 1987 10:54:10 AM UTC.
2023-06-08T17:58:15+0000 DEBUG repo: using cache for: rhui-codeready-builder-for-rhel-8-x86_64-rhui-debug-rpms
2023-06-08T17:58:15+0000 DEBUG rhui-codeready-builder-for-rhel-8-x86_64-rhui-debug-rpms: using metadata from Sun 04 Jun 2023 09:18:52 AM UTC.
2023-06-08T17:58:15+0000 DEBUG repo: using cache for: rhui-codeready-builder-for-rhel-8-x86_64-rhui-rpms
2023-06-08T17:58:16+0000 DEBUG rhui-codeready-builder-for-rhel-8-x86_64-rhui-rpms: using metadata from Sun 04 Jun 2023 09:18:06 AM UTC.
2023-06-08T17:58:16+0000 DEBUG repo: using cache for: rhui-codeready-builder-for-rhel-8-x86_64-rhui-source-rpms
2023-06-08T17:58:16+0000 DEBUG rhui-codeready-builder-for-rhel-8-x86_64-rhui-source-rpms: using metadata from Tue 16 May 2023 07:07:12 AM UTC.
2023-06-08T17:58:16+0000 DEBUG repo: using cache for: rhui-rhel-8-for-x86_64-appstream-rhui-debug-rpms
2023-06-08T17:58:16+0000 DEBUG rhui-rhel-8-for-x86_64-appstream-rhui-debug-rpms: using metadata from Tue 06 Jun 2023 12:51:46 PM UTC.
2023-06-08T17:58:16+0000 DEBUG repo: using cache for: rhui-rhel-8-for-x86_64-appstream-rhui-rpms
2023-06-08T17:58:16+0000 DEBUG rhui-rhel-8-for-x86_64-appstream-rhui-rpms: using metadata from Tue 06 Jun 2023 12:52:10 PM UTC.
2023-06-08T17:58:16+0000 DEBUG repo: using cache for: rhui-rhel-8-for-x86_64-appstream-rhui-source-rpms
2023-06-08T17:58:16+0000 DEBUG rhui-rhel-8-for-x86_64-appstream-rhui-source-rpms: using metadata from Mon 05 Jun 2023 08:11:54 AM UTC.
2023-06-08T17:58:16+0000 DEBUG repo: using cache for: rhui-rhel-8-for-x86_64-baseos-rhui-debug-rpms
2023-06-08T17:58:16+0000 DEBUG rhui-rhel-8-for-x86_64-baseos-rhui-debug-rpms: using metadata from Sun 04 Jun 2023 09:00:42 AM UTC.
2023-06-08T17:58:16+0000 DEBUG repo: using cache for: rhui-rhel-8-for-x86_64-baseos-rhui-rpms
2023-06-08T17:58:17+0000 DEBUG rhui-rhel-8-for-x86_64-baseos-rhui-rpms: using metadata from Sun 04 Jun 2023 09:00:55 AM UTC.
2023-06-08T17:58:17+0000 DEBUG repo: using cache for: rhui-rhel-8-for-x86_64-baseos-rhui-source-rpms
2023-06-08T17:58:17+0000 DEBUG rhui-rhel-8-for-x86_64-baseos-rhui-source-rpms: using metadata from Wed 31 May 2023 06:44:58 PM UTC.
2023-06-08T17:58:17+0000 DEBUG repo: using cache for: rhui-rhel-8-for-x86_64-highavailability-debug-rhui-rpms
2023-06-08T17:58:17+0000 DEBUG rhui-rhel-8-for-x86_64-highavailability-debug-rhui-rpms: using metadata from Tue 16 May 2023 07:06:56 AM UTC.
2023-06-08T17:58:17+0000 DEBUG repo: using cache for: rhui-rhel-8-for-x86_64-highavailability-rhui-rpms
2023-06-08T17:58:17+0000 DEBUG rhui-rhel-8-for-x86_64-highavailability-rhui-rpms: using metadata from Tue 16 May 2023 09:40:50 AM UTC.
2023-06-08T17:58:17+0000 DEBUG repo: using cache for: rhui-rhel-8-for-x86_64-highavailability-source-rhui-rpms
2023-06-08T17:58:17+0000 DEBUG rhui-rhel-8-for-x86_64-highavailability-source-rhui-rpms: using metadata from Tue 16 May 2023 09:40:39 AM UTC.
2023-06-08T17:58:17+0000 DEBUG repo: using cache for: rhui-rhel-8-for-x86_64-supplementary-rhui-debug-rpms
2023-06-08T17:58:17+0000 DEBUG rhui-rhel-8-for-x86_64-supplementary-rhui-debug-rpms: using metadata from Fri 04 Nov 2022 01:06:52 PM UTC.
2023-06-08T17:58:17+0000 DEBUG repo: using cache for: rhui-rhel-8-for-x86_64-supplementary-rhui-rpms
2023-06-08T17:58:17+0000 DEBUG rhui-rhel-8-for-x86_64-supplementary-rhui-rpms: using metadata from Tue 16 May 2023 10:55:03 AM UTC.
2023-06-08T17:58:17+0000 DEBUG repo: using cache for: rhui-rhel-8-for-x86_64-supplementary-rhui-source-rpms
2023-06-08T17:58:17+0000 DEBUG rhui-rhel-8-for-x86_64-supplementary-rhui-source-rpms: using metadata from Fri 04 Nov 2022 01:06:52 PM UTC.
2023-06-08T17:58:17+0000 INFO Last metadata expiration check: 0:00:09 ago on Thu 08 Jun 2023 05:58:08 PM UTC.
2023-06-08T17:58:20+0000 DDEBUG timer: sack setup: 4494 ms
2023-06-08T17:58:20+0000 DEBUG --> Starting dependency resolution
2023-06-08T17:58:20+0000 DEBUG ---> Package gcsfuse.x86_64 0.42.5-1 will be installed
2023-06-08T17:58:20+0000 DEBUG --> Finished dependency resolution
2023-06-08T17:58:20+0000 DDEBUG timer: depsolve: 159 ms
2023-06-08T17:58:20+0000 INFO Dependencies resolved.
2023-06-08T17:58:20+0000 INFO ============================================================================================================
 Package                  Architecture            Version                    Repository                Size
============================================================================================================
Installing:
 ^[[1m^[[32mgcsfuse                 ^[(B^[[m x86_64                  0.42.5-1                   gcsfuse                   13 M

Transaction Summary
============================================================================================================
Install  1 Package

2023-06-08T17:58:20+0000 INFO Total download size: 13 M
2023-06-08T17:58:20+0000 INFO Installed size: 30 M
2023-06-08T17:58:22+0000 INFO Downloading Packages:
2023-06-08T17:58:23+0000 INFO ------------------------------------------------------------------------------------------------------------
2023-06-08T17:58:23+0000 INFO Total                                                                        12 MB/s |  13 MB     00:01
2023-06-08T17:58:23+0000 DEBUG Using rpmkeys executable at /bin/rpmkeys to verify signatures
2023-06-08T17:58:23+0000 INFO Running transaction check
2023-06-08T17:58:23+0000 INFO Transaction check succeeded.
2023-06-08T17:58:23+0000 INFO Running transaction test
2023-06-08T17:58:23+0000 INFO Transaction test succeeded.
2023-06-08T17:58:23+0000 DDEBUG timer: transaction test: 49 ms
2023-06-08T17:58:23+0000 INFO Running transaction
2023-06-08T17:58:23+0000 DDEBUG RPM transaction start.
2023-06-08T17:58:24+0000 DDEBUG RPM transaction over.
2023-06-08T17:58:24+0000 DEBUG Errors occurred during transaction.
2023-06-08T17:58:24+0000 DDEBUG timer: verify transaction: 230 ms
2023-06-08T17:58:24+0000 DDEBUG timer: transaction: 346 ms
2023-06-08T17:58:24+0000 DEBUG Completion plugin: Generating completion cache...
2023-06-08T17:58:24+0000 DEBUG Failed: gcsfuse-0.42.5-1.x86_64
2023-06-08T17:58:24+0000 DDEBUG Cleaning up.
2023-06-08T17:58:24+0000 DDEBUG /var/cache/dnf/gcsfuse-02a779405be8e770/packages/c0b5a40e2cf6bcc1d18a5ddfff6ff15be949820cd917cd4d57888a0bd56733be-gcsfuse-0.42.5-1.x86_64.rpm removed
2023-06-08T17:58:24+0000 SUBDEBUG
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 67, in main
    return _main(base, args, cli_class, option_parser_class)
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 106, in _main
    return cli_run(cli, base)
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 130, in cli_run
    ret = resolving(cli, base)
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 176, in resolving
    base.do_transaction(display=displays)
  File "/usr/lib/python3.6/site-packages/dnf/cli/cli.py", line 264, in do_transaction
    raise dnf.exceptions.Error(_('Transaction failed'))
dnf.exceptions.Error: Transaction failed
2023-06-08T17:58:24+0000 CRITICAL Error: Transaction failed

Prince Kumar · Answer 1 · Mon Jun 12 2023 16:04:53 GMT+0800 (China Standard Time)

Thanks @graham-m-dunn for reporting this issue!
I am able to reproduce this issue. Also, I found same issue with multiple different packages on google, but didn't find any standard solution to fix this issue.

Maybe I have to do a little experiment with --rpm-digest in the fpm command. - Ref

We will update the thread as soon as get the right fix for this.

Prince Kumar · Answer 2 · Mon Jul 03 2023 18:23:25 GMT+0800 (China Standard Time)

Just to update here, by building the package with --rpm-digest (sha256) works fine while installing on FIPS enabled RHEL8 system.

https://bugzilla.redhat.com/show_bug.cgi?id=1659053 - This post also supports this fix.

As this requires testing on other rpm based linux OS. We'll evaluate the fix within the team and will update here accordingly.

Prince Kumar · Answer 3 · Wed Jul 12 2023 19:51:37 GMT+0800 (China Standard Time)

The fix has been merged. This issue will be fix in the next released build v1.0.1.

Ashmeen Kaur · Answer 4 · Fri Jul 28 2023 17:06:27 GMT+0800 (China Standard Time)

Hi @graham-m-dunn,
GCSFuse v1.0.1 fixes this issue. Please feel free to re-open incase you still run into any failure.

Thanks