Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support for RHEL 8 in FIPS mode

See original GitHub issue

VSCode Version: 1.39.1
OS Version: RHEL 8 (Red Hat Enterprise Linux 8)

Steps to Reproduce:

Enable FIPS in RHEL 8
Attempt to install VS Code

Does this issue occur when all extensions are disabled?: n/a

Most likely causes:

VS Code may not officially support RHEL 8
VS Code’s RPM uses a non-FIPS algorithm for the per-file digest and other cryptographic operations, most likely MD5.

[root@rhel8 ~]# dnf install code
Updating Subscription Management repositories.
Dependencies resolved.
==========================================================================================================================================================================
 Package                             Arch                                  Version                                              Repository                           Size
==========================================================================================================================================================================
Installing:
 code                                x86_64                                1.39.1-1570750844.el7                                code                                 77 M

Transaction Summary
==========================================================================================================================================================================
Install  1 Package

Total download size: 77 M
Installed size: 77 M
Is this ok [y/N]: y
Downloading Packages:
code-1.39.1-1570750844.el7.x86_64.rpm                                                                                                     5.6 MB/s |  77 MB     00:13    
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                     5.6 MB/s |  77 MB     00:13     
Running transaction check
Transaction check succeeded.
Running transaction test
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Transaction check error:
  package code-1.39.1-1570750844.el7.x86_64 does not verify: no digest

Error Summary
-------------

Workaround (with RPM in current directory):

[root@rhel8 ~]# rpm --nofiledigest --nodigest --install code-1.39.1-1570750844.el7.x86_64.rpm

Issue Analytics

State:
Created 4 years ago
Reactions:8
Comments:21 (6 by maintainers)

Top GitHub Comments

4reactions

vscodebot[bot]commented, Jan 15, 2020

This feature request is now a candidate for our backlog. The community has 60 days to upvote the issue. If it receives 20 upvotes we will move it to our backlog. If not, we will close it. To learn more about how we handle feature requests, please see our documentation.

Happy Coding!

3reactions

ajkerznercommented, Apr 29, 2020

Here’s my workaround:

rpm-fips --verbose --upgrade $(find /var/cache/dnf/ -iname '*code*.rpm') --nodeps

Where rpm-fips is an alias for rpm --nodigest --nofiledigest.

Top Results From Across the Web

Chapter 3. Installing a RHEL 8 system with FIPS mode ...

Red Hat recommends installing RHEL with FIPS mode enabled, as opposed to enabling FIPS mode later. Enabling FIPS mode during the installation ensures...

Securing Red Hat Enterprise Linux with a single command

IMPORTANT Red Hat recommends installing Red Hat Enterprise Linux 8 with FIPS mode enabled, as opposed to enabling FIPS mode later. Enabling FIPS ......

RHEL 8 must implement NIST FIPS-validated cryptography ...

RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, ...

Red Hat Announces Second FIPS 140-2 Validation for ...

Red Hat has announced the renewal of the Federal Information Processing Standard 140-2 (FIPS 140-2) security validation for Red Hat ...

Guide to the Secure Configuration of Red Hat Enterprise ...

Rule Enable FIPS Mode [ref] ; To enable FIPS mode, run the following command: fips-mode-setup --enable. The fips-mode-setup command will configure the system...