[Bugs] [Bug 1702303] New: Enable enable fips-mode-rchecksum for new volumes by default

bugzilla at redhat.com bugzilla at redhat.com
Tue Apr 23 12:52:39 UTC 2019


            Bug ID: 1702303
           Summary: Enable enable fips-mode-rchecksum for new volumes by
           Product: GlusterFS
           Version: mainline
            Status: NEW
         Component: glusterd
          Assignee: bugs at gluster.org
          Reporter: ravishankar at redhat.com
                CC: bugs at gluster.org
  Target Milestone: ---
    Classification: Community

Description of problem:

fips-mode-rchecksum option was provided in GD_OP_VERSION_4_0_0 to maintain
backward compatibility with older AFR so that a cluster operating at an op
version of less than GD_OP_VERSION_4_0_0 used MD5SUM instead of the SHA256 that
would be used if this option was enabled.

But in a freshly created setup with cluster op-version >=GD_OP_VERSION_4_0_0,
we can directly go ahead and use SHA256 without asking the admin to explicitly
set the volume option 'on'. 

In fact in downstream, this created quite a bit of confusion when QE would
created a new glusterfs setup on a FIPS enabled machine and would try out
self-heal test cases (without setting 'fips-mode-rchecksum'  on), leading to
crashes due to non-compliance. Ideally this fix should have been done as a part
of the original commit: "6daa65356 - posix/afr: handle backward compatibility
for rchecksum fop" but I guess it is better late than never.

You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list