Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-649

"openssl passwd" incorrect on OCP4 with FIPS mode enabled

XMLWordPrintable

    • Qui-Gon [Quay 184], Red5 [Quay 185], Solo [Quay 186], Tarkin [Quay 187], Utapau [Quay 188]

      FIPS mode does not allow OpenSSL APR1 (MD5 hash) which causes Quay config pod to not deploy.

      To recreate:
      1) OCP4 cluster with FIPS mode enabled
      2) Deploy Quay Operator
      3) Notice Quay configuration pod fail with segmentation fault (core dumped) at line 47 in the quay-entrypoint.sh file.

      Check this line in the source:
      printf '%s' "${CONFIG_APP_PASSWORD}" | openssl passwd -apr1 -stdin >> "$QUAYDIR/config_app/conf/htpasswd"

              jonathankingfc Jonathan King
              rhn-gps-gtinsley Gregory Tinsley (Inactive)
              Dongbo Yan Dongbo Yan
              Votes:
              15 Vote for this issue
              Watchers:
              24 Start watching this issue

                Created:
                Updated:
                Resolved: