Thanks for your replies.
In short, our system is configured to run in FIPS mode (Federal Information
Processing Standard). In this mode, md5 is not an allowed cryptographic
algorithm and SCons will not work at all if we don't patch it (unless we
change it to check timestamps instead). Our current patch makes SCons only
work in sha256 mode which I fully understand is not desirable. Once we get
a chance we will rework the patch to make it an option and move forward from
there to work with you all.
Thanks again,
Ryan
Post by Bill DeeganRyan,
Curious why SCons would be run in an SELinux environment and what
changes you'd expect to need to make it run as such?
(Are you planning to run SCons with elevated privileges (as root for
example)?)
I can't see any reason why sha256 couldn't be used instead of MD5.
I agree, just please don't make it the default. SHA256 is much slower
than MD5.
(And, no, SCons does *not* need a more secure hash function. MD5's
properties are perfectly suitable for SCons's purposes.)
M.
Post by Bill DeeganHowever such change would need to be compatible with existing md5 based
sconsigns so it might be a bit more complicated that just changing the
hash used.
Feel free to make a pull request via github and we can review and help
guide the patches into something the project could merge.
Thanks,
Bill
SCons Project Co-Manager
On Mon, Aug 13, 2018 at 7:45 AM, RUHGE, RYAN L CTR USAF AFMC
AFLCMC/HBAW-OL <ryan.ruhge.ctr at us.af.mil
<https://pairlist4.pair.net/mailman/listinfo/scons-users>
Post by Bill Deegan<mailto:ryan.ruhge.ctr at us.af.mil
Currently we have to patch SCons to use sha256 detection for
detecting file changes when building to meet security requirements.
Could SCons be updated to support FIPS/SELinux natively, via a
command line option possibly?____
__ __
//SIGNED//____
Ryan L. Ruhge____
Cloud Analysis Forecast____
Contractor, 557th Weather Wing/SEMS____
Bld 185 Rm 2420-01____
402.232.0534____
ryan.ruhge.ctr at us.af.mil
<https://pairlist4.pair.net/mailman/listinfo/scons-users>
<mailto:ryan.ruhge.ctr at us.af.mil
<https://pairlist4.pair.net/mailman/listinfo/scons-users> >____
Post by Bill Deegan__ __
_______________________________________________
Scons-users mailing list
Scons-users at scons.org
<https://pairlist4.pair.net/mailman/listinfo/scons-users>
<mailto:Scons-users at scons.org
<https://pairlist4.pair.net/mailman/listinfo/scons-users> >
Post by Bill Deeganhttps://pairlist4.pair.net/mailman/listinfo/scons-users
<https://pairlist4.pair.net/mailman/listinfo/scons-users>
_______________________________________________
Scons-users mailing list
Scons-users at scons.org
<https://pairlist4.pair.net/mailman/listinfo/scons-users>
Post by Bill Deeganhttps://pairlist4.pair.net/mailman/listinfo/scons-users
//SIGNED//
Ryan L. Ruhge
Cloud Analysis Forecast
Contractor, 557th Weather Wing/SEMS
Bld 185 Rm 2420-01
402.232.0534
***@us.af.mil