FIPS mode working for RHEL but not necessarily CentOS?

Per the " Installing Foreman 2.5 server with Katello 4.1 plugin on Enterprise Linux" documentation:

"FIPS Mode

You can install Foreman server on a Red Hat Enterprise Linux system that is operating in FIPS mode."

I tried installing Katello on a fresh CentOS 8 machine and ran into an error where the puppetserver-6 package could not verify due to an issue with SHA256. Can someone confirm that FIPS works ONLY on RHEL and not necessarily on CentOS or should I upload more information about my error?

I’ll upload the issue anyway I guess:


what our docs says is correct:

It does not tell anything about RHEL clones, see, there are differences between RHEL and its clones. These are subtle, but they are there. We do not test FIPS mode on any other OS than RHEL, unless someone from @atix or @netways fill me in.

I am going to leave a warning in the docs:

Now, that does not mean you cannot achieve that. You will need to dig further and come back to us with specific questions and we might be able to help you out.

Awesome! Thank you for quick turnaround.

“Now, that does not mean you cannot achieve that.”

Oh hell no. I’m not about to fight trying to get software playing nice when it wasn’t tested to do so. I can live without FIPS for the purposes of Katello.

Thanks again!

1 Like

For what it’s worth, I know various upstream developers use CentOS in FIPS mode to develop.

As for the signature on puppetserver, I’d recommend reporting it to since only they can fix it. We just consume the third party repository. You will hit this regardless of whether it’s RHEL or CentOS.