You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're testing our project on FIPS-enabled systems, and currently when we execute poetry run nox, we get the following error:
nox > Session test-3.11 raised exception UnsupportedDigestmodError('[digital envelope routines] unsupported')
Traceback (most recent call last):
File "/home/test/.cache/pypoetry/virtualenvs/test-4pXmM19U-py3.11/lib/python3.11/site-packages/nox/sessions.py", line 995, in execute
self.func(session)
File "/home/test/.cache/pypoetry/virtualenvs/test-4pXmM19U-py3.11/lib/python3.11/site-packages/nox/_decorators.py", line 86, in __call__
return self.func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/test/.cache/pypoetry/virtualenvs/test-4pXmM19U-py3.11/lib/python3.11/site-packages/nox_poetry/sessions.py", line 43, in wrapper
function(proxy, *_args, **_kwargs)
File "/builds/test/test/noxfile.py", line 43, in test
s.install(
File "/home/test/.cache/pypoetry/virtualenvs/test-4pXmM19U-py3.11/lib/python3.11/site-packages/nox_poetry/sessions.py", line 292, in install
return self.poetry.install(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/test/.cache/pypoetry/virtualenvs/test-4pXmM19U-py3.11/lib/python3.11/site-packages/nox_poetry/sessions.py", line 147, in install
requirements = self.export_requirements()
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/test/.cache/pypoetry/virtualenvs/test-4pXmM19U-py3.11/lib/python3.11/site-packages/nox_poetry/sessions.py", line 224, in export_requirements
digest = hashlib.blake2b(lockdata).hexdigest()
^^^^^^^^^^^^^^^^^^^^^^^^^
_hashlib.UnsupportedDigestmodError: [digital envelope routines] unsupported
nox > Session test-3.11 failed.
This is due to blake2b not being a FIPS-compliant algorithm.
From what I can see, this could be solved by changing the algorithm to sha256 or another compliant algorithm, or setting usedforsecurity=False. As I understand it, this hashing is just used to check that the exported requirements.txt hasn't changed, so it would be fine to set the second option. Could this be done? We love this integration and it makes our testing and integration much easier.
The text was updated successfully, but these errors were encountered:
We're testing our project on FIPS-enabled systems, and currently when we execute
poetry run nox, we get the following error:This is due to
blake2bnot being a FIPS-compliant algorithm.From what I can see, this could be solved by changing the algorithm to
sha256or another compliant algorithm, or settingusedforsecurity=False. As I understand it, this hashing is just used to check that the exported requirements.txt hasn't changed, so it would be fine to set the second option. Could this be done? We love this integration and it makes our testing and integration much easier.The text was updated successfully, but these errors were encountered: