upstream/icinga-powershell-framework
1
0
Fork 0
mirror of https://github.com/Icinga/icinga-powershell-framework.git synced 2026-02-03 12:19:29 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixes FIPS exception caused by MD5 hash usage

Browse source
This commit is contained in:
Lord Hepipud 2025-12-30 16:26:53 +01:00
parent 326d1fe3e5
commit d8767bb2fa
5 changed files with 16 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/100-General/10-Changelog.md
View file

@ -13,6 +13,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
### Bugfixes ### Bugfixes
* [#783](https://github.com/Icinga/icinga-powershell-framework/issues/783) Fixes possible FIPS exception on some Windows machines, caused by `MD5` hash algorithm used to verify the service binary file integrity after download instead of `SHA256`
* [#814](https://github.com/Icinga/icinga-powershell-framework/pull/814) Fixes random chars function to truly generate unpredictable character sequences and to replace `Get-Random` which is not entirely secure * [#814](https://github.com/Icinga/icinga-powershell-framework/pull/814) Fixes random chars function to truly generate unpredictable character sequences and to replace `Get-Random` which is not entirely secure
* [#815](https://github.com/Icinga/icinga-powershell-framework/pull/815) Fixes a possible crash for `Test-IcingaAddTypeExist`, causing the Icinga for Windows installation to fail when third party components are checked which are malfunctioning * [#815](https://github.com/Icinga/icinga-powershell-framework/pull/815) Fixes a possible crash for `Test-IcingaAddTypeExist`, causing the Icinga for Windows installation to fail when third party components are checked which are malfunctioning
* [#816](https://github.com/Icinga/icinga-powershell-framework/issues/816) Fixes plugin execution error while using any `%IfNotMatch`/`%IfNotLike`/`%IfMatch`/`%IfLike` check function for strings containing special characters like `:` * [#816](https://github.com/Icinga/icinga-powershell-framework/issues/816) Fixes plugin execution error while using any `%IfNotMatch`/`%IfNotLike`/`%IfMatch`/`%IfLike` check function for strings containing special characters like `:`

2
doc/120-Repository-Manager/07-Create-Own-Repositories.md
View file

@ -6,7 +6,7 @@ Besides [adding](01-Add-Repositories.md) and/or [syncing](02-Sync-Repositories.m
To prepare your new repository, you will simply require an `empty` folder somewhere on your local Windows machine or accessible network share. For example we can create a new folder directly under `C:`, like `C:\icinga_repositories\custom`. To prepare your new repository, you will simply require an `empty` folder somewhere on your local Windows machine or accessible network share. For example we can create a new folder directly under `C:`, like `C:\icinga_repositories\custom`.
Now after having an `empty` folder, copy all files you want to add to this repository there. This includes the `.zip` files for Icinga for Windows components, the Icinga Agents `.msi` files and the Icinga for Windows `Service` `.zip` files which include the `.exe` and the `.md5` hash file. Now after having an `empty` folder, copy all files you want to add to this repository there. This includes the `.zip` files for Icinga for Windows components, the Icinga Agents `.msi` files and the Icinga for Windows `Service` `.zip` files which include the `.exe` and the `.sha256` hash file.
## Initialize The Repository ## Initialize The Repository

2
lib/core/framework/Get-IcingaFrameworkServiceBinary.psm1
View file

@ -80,7 +80,7 @@ function Get-IcingaFrameworkServiceBinary()
} }
if ((Test-IcingaZipBinaryChecksum -Path $TmpServiceBin) -eq $FALSE) { if ((Test-IcingaZipBinaryChecksum -Path $TmpServiceBin) -eq $FALSE) {
throw 'The checksum of the downloaded file and the required MD5 hash are not matching'; throw 'The checksum of the downloaded file and the required SHA256 hash are not matching';
} }
Copy-ItemSecure -Path $TmpServiceBin -Destination $UpdateBin -Force | Out-Null; Copy-ItemSecure -Path $TmpServiceBin -Destination $UpdateBin -Force | Out-Null;

24
lib/core/framework/Test-IcingaZipBinaryChecksum.psm1
View file

@ -1,18 +1,18 @@
<# <#
.SYNOPSIS .SYNOPSIS
Compares a binary within a .zip file to a included .md5 to ensure Compares a binary within a .zip file to a included .sha256 to ensure
the checksum is matching the checksum is matching
.DESCRIPTION .DESCRIPTION
Compares a possible included .md5 checksum file with the provided binary Compares a possible included .sha256 checksum file with the provided binary
to ensure they are identical to ensure they are identical
.FUNCTIONALITY .FUNCTIONALITY
Compares a binary within a .zip file to a included .md5 to ensure Compares a binary within a .zip file to a included .sha256 to ensure
the checksum is matching. the checksum is matching.
.EXAMPLE .EXAMPLE
PS>Test-IcingaZipBinaryChecksum -Path 'C:\Program Files\icinga-service\icinga-service.exe'; PS>Test-IcingaZipBinaryChecksum -Path 'C:\Program Files\icinga-service\icinga-service.exe';
.PARAMETER Path .PARAMETER Path
Path to the binary to be checked for. A Corresponding .md5 file with the Path to the binary to be checked for. A Corresponding .sha256 file with the
extension added on the file is required, like icinga-service.exe.md5 extension added on the file is required, like icinga-service.exe.sha256
.INPUTS .INPUTS
System.String System.String
.OUTPUTS .OUTPUTS
@ -27,18 +27,18 @@ function Test-IcingaZipBinaryChecksum()
$Path $Path
); );
$MD5Path = [string]::Format('{0}.md5', $Path); $SHA256Path = [string]::Format('{0}.sha256', $Path);
if ((Test-Path $MD5Path) -eq $FALSE) { if ((Test-Path $SHA256Path) -eq $FALSE) {
return $TRUE; return $FALSE;
} }
[string]$MD5Checksum = Get-Content $MD5Path; [string]$SHA256Checksum = Get-Content $SHA256Path;
$MD5Checksum = ($MD5Checksum.Split(' ')[0]).ToLower(); $SHA256Checksum = ($SHA256Checksum.Split(' ')[0]).ToLower();
$FileHash = ((Get-IcingaFileHash $Path -Algorithm MD5).Hash).ToLower(); $FileHash = ((Get-IcingaFileHash $Path -Algorithm SHA256).Hash).ToLower();
if ($MD5Checksum -ne $FileHash) { if ($SHA256Checksum -ne $FileHash) {
return $FALSE; return $FALSE;
} }

2
lib/core/framework/Uninstall-IcingaForWindowsService.psm1
View file

@ -55,7 +55,7 @@ function Uninstall-IcingaForWindowsService()
$ServiceFolderContent = Get-ChildItem -Path $ServiceData.Directory; $ServiceFolderContent = Get-ChildItem -Path $ServiceData.Directory;
foreach ($entry in $ServiceFolderContent) { foreach ($entry in $ServiceFolderContent) {
if ($entry.Name -eq 'icinga-service.exe' -Or $entry.Name -eq 'icinga-service.exe.md5' -Or $entry.Name -eq 'icinga-service.exe.update') { if ($entry.Name -eq 'icinga-service.exe' -Or $entry.Name -eq 'icinga-service.exe.md5' -Or $entry.Name -eq 'icinga-service.exe.sha256' -Or $entry.Name -eq 'icinga-service.exe.update') {
Remove-Item $entry.FullName -Force; Remove-Item $entry.FullName -Force;
Write-IcingaConsoleNotice 'Removing file "{0}"' -Objects $entry.FullName; Write-IcingaConsoleNotice 'Removing file "{0}"' -Objects $entry.FullName;
} }