fix: use sha1 instead of md5 to make the installer work in FIPS (#1260)

Co-authored-by: RaviTeja Buddabathuni (rbuddaba) <rbuddaba@cisco.com>
2026-03-27 05:43:11 +00:00 · 2023-03-08 14:10:27 -06:00
parent b1ecc89759
commit 6cae8dfa32
1 changed files with 2 additions and 2 deletions
--- a/roles/installer/templates/deployments/deployment.yaml.j2
+++ b/roles/installer/templates/deployments/deployment.yaml.j2
@@ -27,7 +27,7 @@ spec:
    "secrets/app_credentials",
    "storage/persistent",
  ] %}
-        checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | md5 }}"
+        checksum-{{ template | replace('/', '-') }}: "{{ lookup('template', template + '.yaml.j2') | sha1 }}"
 {% endfor %}
 {% for secret in [
    "bundle_cacert",
@@ -37,7 +37,7 @@ spec:
    "receptor_ca",
    "receptor_work_signing",
  ] %}
-        checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | md5 }}"
+        checksum-secret-{{ secret }}: "{{ lookup('ansible.builtin.vars', secret, default='')["resources"][0]["data"] | default('') | sha1 }}"
 {% endfor %}
 {% if annotations %}
        {{ annotations | indent(width=8) }}