[Scons-users] Feature Request: Add Support for detecting build changes via sha256

RUHGE, RYAN L CTR USAF AFMC AFLCMC/HBAW-OL ryan.ruhge.ctr at us.af.mil
Wed Aug 15 09:30:51 EDT 2018


Thanks for your replies.
 
In short, our system is configured to run in FIPS mode (Federal Information
Processing Standard).  In this mode, md5 is not an allowed cryptographic
algorithm and SCons will not work at all if we don't patch it (unless we
change it to check timestamps instead).  Our current patch makes SCons only
work in sha256 mode which I fully understand is not desirable.  Once we get
a chance we will rework the patch to make it an option and move forward from
there to work with you all.
 
Thanks again,
Ryan
 
On 2018-08-13 05:19 PM, Bill Deegan wrote:
> Ryan,
> 
> Curious why SCons would be run in an SELinux environment and what 
> changes you'd expect to need to make it run as such?
> (Are you planning to run SCons with elevated privileges (as root for 
> example)?)
> 
> I can't see any reason why sha256 couldn't be used instead of MD5.
 
I agree, just please don't make it the default.  SHA256 is much slower 
than MD5.
 
(And, no, SCons does *not* need a more secure hash function.  MD5's 
properties are perfectly suitable for SCons's purposes.)
 
               M.
 
 
> However such change would need to be compatible with existing md5 based 
> sconsigns so it might be a bit more complicated that just changing the 
> hash used.
> 
> Feel free to make a pull request via github and we can review and help 
> guide the patches into something the project could merge.
> 
> Thanks,
> Bill
> SCons Project Co-Manager
> 
> On Mon, Aug 13, 2018 at 7:45 AM, RUHGE, RYAN L CTR USAF AFMC 
> AFLCMC/HBAW-OL <ryan.ruhge.ctr at us.af.mil
<https://pairlist4.pair.net/mailman/listinfo/scons-users>  
> <mailto:ryan.ruhge.ctr at us.af.mil
<https://pairlist4.pair.net/mailman/listinfo/scons-users> >> wrote:
> 
>     Currently we have to patch SCons to use sha256 detection for
>     detecting file changes when building to meet security requirements. 
>     Could SCons be updated to support FIPS/SELinux natively, via a
>     command line option possibly?____
> 
>     __ __
> 
>     //SIGNED//____
> 
>     Ryan L. Ruhge____
> 
>     Cloud Analysis Forecast____
> 
>     Contractor, 557th Weather Wing/SEMS____
> 
>     Bld 185 Rm 2420-01____
> 
>     402.232.0534____
> 
>     ryan.ruhge.ctr at us.af.mil
<https://pairlist4.pair.net/mailman/listinfo/scons-users>
<mailto:ryan.ruhge.ctr at us.af.mil
<https://pairlist4.pair.net/mailman/listinfo/scons-users> >____
> 
>     __ __
> 
> 
>     _______________________________________________
>     Scons-users mailing list
>     Scons-users at scons.org
<https://pairlist4.pair.net/mailman/listinfo/scons-users>
<mailto:Scons-users at scons.org
<https://pairlist4.pair.net/mailman/listinfo/scons-users> >
>     https://pairlist4.pair.net/mailman/listinfo/scons-users
>     <https://pairlist4.pair.net/mailman/listinfo/scons-users>
> 
> 
> 
> 
> _______________________________________________
> Scons-users mailing list
> Scons-users at scons.org
<https://pairlist4.pair.net/mailman/listinfo/scons-users> 
> https://pairlist4.pair.net/mailman/listinfo/scons-users
> 

 

 

//SIGNED//

Ryan L. Ruhge

Cloud Analysis Forecast

Contractor, 557th Weather Wing/SEMS

Bld 185 Rm 2420-01

402.232.0534

ryan.ruhge.ctr at us.af.mil

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist4.pair.net/pipermail/scons-users/attachments/20180815/154bdc75/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6640 bytes
Desc: not available
URL: <https://pairlist4.pair.net/pipermail/scons-users/attachments/20180815/154bdc75/attachment.bin>


More information about the Scons-users mailing list