diff --git a/docs/gemstash-configuration.5.md b/docs/gemstash-configuration.5.md index 787e7a6e..58b4965a 100644 --- a/docs/gemstash-configuration.5.md +++ b/docs/gemstash-configuration.5.md @@ -24,6 +24,7 @@ gemstash-configuration :protected_fetch: true :fetch_timeout: 10 :log_file: gemstash.log +:fips: false ``` # Base Path @@ -246,3 +247,18 @@ Any valid file name, or `:stdout` to log to `$stdout` *Note: Using `:stdout` for the `:log_file` requires [running with `--no-daemonize`](docs/gemstash-start.1.md#options).* + +# FIPS + +`:fips` + +Whether or not to use FIPS compliant ciphers. Controls whether +cached files are named using an MD5 hash or a SHA256 hash. + +## Default value + +`false` + +## Valid values + +Boolean values `true` or `false` diff --git a/lib/gemstash/configuration.rb b/lib/gemstash/configuration.rb index 1e703e6d..6f78bad1 100644 --- a/lib/gemstash/configuration.rb +++ b/lib/gemstash/configuration.rb @@ -8,6 +8,7 @@ module Gemstash class Configuration DEFAULTS = { cache_type: "memory", + fips: false, base_path: File.expand_path("~/.gemstash"), db_adapter: "sqlite3", bind: "tcp://0.0.0.0:9292", @@ -78,6 +79,14 @@ def database_connection_config end end + def digest_class + @digest_class ||= if self[:fips] + Digest::SHA256 + else + Digest::MD5 + end + end + private def default_file diff --git a/lib/gemstash/storage_services/local_storage.rb b/lib/gemstash/storage_services/local_storage.rb index e48b6b47..66e0d253 100644 --- a/lib/gemstash/storage_services/local_storage.rb +++ b/lib/gemstash/storage_services/local_storage.rb @@ -118,7 +118,7 @@ def initialize(folder, name) trie_parents = safe_name[0...3].downcase.split("") # The digest is included in case the name differs only by case # Some file systems are case insensitive, so such collisions will be a problem - digest = Digest::MD5.hexdigest(@name) + digest = Gemstash::Env.current.config.digest_class.hexdigest(@name) child_folder = "#{safe_name}-#{digest}" @folder = File.join(@base_path, *trie_parents, child_folder) @properties = nil diff --git a/lib/gemstash/storage_services/s3_storage.rb b/lib/gemstash/storage_services/s3_storage.rb index 2db8491e..13346f80 100644 --- a/lib/gemstash/storage_services/s3_storage.rb +++ b/lib/gemstash/storage_services/s3_storage.rb @@ -105,7 +105,7 @@ def initialize(folder, name, client, bucket_name) @folder = folder @name = name safe_name = sanitize(@name) - digest = Digest::MD5.hexdigest(@name) + digest = Gemstash::Env.current.config.digest_class.hexdigest(@name) child_folder = "#{safe_name}-#{digest}" @folder = File.join(@folder, child_folder) @client = client diff --git a/lib/gemstash/upstream.rb b/lib/gemstash/upstream.rb index e289f6c1..bea17092 100644 --- a/lib/gemstash/upstream.rb +++ b/lib/gemstash/upstream.rb @@ -43,7 +43,7 @@ def host_id private def hash - Digest::MD5.hexdigest(to_s) + Gemstash::Env.current.config.digest_class.hexdigest(to_s) end #:nodoc: diff --git a/spec/gemstash/cli/info_spec.rb b/spec/gemstash/cli/info_spec.rb index 8aadda32..fa7aa4b0 100644 --- a/spec/gemstash/cli/info_spec.rb +++ b/spec/gemstash/cli/info_spec.rb @@ -6,6 +6,7 @@ let(:defaults) do <<~DEFAULT cache_type: memory + fips: false base_path: #{File.expand_path("~/.gemstash")} db_adapter: sqlite3 bind: tcp://0.0.0.0:9292 @@ -18,11 +19,14 @@ puma_workers: 1 cache_expiration: 1800 cache_max_size: 500 + storage_adapter: local + s3_path: gemstash/s3_storage DEFAULT end let(:with_protected_fetch_true) do <<~DEFAULT cache_type: memory + fips: false base_path: #{File.expand_path("~/.gemstash")} db_adapter: sqlite3 bind: tcp://0.0.0.0:9292 @@ -35,6 +39,8 @@ puma_workers: 1 cache_expiration: 1800 cache_max_size: 500 + storage_adapter: local + s3_path: gemstash/s3_storage DEFAULT end let(:cli) do