rubygems · benklop · Mar 18, 2021 · Mar 18, 2021 · Mar 18, 2021 · Mar 19, 2021
diff --git a/docs/gemstash-configuration.5.md b/docs/gemstash-configuration.5.md
@@ -24,6 +24,7 @@ gemstash-configuration
 :protected_fetch: true
 :fetch_timeout: 10
 :log_file: gemstash.log
+:fips: false
 ```
 
 # Base Path
@@ -246,3 +247,18 @@ Any valid file name, or `:stdout` to log to `$stdout`
 
 *Note: Using `:stdout` for the `:log_file` requires [running with
 `--no-daemonize`](docs/gemstash-start.1.md#options).*
+
+# FIPS
+
+`:fips`
+
+Whether or not to use FIPS compliant ciphers. Controls whether
+cached files are named using an MD5 hash or a SHA256 hash.
+
+## Default value
+
+`false`
+
+## Valid values
+
+Boolean values `true` or `false`
diff --git a/lib/gemstash/configuration.rb b/lib/gemstash/configuration.rb
@@ -8,6 +8,7 @@ module Gemstash
   class Configuration
     DEFAULTS = {
       cache_type: "memory",
+      fips: false,
       base_path: File.expand_path("~/.gemstash"),
       db_adapter: "sqlite3",
       bind: "tcp://0.0.0.0:9292",
@@ -78,6 +79,14 @@ def database_connection_config
       end
     end
 
+    def digest_class
+      @digest_class ||= if self[:fips]
+        Digest::SHA256
+      else
+        Digest::MD5
+      end
+    end
+
   private
 
     def default_file

diff --git a/lib/gemstash/storage_services/local_storage.rb b/lib/gemstash/storage_services/local_storage.rb
@@ -118,7 +118,7 @@ def initialize(folder, name)
       trie_parents = safe_name[0...3].downcase.split("")
       # The digest is included in case the name differs only by case
       # Some file systems are case insensitive, so such collisions will be a problem
-      digest = Digest::MD5.hexdigest(@name)
+      digest = Gemstash::Env.current.config.digest_class.hexdigest(@name)
       child_folder = "#{safe_name}-#{digest}"
       @folder = File.join(@base_path, *trie_parents, child_folder)
       @properties = nil

diff --git a/lib/gemstash/storage_services/s3_storage.rb b/lib/gemstash/storage_services/s3_storage.rb
@@ -105,7 +105,7 @@ def initialize(folder, name, client, bucket_name)
       @folder = folder
       @name = name
       safe_name = sanitize(@name)
-      digest = Digest::MD5.hexdigest(@name)
+      digest = Gemstash::Env.current.config.digest_class.hexdigest(@name)
       child_folder = "#{safe_name}-#{digest}"
       @folder = File.join(@folder, child_folder)
       @client = client

diff --git a/lib/gemstash/upstream.rb b/lib/gemstash/upstream.rb
@@ -43,7 +43,7 @@ def host_id
   private
 
     def hash
-      Digest::MD5.hexdigest(to_s)
+      Gemstash::Env.current.config.digest_class.hexdigest(to_s)
     end
 
     #:nodoc:

diff --git a/spec/gemstash/cli/info_spec.rb b/spec/gemstash/cli/info_spec.rb
@@ -6,6 +6,7 @@
   let(:defaults) do
     <<~DEFAULT
       cache_type: memory
+      fips: false
       base_path: #{File.expand_path("~/.gemstash")}
       db_adapter: sqlite3
       bind: tcp://0.0.0.0:9292
@@ -18,11 +19,14 @@
       puma_workers: 1
       cache_expiration: 1800
       cache_max_size: 500
+      storage_adapter: local
+      s3_path: gemstash/s3_storage
     DEFAULT
   end
   let(:with_protected_fetch_true) do
     <<~DEFAULT
       cache_type: memory
+      fips: false
       base_path: #{File.expand_path("~/.gemstash")}
       db_adapter: sqlite3
       bind: tcp://0.0.0.0:9292
@@ -35,6 +39,8 @@
       puma_workers: 1
       cache_expiration: 1800
       cache_max_size: 500
+      storage_adapter: local
+      s3_path: gemstash/s3_storage
     DEFAULT
   end
   let(:cli) do