我们需要将RHEL 8与Angular 9一起使用。默认情况下,RHEL 8已启用FIPS。当尝试构建Angular 9应用程序时,会出现以下错误。尝试将FIPS设置为0,但它会使许多java库出错。在RHEL 7中,我们可以将FIPS设置为0进行构建,但不能使用RHEL 8。
我相信这是因为它使用的是md5哈希算法,它不符合FIPS。
- 如果这是真的,如何选择不同的哈希算法
- 如果没有,如何在启用FIPS的情况下成功构建
Error: error:060800C8:digital envelope routines:EVP_DigestInit_ex:disabled for FIPS
at new Hash (internal/crypto/hash.js:46:19)
at Object.createHash (crypto.js:115:10)
at NgccConfiguration.computeHash (/home/b73134/displays/amp-workspace/node_modules/@angular/compiler-cli/ngcc/src/packages/configuration.js:216:29)
at new NgccConfiguration (/home/b73134/displays/amp-workspace/node_modules/@angular/compiler-cli/ngcc/src/packages/configuration.js:108:30)
at Object.mainNgcc (/home/b73134/displays/amp-workspace/node_modules/@angular/compiler-cli/ngcc/src/main.js:46:22)
at /home/b73134/displays/amp-workspace/node_modules/@angular/compiler-cli/ngcc/main-ngcc.js:34:53
at step (/home/b73134/displays/amp-workspace/node_modules/tslib/tslib.js:141:27)
at Object.next (/home/b73134/displays/amp-workspace/node_modules/tslib/tslib.js:122:57)
at /home/b73134/displays/amp-workspace/node_modules/tslib/tslib.js:115:75
at new Promise (<anonymous>)
Openssl版本
OpenSSL 1.1.1g FIPS 21 Apr 2020
Angular CLI信息
Angular CLI: 9.1.5
Node: 14.15.0
OS: linux x64
Angular: 9.1.6
... animations, common, compiler, compiler-cli, core, forms
... language-service, platform-browser, platform-browser-dynamic
... router
Ivy Workspace: Yes
Package Version
------------------------------------------------------------
@angular-devkit/architect 0.901.12
@angular-devkit/build-angular 0.901.5
@angular-devkit/build-ng-packagr 0.901.13
@angular-devkit/build-optimizer 0.901.5
@angular-devkit/build-webpack 0.901.5
@angular-devkit/core 9.1.12
@angular-devkit/schematics 9.1.12
@angular/cdk 9.2.4
@angular/cli 9.1.5
@angular/flex-layout 9.0.0-beta.31
@angular/material 9.2.4
@angular/material-moment-adapter <error>
@ngtools/webpack 9.1.5
@schematics/angular 9.1.12
@schematics/update 0.901.5
ng-packagr 9.1.5
rxjs 6.6.2
typescript 3.8.3
webpack 4.42.0
问题是Angular/Webpack默认情况下使用md4/md5作为其哈希算法,而FIPS环境不支持该算法。我不得不使用自定义的webpack设置来设置哈希算法。有些项目的webpack本身硬编码为md4/md5,在这些情况下,我不得不一起注释掉的配置
我做了什么让一切正常工作
- npm安装--保存dev@angular builders/custom-webpack@9.2.0
- 创建文件";自定义webpack.config.js">
- 更新angular.json以使用定制的webpack.config.js
更新angular.json以使用定制的webpack.config.js
"architect": {
"build": {
"builder": "@angular-builders/custom-webpack:browser",
"options": {
"customWebpackConfig": {
"path": "./custom-webpack.config.js"
",
...
"serve": {
"builder": "@angular-builders/custom-webpack:dev-server",
...
"test": {
"builder": "@angular-builders/custom-webpack:karma",
customizedwebpack.config.js
const webpack = require('webpack')
module.exports = {
plugins: [
new webpack.HashedModuleIdsPlugin({
hashFunction: 'sha256'
})
],
output: {
hashFunction: 'sha256',
},
optimization: {
concatenateModules: false // Hardcoded to md4, have to disable
}
}
更新angular.json生产配置。这两个项目在webpack中被硬编码为md4/md5,所以我不得不关闭
- "outputHashing":"none">
- 删除条目";extractPass">
node_modules/webpack中有许多JS文件被硬编码为md4。为了绕过这些文件,下载了补丁包模块,该模块在node_modules中创建更新文件的补丁文件,并将其应用于npm安装、更新等