From 1f7c8ef64843847846b0a8b2d8a1fe9858eb0bd8 Mon Sep 17 00:00:00 2001
From: Aria Li <aria.li@puppet.com>
Date: Tue, 25 Jun 2024 15:00:36 -0700
Subject: [PATCH] (PUP-12047) Add logic to skip MD5 checksum method on a FIPS
 system

This commit adds logic in http_metadata.rb to skip MD5 related checksums
when FIPS is enabled since MD5 is not supported on FIPS enabled systems.
---
 lib/puppet/file_serving/http_metadata.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/puppet/file_serving/http_metadata.rb b/lib/puppet/file_serving/http_metadata.rb
index 0d9a00a14e5..a0cfc103db1 100644
--- a/lib/puppet/file_serving/http_metadata.rb
+++ b/lib/puppet/file_serving/http_metadata.rb
@@ -51,6 +51,8 @@ def collect
     # Prefer the checksum_type from the indirector request options
     # but fall back to the alternative otherwise
     [@checksum_type, :sha256, :sha1, :md5, :mtime].each do |type|
+      next if type == :md5 && Puppet::Util::Platform.fips_enabled?
+
       @checksum_type = type
       @checksum = @checksums[type]
       break if @checksum