Installing Pip Packages With Fips Enabled On Rhel

1 minute read

How to install pip packages for python when FIPS is enabled on a RHEL7/CentOS7 machine

The Problem

I came across a problem recently with one of the machines I work with running RHEL7. FIPS is enabled, not allowing the md5 hash to be used for verifying python packages when using pip.

On RHEL7.3 Python 2.7.5 is installed.

$: python -V
Python 2.7.5

If I attempted to install pip, per the documentation, I would eventually get a “Unknown hash name: md5” error:

$: curl –O
$: python
Collecting pip
  Downloading pip-9.0.1-py2.py3-none-any.whl (1.3MB)
Unknown hash name: md5

The problem is that FIPS is enabled (noted by the “1”):

$: cat /proc/sys/crypto/fips_enabled

The Solution

For my environment, I cannot turn off FIPS. You can spin up a clean CentOS 7 VM and do the above and it works just fine beacuse FIPS isn’t enabled. If you run into this issue, then you you need to do the following:

  1. Install pip via rpm:

     $: curl -O
     $: sudo yum install python-pip-8.1.2-1.el7.noarch.rpm
  2. With pip now installed, install your desired package, but use the -i arugment like so:

     $: pip install <SOME_PACKAGE> -i
     $: pip install lifelines -i
  3. You may get a warning to upgrade, which you can perform like so:

     sudo pip install --upgrade pip -i

Leave a comment