Actions
Task #7537
closed
Pulp - Task #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS
Add support for ALLOWED_CONTENT_CHECKSUMS
Start date:
Due date:
% Done:
100%
Estimated time:
(Total: 0:00 h)
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 90
Quarter:
Description
The pulp_rpm should honor ALLOWED_CONTENT_CHECKSUMS. Some areas that might be affected (that I know of) include syncing (and verifying content), upload, and when publishing content.
Test these repos¶
All repos need to be tested with md5 only being disallowed, and then again with both 'md5' and 'sha1' being disallowed.
https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/extras/os
https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/supplementary/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/extras/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/rhscl/1/os
http://mirror.centos.org/centos-7/7/extras/x86_64/
http://mirror.centos.org/centos-7/7/sclo/x86_64/sclo/
https://cdn.redhat.com/content/eus/rhel/server/6/6.6/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.7/x86_64/kickstart
https://cdn.redhat.com/content/dist/rhel8/8.0/x86_64/baseos/kickstart
https://mirrors.kernel.org/fedora-epel/7/x86_64/
https://cdn.redhat.com/content/dist/rhel/server/6/6.7/x86_64/kickstart
https://cdn.redhat.com/content/eus/rhel/server/6/6.6/x86_64/rhscl/1/os
https://cdn.redhat.com/content/eus/rhel/server/6/6.6/x86_64/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.3/x86_64/kickstart
https://cdn.redhat.com/content/dist/rhel8/8.0/x86_64/appstream/kickstart
https://cdn.redhat.com/content/eus/rhel/server/7/7.3/x86_64/optional/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.3/x86_64/supplementary/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.3/x86_64/rhscl/1/os
http://mirror.centos.org/centos-6/6/os/x86_64/
https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/ansible/2.5/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhgs-server-nfs/3.1/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.6/x86_64/kickstart
https://cdn.redhat.com/content/dist/rhel/workstation/7/7.5/x86_64/kickstart
https://mirrors.kernel.org/fedora-epel/8/Everything/x86_64/
https://cdn.redhat.com/content/dist/rhel/workstation/7/7Workstation/x86_64/insights/3/os
https://cdn.redhat.com/content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/workstation/7/7Workstation/x86_64/rh-common/os
https://cdn.redhat.com/content/dist/rhel/workstation/7/7Workstation/x86_64/os
https://cdn.redhat.com/content/dist/rhel/workstation/7/7Workstation/x86_64/extras/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rh-gluster-samba/3.1/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhgs-server/3.1/os
https://cdn.redhat.com/content/dist/rhel/server/6/6.10/x86_64/kickstart
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhgs-nagios/3.1/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhscon-agent/2/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhscon-installer/2/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhscon-main/2/os
http://mirror.centos.org/centos-6/6/updates/x86_64/
https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/rhs-client/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhs-client/os
http://mirror.centos.org/centos-7/7/sclo/x86_64/rh/
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/supplementary/os
https://cdn.redhat.com/content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os
https://cdn.redhat.com/content/dist/rhel/workstation/7/7.6/x86_64/kickstart
http://mirror.centos.org/centos-7/7/updates/x86_64/
https://cdn.redhat.com/content/dist/rhel/server/6/6.8/x86_64/kickstart
https://cdn.redhat.com/content/dist/rhel/server/6/6.9/x86_64/kickstart
https://cdn.redhat.com/content/eus/rhel/server/6/6.6/x86_64/sat-tools/6.2/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os
http://mirror.centos.org/centos-7/7/os/x86_64/
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/ansible/2.7/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.3/x86_64/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.6/x86_64/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.4/x86_64/kickstart
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/sat-maintenance/6/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.5/x86_64/kickstart
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhgs-server-bigdata/3.1/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhgs-server-splunk/3.1/os
https://cdn.redhat.com/content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/ansible/2.6/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/dotnet/1/os
https://cdn.redhat.com/content/dist/rhel/server/6/6.10/x86_64/optional/os
https://cdn.redhat.com/content/eus/rhel/server/7/7Server/x86_64/sat-tools/6.5/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.5/x86_64/sat-tools/6.5/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.7/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.4/x86_64/optional/os
https://cdn.redhat.com/content/eus/rhel/server/6/6.7/x86_64/supplementary/os
https://cdn.redhat.com/content/eus/rhel/server/6/6.7/x86_64/optional/os
https://cdn.redhat.com/content/eus/rhel/server/6/6.7/x86_64/rhscl/1/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.5/x86_64/rhscl/1/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.5/x86_64/os
https://cdn.redhat.com/content/dist/rhel/server/6/6.7/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/server/6/6.10/x86_64/os
https://cdn.redhat.com/content/dist/rhel/server/6/6.8/x86_64/os
https://cdn.redhat.com/content/dist/rhel/server/6/6.6/x86_64/os
https://cdn.redhat.com/content/eus/rhel/server/6/6.7/x86_64/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.5/x86_64/supplementary/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.5/x86_64/sat-tools/6.4/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.5/x86_64/optional/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.3/x86_64/sat-tools/6.4/os
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/os
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/supplementary/os
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/kickstart
https://cdn.redhat.com/content/dist/rhel8/8/x86_64/appstream/kickstart
https://mirrors.kernel.org/fedora-epel/6Server/x86_64/
https://cdn.redhat.com/content/dist/rhel/server/7/7.6/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.3/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/server/6/6.9/x86_64/os
https://cdn.redhat.com/content/dist/rhel/server/6/6.8/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/server/6/6.7/x86_64/os
https://cdn.redhat.com/content/dist/rhel/server/6/6.9/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.5/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.2/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.6/x86_64/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.5/x86_64/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.3/x86_64/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.6/x86_64/sat-tools/6.5/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.6/x86_64/optional/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.6/os
https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/sat-tools/6.6/os
https://cdn.redhat.com/content/dist/layered/rhel8/x86_64/sat-tools/6.6/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/ansible/2.8/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.6/x86_64/sat-tools/6.6/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.7/x86_64/os
https://cdn.redhat.com/content/dist/rhel8/8.1/x86_64/appstream/kickstart
https://cdn.redhat.com/content/dist/rhel/server/7/7.4/x86_64/os
https://cdn.redhat.com/content/dist/rhel/server/7/7.2/x86_64/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.6/x86_64/supplementary/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.6/x86_64/rhscl/1/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/sat-tools/6.6/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.5/x86_64/sat-tools/6.6/os
https://cdn.redhat.com/content/dist/rhel8/8.1/x86_64/baseos/kickstart
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/highavailability/os
https://packages.vmware.com/tools/releases/10.3.5/rhel6/x86_64/
https://cdn.redhat.com/content/dist/rhel/server/7/7.8/x86_64/kickstart
https://cdn.redhat.com/content/eus/rhel/server/7/7.7/x86_64/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.7/x86_64/supplementary/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.7/x86_64/rhscl/1/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.7/x86_64/optional/os
https://cdn.redhat.com/content/eus/rhel/server/7/7.7/x86_64/sat-tools/6.6/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.7/os
https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/sat-tools/6.7/os
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/sat-tools/6.7/os
https://cdn.redhat.com/content/dist/layered/rhel8/x86_64/sat-tools/6.7/os
https://cdn.redhat.com/content/dist/rhel8/8.2/x86_64/appstream/kickstart
https://cdn.redhat.com/content/dist/rhel8/8.2/x86_64/baseos/kickstart
http://mirror.centos.org/centos-8/8/BaseOS/x86_64/os/
http://mirror.centos.org/centos-8/8/AppStream/x86_64/os/
Related issues
Updated by ipanova@redhat.com about 4 years ago
- Project changed from Migration Plugin to RPM Support
Updated by daviddavis about 4 years ago
I noticed this morning that while we have validation for checksums when initializing Artifacts:
pulp_rpm may not hit this validation during syncing as it's using setattr:
Which could obviously be a problem.
Updated by daviddavis about 4 years ago
- Related to Story #5216: As a user, I can configure which checksum types I want to use in Pulp added
Updated by ggainey about 4 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to ggainey
Updated by bmbouter about 4 years ago
- Related to Story #3778: [Epic] As a user, I can run Pulp 3 in a FIPS-enabled environment added
Updated by bmbouter about 4 years ago
- Has duplicate Story #5188: As a user, I can run Pulp 3 with pulp_rpm in FIPS mode added
Updated by ggainey about 4 years ago
Test using this md5-only fixture : https://github.com/pulp/pulp-fixtures/pull/196
Add functional tests for the list of repos in the description (make sure they do NOT run 'always', the full list is large. THink about how to have access to proper certs for cdn.redhat.com access.)
Updated by ggainey about 4 years ago
pulp_rpm repositories sync, publish, and distribute successfully when checksums are missing from ALLOWED_CONTENT_CHECKSUMS.
Syncing an MD5-only repository like the one in #11 results in rpm.package entries with a checksum_type of md5 and a pkgId of the md5sum found in primary.xml. This is to be expected - it's all sync has to go on when building the Package entities. This doesn't impact sync/publish/distribute, either in immediate or on_demand mode.
See https://pulp.plan.io/issues/7836 for a problem that is caused by missing checksums, however.
Updated by ggainey about 4 years ago
- Related to Issue #7836: Import fails when ArtifactResource.json has blank checksums added
Updated by pulpbot almost 4 years ago
- Status changed from ASSIGNED to POST
Added by ggainey almost 4 years ago
Updated by ggainey almost 4 years ago
- Status changed from POST to MODIFIED
Applied in changeset ea9dc379fc58e4d8a1fa30eebe708467d4cd602d.
Updated by dalley over 3 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions
.
Added repo-workflow tests for MANY repositories.
closes #7537