Project

Profile

Help

Task #7853

Story #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS

FIPS: downloader needs to notice if expected-digest-algorithm is FORBIDDEN

Added by ggainey 2 months ago. Updated about 1 month ago.

Status:
POST
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

See https://github.com/pulp/pulpcore/blob/master/pulpcore/app/models/repository.py#L302

If a RemoteArtifact has a digest-algorithm specified that is NOT in Artifact.DIGEST_FIELDS, current behavior is to ignore it and just build the rest of the digests. We need instead to notice an empty expected_digests, check for specified-algorithms in Artifact.FORBIDDEN_DIGESTS, and raise an exception when that happens.

See https://hackmd.io/d5y1IaW_QaSJ-DsosMDkjg?view for more discussion.

History

#1 Updated by fao89 about 2 months ago

  • Tracker changed from Issue to Task
  • % Done set to 0
  • Severity deleted (2. Medium)
  • Triaged deleted (No)

#2 Updated by ppicka about 2 months ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ppicka

#3 Updated by daviddavis about 1 month ago

  • Parent task set to #7960

#4 Updated by pulpbot about 1 month ago

  • Status changed from ASSIGNED to POST

Please register to edit this issue

Also available in: Atom PDF