Project

Profile

Help

Task #7853

closed

Task #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS

FIPS: downloader needs to notice if expected-digest-algorithm is FORBIDDEN

Added by ggainey about 4 years ago. Updated over 3 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

See https://github.com/pulp/pulpcore/blob/master/pulpcore/app/models/repository.py#L302

If a RemoteArtifact has a digest-algorithm specified that is NOT in Artifact.DIGEST_FIELDS, current behavior is to ignore it and just build the rest of the digests. We need instead to notice an empty expected_digests, check for specified-algorithms in Artifact.FORBIDDEN_DIGESTS, and raise an exception when that happens.

See https://hackmd.io/d5y1IaW_QaSJ-DsosMDkjg?view for more discussion.

Also available in: Atom PDF