Project

Profile

Help

Task #7854

FIPS: QueryExistingArtifacts stage needs to enforce ALLOWED_CONTENT_CHECKSUMS

Added by ggainey 11 days ago. Updated 4 days ago.

Status:
NEW
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

See https://github.com/pulp/pulpcore/blob/b94abd64d76ea4554e6750ff38ce458eaa888cc8/pulpcore/plugin/stages/artifact_stages.py#L48

At this point, if a DeclarativeArtifact has an expected-checksum-algorithm that is in the FORBIDDEN list, we need to raise an exception.

See https://hackmd.io/d5y1IaW_QaSJ-DsosMDkjg?view for discussion.

History

#1 Updated by ggainey 11 days ago

This would be a good issue to add a test that attempts to sync the md5-only fixture AND FAILS, even if you're not ona FIPS-compliant box, if MD5 is not-allowed. Fixture is https://fixtures.pulpproject.org/rpm-with-md5/

#2 Updated by fao89 5 days ago

  • Tracker changed from Issue to Task
  • % Done set to 0
  • Severity deleted (2. Medium)
  • Triaged deleted (No)

#3 Updated by daviddavis 4 days ago

  • Subject changed from FIPS: QueryExistingArtifacts stage needs to enforce ALLOWED_ALGORITHMS to FIPS: QueryExistingArtifacts stage needs to enforce ALLOWED_CONTENT_CHECKSUMS

Please register to edit this issue

Also available in: Atom PDF