Actions
Task #7854
closedTask #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS
FIPS: QueryExistingArtifacts stage needs to enforce ALLOWED_CONTENT_CHECKSUMS
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:
Description
At this point, if a DeclarativeArtifact has an expected-checksum-algorithm that is in the FORBIDDEN list, we need to raise an exception.
See https://hackmd.io/d5y1IaW_QaSJ-DsosMDkjg?view for discussion.
Related issues
Updated by ggainey about 4 years ago
This would be a good issue to add a test that attempts to sync the md5-only fixture AND FAILS, even if you're not ona FIPS-compliant box, if MD5 is not-allowed. Fixture is https://fixtures.pulpproject.org/rpm-with-md5/
Updated by fao89 about 4 years ago
- Tracker changed from Issue to Task
- % Done set to 0
- Severity deleted (
2. Medium) - Triaged deleted (
No)
Updated by daviddavis about 4 years ago
- Subject changed from FIPS: QueryExistingArtifacts stage needs to enforce ALLOWED_ALGORITHMS to FIPS: QueryExistingArtifacts stage needs to enforce ALLOWED_CONTENT_CHECKSUMS
Updated by ppicka almost 4 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to ppicka
Updated by pulpbot almost 4 years ago
- Status changed from ASSIGNED to POST
Updated by bmbouter almost 4 years ago
- Has duplicate Story #7987: As a user, I get an error message when I try to sync content and the only available checksum is not in ALLOWED_CONTENT_CHECKSUMS added
Updated by ppicka almost 4 years ago
Needs to cover all policies. It needs to check remotes artifacts too.
Added by ppicka almost 4 years ago
Updated by ppicka almost 4 years ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulpcore|94bb713f2a9f7a0c167305588fed47b039481045.
Added by daviddavis almost 4 years ago
Updated by ipanova@redhat.com almost 4 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions
Raise exception when disallowed checksum
Raise exception when disallowed checksum found in QueryExistingArtifacts stage or when creating new remote artifacts.
closes: #7854 https://pulp.plan.io/issues/7854