Project

Profile

Help

Actions
Send by e-mail Copy link

Task #7960

closed

FIPS and support for ALLOWED_CONTENT_CHECKSUMS

Added by daviddavis almost 4 years ago. Updated over 3 years ago.

Status:
CLOSED - COMPLETE
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
(Total: 0:00 h)
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

User stories: https://hackmd.io/KzcCx9ZZR26kvQqJYp46GQ?view

Sub-issues 28 (0 open28 closed)

Task #3800: Add FIPS to the CI matrix in the plugin_templateCLOSED - CURRENTRELEASEfao89

Actions
RPM Support - Task #7537: Add support for ALLOWED_CONTENT_CHECKSUMSCLOSED - CURRENTRELEASEggainey

Actions
RPM Support - Story #7855: FIPS: Serializer needs to build checksum-algorithm-choice from Artifact.DIGEST_FIELDS, not its own constantsCLOSED - CURRENTRELEASEppicka

Actions
Story #7561: As a user, I can add checksums to ALLOWED_CONTENT_CHECKSUMSCLOSED - CURRENTRELEASEipanova@redhat.com

Actions
Migration Plugin - Task #7782: Ensure migration plugin runs in FIPS mode and respects the ALLOWED_CONTENT_CHECKSUMS configuraitonCLOSED - COMPLETEggainey

Actions
Issue #7836: Import fails when ArtifactResource.json has blank checksumsCLOSED - CURRENTRELEASEdaviddavisActions
Task #7853: FIPS: downloader needs to notice if expected-digest-algorithm is FORBIDDENCLOSED - WONTFIXdaviddavis

Actions
Task #7854: FIPS: QueryExistingArtifacts stage needs to enforce ALLOWED_CONTENT_CHECKSUMSCLOSED - CURRENTRELEASEppicka

Actions
Task #7856: FIPS: Plugin-author doc needs to talk about ALLOWED_CHECKSUMS and Artifact.DIGEST_FIELDSCLOSED - CURRENTRELEASE

Actions
Story #7915: As a user I have on_demand content that is complaint with the allowed_checksumsCLOSED - CURRENTRELEASE

Actions
Container Support - Task #7936: FIPS: Honour ALLOWED_CONTENT_CHECKSUMSCLOSED - CURRENTRELEASEdkliban@redhat.com

Actions
Story #7984: As a user, Pulp will error if a disallowed hasher is attempted to be usedCLOSED - CURRENTRELEASEbmbouter

Actions
Story #7985: As a user, I get a warning at start time if I have on-demand content checksums that are not in ALLOWED_CONTENT_CHECKSUMSCLOSED - CURRENTRELEASEdaviddavis

Actions
Story #7986: As a user, I can evaluate a “what-if scenario” by generating a report of impacted content from a set of user provided checksums (not from ALLOWED_CONTENT_CHECKSUMS)CLOSED - CURRENTRELEASEppicka

Actions
Story #7987: As a user, I get an error message when I try to sync content and the only available checksum is not in ALLOWED_CONTENT_CHECKSUMSCLOSED - DUPLICATEbmbouter

Actions
Story #7988: As a user, I get an error message when I try to create a publication with any content with a checksum that is not in ALLOWED_CONTENT_CHECKSUMSCLOSED - WONTFIXppicka

Actions
Story #7989: As a client, I get an error message when I try to consume on_demand content with a checksum that is not in ALLOWED_CONTENT_CHECKSUMSCLOSED - CURRENTRELEASEdaviddavis

Actions
Issue #8095: geerlingguy.postgresql role (pulp_installer) now errors under FIPS modeMODIFIEDfao89Actions
Task #8097: Create a pair of pulp 2 + pulp 3 FIPS boxesCLOSED - CURRENTRELEASEmdepaulo@redhat.com

Actions
Story #8246: As a user, I do not have md5 and sha1 in ALLOWED_CONTENT_CHECKSUMS by defaultCLOSED - CURRENTRELEASEbmbouter

Actions
Story #8258: As an installer user, I don't have special FIPS detectionCLOSED - CURRENTRELEASEgerrod

Actions
Task #8322: Automate the running of the `handle-content-artifact` commandCLOSED - CURRENTRELEASEbmbouter

Actions
Task #8323: Add a checksum check to RemoteArtifact before savingCLOSED - WONTFIXdaviddavis

Actions
Story #8325: Write a guide for changing ALLOWED_CONTENT_CHECKSUMSCLOSED - CURRENTRELEASEppicka

Actions
Task #8342: Document that the ALLOWED_CONTENT_CHECKSUMS is not fully enforcing everywhereCLOSED - CURRENTRELEASEbmbouter

Actions
Story #8423: As a user, I get an error message when I try to sync on-demand content with forbidden checksum(s) (and no allowed checksum)CLOSED - CURRENTRELEASEppicka

Actions
Task #8435: Remove checksum filtering in Remote.get_downloader and add checksum type enforcement to downloaders itselfCLOSED - CURRENTRELEASEipanova@redhat.com

Actions
Issue #8445: Remote artifacts are being rejected by the artifact checksum checkCLOSED - CURRENTRELEASEppickaActions

Related issues

Related to Pulp - Story #3778: [Epic] As a user, I can run Pulp 3 in a FIPS-enabled environmentCLOSED - CURRENTRELEASE

Actions
Related to Pulp - Task #7884: Move the pulp_installer Vagrant tests off TravisCLOSED - CURRENTRELEASEmdepaulo@redhat.com

Actions
Actions
Copy link
 #1

Updated by daviddavis almost 4 years ago

  • Related to Story #3778: [Epic] As a user, I can run Pulp 3 in a FIPS-enabled environment added
Actions
Copy link
 #2

Updated by daviddavis almost 4 years ago

  • Subject changed from As a user, I can configure ALLOWED_CONTENT_CHECKSUMS to FIPS and support for ALLOWED_CONTENT_CHECKSUMS
Actions
Copy link
 #3

Updated by daviddavis almost 4 years ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by daviddavis almost 4 years ago

  • Tracker changed from Issue to Story
  • % Done set to 12
  • Severity deleted (2. Medium)
  • Triaged deleted (No)
Actions
Copy link
 #5

Updated by mdepaulo@redhat.com almost 4 years ago

  • Related to Task #7884: Move the pulp_installer Vagrant tests off Travis added
Actions
Copy link
 #6

Updated by daviddavis almost 4 years ago

  • Sprint/Milestone set to 3.11.0
Actions
Copy link
 #7

Updated by daviddavis over 3 years ago

  • Sprint/Milestone deleted (3.11.0)
Actions
Copy link
 #8

Updated by daviddavis over 3 years ago

  • Tracker changed from Story to Task
  • Status changed from NEW to CLOSED - COMPLETE
Actions
Send by e-mail Copy link

Also available in: Atom PDF