Story #7985
closed
Task #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS
As a user, I get a warning at start time if I have on-demand content checksums that are not in ALLOWED_CONTENT_CHECKSUMS
100%
Updated by daviddavis almost 4 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to daviddavis
Will address this along with #8077.
Updated by daviddavis almost 4 years ago
- Blocked by Refactor #8077: Have the settings checks use django.core.checks added
Updated by daviddavis almost 4 years ago
- Blocked by deleted (Refactor #8077: Have the settings checks use django.core.checks)
Updated by daviddavis almost 4 years ago
Should this raise a warning if:
- Any remote artifacts has a forbidden checksum
- Any remote artifact doesn't have an allowed checksum
- Any content artifact does not have a remote artifact with an allowed checksum
Also, I have to use raw sql in this check so these are listed in order from easiest (1) to hardest (3).
Updated by ggainey almost 4 years ago
daviddavis wrote:
Should this raise a warning if:
- Any remote artifacts has a forbidden checksum
- Any remote artifact doesn't have an allowed checksum
As long as the remote-artifact has at least one allowed-checksum, it's possible to download-and-verify. That the remote sent along a string for a forbidden-checksum doesn't hurt, since sync will just ignore the forbidden-, and verify using the allowed-.
If the only checksums listed for the RemoteArtifact are forbidden, that has to be a warning/error, since we can't sync that content and be able to verify the results.
So I think #2 is the important thing here.
- Any content artifact does not have a remote artifact with an allowed checksum
Wouldn't this be caught by point-2? The RemoteArtifact is the problem, yeah?
Also, I have to use raw sql in this check so these are listed in order from easiest (1) to hardest (3).
Fun!
Updated by bmbouter almost 4 years ago
I agree, I think (2) is the important thing here. I would just implement (2).
Updated by pulpbot almost 4 years ago
- Status changed from ASSIGNED to POST
Added by daviddavis over 3 years ago
Updated by daviddavis over 3 years ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulpcore|8400c4229dced4fa52c866b8605c4794c93a15ee.
Updated by daviddavis over 3 years ago
- Subject changed from As a user, I get a warning at start time if I have on-demand content checksums that are not in ALLOWED_CONTENT_CHECKSUMS to As a user, I get a error at start time if I have on-demand content checksums that are not in ALLOWED_CONTENT_CHECKSUMS
Updated by pulpbot over 3 years ago
- Status changed from NEW to POST
Updated by daviddavis over 3 years ago
- Sprint/Milestone changed from 3.11.0 to 3.12.0
Updated by daviddavis over 3 years ago
- Status changed from POST to NEW
- Assignee deleted (
daviddavis)
Updated by daviddavis over 3 years ago
- Subject changed from As a user, I get a error at start time if I have on-demand content checksums that are not in ALLOWED_CONTENT_CHECKSUMS to As a user, I get a warning at start time if I have on-demand content checksums that are not in ALLOWED_CONTENT_CHECKSUMS
Updated by daviddavis over 3 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to daviddavis
Updated by pulpbot over 3 years ago
- Status changed from ASSIGNED to POST
Added by daviddavis over 3 years ago
Revision a95cabee | View on GitHub
Add warning for remote artifacts with no allowed checksums
fixes #7985
Updated by daviddavis over 3 years ago
- Status changed from POST to MODIFIED
Applied in changeset pulpcore|a95cabeef8945bd683e1352ad5d75d57a653105d.
Updated by pulpbot over 3 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
.
Add warning if on-demand content does not have allowed checksum
fixes #7985