Project

Profile

Help

Story #7985

closed

Task #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS

As a user, I get a warning at start time if I have on-demand content checksums that are not in ALLOWED_CONTENT_CHECKSUMS

Added by daviddavis about 4 years ago. Updated over 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 93
Quarter:
Actions #1

Updated by daviddavis almost 4 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to daviddavis

Will address this along with #8077.

Actions #2

Updated by daviddavis almost 4 years ago

  • Sprint set to Sprint 90
Actions #3

Updated by daviddavis almost 4 years ago

  • Blocked by Refactor #8077: Have the settings checks use django.core.checks added
Actions #4

Updated by daviddavis almost 4 years ago

  • Blocked by deleted (Refactor #8077: Have the settings checks use django.core.checks)
Actions #5

Updated by daviddavis almost 4 years ago

Should this raise a warning if:

  1. Any remote artifacts has a forbidden checksum
  2. Any remote artifact doesn't have an allowed checksum
  3. Any content artifact does not have a remote artifact with an allowed checksum

Also, I have to use raw sql in this check so these are listed in order from easiest (1) to hardest (3).

Actions #6

Updated by ggainey almost 4 years ago

daviddavis wrote:

Should this raise a warning if:

  1. Any remote artifacts has a forbidden checksum
  2. Any remote artifact doesn't have an allowed checksum

As long as the remote-artifact has at least one allowed-checksum, it's possible to download-and-verify. That the remote sent along a string for a forbidden-checksum doesn't hurt, since sync will just ignore the forbidden-, and verify using the allowed-.

If the only checksums listed for the RemoteArtifact are forbidden, that has to be a warning/error, since we can't sync that content and be able to verify the results.

So I think #2 is the important thing here.

  1. Any content artifact does not have a remote artifact with an allowed checksum

Wouldn't this be caught by point-2? The RemoteArtifact is the problem, yeah?

Also, I have to use raw sql in this check so these are listed in order from easiest (1) to hardest (3).

Fun!

Actions #7

Updated by bmbouter almost 4 years ago

I agree, I think (2) is the important thing here. I would just implement (2).

Actions #8

Updated by pulpbot almost 4 years ago

  • Status changed from ASSIGNED to POST
Actions #9

Updated by rchan almost 4 years ago

  • Sprint changed from Sprint 90 to Sprint 91
Actions #10

Updated by daviddavis almost 4 years ago

  • Sprint/Milestone set to 3.11.0

Added by daviddavis almost 4 years ago

Revision 8400c422 | View on GitHub

Add warning if on-demand content does not have allowed checksum

fixes #7985

Actions #11

Updated by daviddavis almost 4 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions #12

Updated by daviddavis almost 4 years ago

  • Status changed from MODIFIED to NEW
Actions #13

Updated by daviddavis almost 4 years ago

  • Subject changed from As a user, I get a warning at start time if I have on-demand content checksums that are not in ALLOWED_CONTENT_CHECKSUMS to As a user, I get a error at start time if I have on-demand content checksums that are not in ALLOWED_CONTENT_CHECKSUMS
Actions #14

Updated by pulpbot almost 4 years ago

  • Status changed from NEW to POST
Actions #15

Updated by daviddavis almost 4 years ago

  • Sprint/Milestone changed from 3.11.0 to 3.12.0
Actions #16

Updated by daviddavis almost 4 years ago

  • Status changed from POST to NEW
  • Assignee deleted (daviddavis)
Actions #17

Updated by daviddavis almost 4 years ago

  • Subject changed from As a user, I get a error at start time if I have on-demand content checksums that are not in ALLOWED_CONTENT_CHECKSUMS to As a user, I get a warning at start time if I have on-demand content checksums that are not in ALLOWED_CONTENT_CHECKSUMS
Actions #18

Updated by rchan almost 4 years ago

  • Sprint changed from Sprint 91 to Sprint 92
Actions #19

Updated by daviddavis almost 4 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to daviddavis
Actions #20

Updated by rchan almost 4 years ago

  • Sprint changed from Sprint 92 to Sprint 93
Actions #21

Updated by pulpbot almost 4 years ago

  • Status changed from ASSIGNED to POST

Added by daviddavis almost 4 years ago

Revision a95cabee | View on GitHub

Add warning for remote artifacts with no allowed checksums

fixes #7985

Actions #22

Updated by daviddavis almost 4 years ago

  • Status changed from POST to MODIFIED
Actions #23

Updated by pulpbot over 3 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF