Project

Profile

Help

Story #7986

closed

Task #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS

As a user, I can evaluate a “what-if scenario” by generating a report of impacted content from a set of user provided checksums (not from ALLOWED_CONTENT_CHECKSUMS)

Added by daviddavis about 4 years ago. Updated over 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 92
Quarter:

Description

For immediate content, it will give an idea of how long the switch to the new checksum setting might take (may need to just display the amount of content and provide docs a timeframe based on content count).

For on_demand content, show how many items will be unusable if a user doesn’t go back and download that content. It should also show what repos contain this content so users can download (or immediate sync) this content before switching.

For publications (rpm specific), produce a list of affected ones, so user knows what to republish (file separate task for this?)

Also, update this error message[0] to point users to how they can check on-demand content using this new tool.

[0] https://github.com/pulp/pulpcore/blob/94bb713f2a9f7a0c167305588fed47b039481045/pulpcore/app/settings.py#L347


Related issues

Blocks Pulp - Story #8325: Write a guide for changing ALLOWED_CONTENT_CHECKSUMSCLOSED - CURRENTRELEASEppicka

Actions
Actions #1

Updated by daviddavis about 4 years ago

Note that we probably can't verify publications without parsing publications. I'd recommend we not do this requirement.

Actions #2

Updated by daviddavis almost 4 years ago

We also need a way to inspect the current state of the system (e.g. what on-demand content is currently unusable). So perhaps this could also evaluate the current set of ALLOWED_CONTENT_CHECKSUMS if no checksums are supplied.

Actions #3

Updated by daviddavis almost 4 years ago

  • Sprint/Milestone set to 3.11.0
  • Sprint set to Sprint 91
Actions #4

Updated by daviddavis almost 4 years ago

  • Description updated (diff)
Actions #5

Updated by ggainey almost 4 years ago

This should extend the handle-content-checksums command - maybe adding a --dry-run option?

Actions #6

Updated by ppicka almost 4 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ppicka
Actions #7

Updated by daviddavis almost 4 years ago

I started working on a rough PoC to report the on-demand content. It may be useful.

https://github.com/daviddavis/pulpcore/tree/checksum-report

Actions #8

Updated by daviddavis almost 4 years ago

  • Description updated (diff)
Actions #9

Updated by daviddavis almost 4 years ago

  • Blocks Story #8325: Write a guide for changing ALLOWED_CONTENT_CHECKSUMS added
Actions #10

Updated by daviddavis almost 4 years ago

  • Sprint/Milestone changed from 3.11.0 to 3.12.0
Actions #11

Updated by pulpbot almost 4 years ago

  • Status changed from ASSIGNED to POST
Actions #12

Updated by ipanova@redhat.com almost 4 years ago

  • Sprint/Milestone changed from 3.12.0 to 3.11.0
Actions #13

Updated by rchan almost 4 years ago

  • Sprint changed from Sprint 91 to Sprint 92

Added by ppicka over 3 years ago

Revision e7af8521 | View on GitHub

Artifact checksums report

reports local and remote artifacts with forbidden checksum type.

re #7986 https://pulp.plan.io/issues/7986

Actions #14

Updated by ipanova@redhat.com over 3 years ago

  • Status changed from POST to MODIFIED
Actions #15

Updated by ipanova@redhat.com over 3 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF