Project

Profile

Help

Story #7986

Task #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS

As a user, I can evaluate a “what-if scenario” by generating a report of impacted content from a set of user provided checksums (not from ALLOWED_CONTENT_CHECKSUMS)

Added by daviddavis 12 months ago. Updated 9 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 92
Quarter:

Description

For immediate content, it will give an idea of how long the switch to the new checksum setting might take (may need to just display the amount of content and provide docs a timeframe based on content count).

For on_demand content, show how many items will be unusable if a user doesn’t go back and download that content. It should also show what repos contain this content so users can download (or immediate sync) this content before switching.

For publications (rpm specific), produce a list of affected ones, so user knows what to republish (file separate task for this?)

Also, update this error message[0] to point users to how they can check on-demand content using this new tool.

[0] https://github.com/pulp/pulpcore/blob/94bb713f2a9f7a0c167305588fed47b039481045/pulpcore/app/settings.py#L347


Related issues

Blocks Pulp - Story #8325: Write a guide for changing ALLOWED_CONTENT_CHECKSUMSCLOSED - CURRENTRELEASE

<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

Associated revisions

Revision e7af8521 View on GitHub
Added by ppicka 9 months ago

Artifact checksums report

reports local and remote artifacts with forbidden checksum type.

re #7986 https://pulp.plan.io/issues/7986

History

#1 Updated by daviddavis 12 months ago

Note that we probably can't verify publications without parsing publications. I'd recommend we not do this requirement.

#2 Updated by daviddavis 9 months ago

We also need a way to inspect the current state of the system (e.g. what on-demand content is currently unusable). So perhaps this could also evaluate the current set of ALLOWED_CONTENT_CHECKSUMS if no checksums are supplied.

#3 Updated by daviddavis 9 months ago

  • Sprint/Milestone set to 3.11.0
  • Sprint set to Sprint 91

#4 Updated by daviddavis 9 months ago

  • Description updated (diff)

#5 Updated by ggainey 9 months ago

This should extend the handle-content-checksums command - maybe adding a --dry-run option?

#6 Updated by ppicka 9 months ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ppicka

#7 Updated by daviddavis 9 months ago

I started working on a rough PoC to report the on-demand content. It may be useful.

https://github.com/daviddavis/pulpcore/tree/checksum-report

#8 Updated by daviddavis 9 months ago

  • Description updated (diff)

#9 Updated by daviddavis 9 months ago

  • Blocks Story #8325: Write a guide for changing ALLOWED_CONTENT_CHECKSUMS added

#10 Updated by daviddavis 9 months ago

  • Sprint/Milestone changed from 3.11.0 to 3.12.0

#11 Updated by pulpbot 9 months ago

  • Status changed from ASSIGNED to POST

#12 Updated by ipanova@redhat.com 9 months ago

  • Sprint/Milestone changed from 3.12.0 to 3.11.0

#13 Updated by rchan 9 months ago

  • Sprint changed from Sprint 91 to Sprint 92

#14 Updated by ipanova@redhat.com 9 months ago

  • Status changed from POST to MODIFIED

#15 Updated by ipanova@redhat.com 9 months ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF