Project

Profile

Help

Story #7986

Task #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS

As a user, I can evaluate a “what-if scenario” by generating a report of impacted content from a set of user provided checksums (not from ALLOWED_CONTENT_CHECKSUMS)

Added by daviddavis 4 months ago. Updated 30 days ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 92
Quarter:

Description

For immediate content, it will give an idea of how long the switch to the new checksum setting might take (may need to just display the amount of content and provide docs a timeframe based on content count).

For on_demand content, show how many items will be unusable if a user doesn’t go back and download that content. It should also show what repos contain this content so users can download (or immediate sync) this content before switching.

For publications (rpm specific), produce a list of affected ones, so user knows what to republish (file separate task for this?)

Also, update this error message[0] to point users to how they can check on-demand content using this new tool.

[0] https://github.com/pulp/pulpcore/blob/94bb713f2a9f7a0c167305588fed47b039481045/pulpcore/app/settings.py#L347


Related issues

Blocks Pulp - Story #8325: Write a guide for changing ALLOWED_CONTENT_CHECKSUMSCLOSED - CURRENTRELEASE

<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

Associated revisions

Revision e7af8521 View on GitHub
Added by ppicka about 1 month ago

Artifact checksums report

reports local and remote artifacts with forbidden checksum type.

re #7986 https://pulp.plan.io/issues/7986

History

#1 Updated by daviddavis 4 months ago

Note that we probably can't verify publications without parsing publications. I'd recommend we not do this requirement.

#2 Updated by daviddavis about 2 months ago

We also need a way to inspect the current state of the system (e.g. what on-demand content is currently unusable). So perhaps this could also evaluate the current set of ALLOWED_CONTENT_CHECKSUMS if no checksums are supplied.

#3 Updated by daviddavis about 2 months ago

  • Sprint/Milestone set to 3.11.0
  • Sprint set to Sprint 91

#4 Updated by daviddavis about 1 month ago

  • Description updated (diff)

#5 Updated by ggainey about 1 month ago

This should extend the handle-content-checksums command - maybe adding a --dry-run option?

#6 Updated by ppicka about 1 month ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ppicka

#7 Updated by daviddavis about 1 month ago

I started working on a rough PoC to report the on-demand content. It may be useful.

https://github.com/daviddavis/pulpcore/tree/checksum-report

#8 Updated by daviddavis about 1 month ago

  • Description updated (diff)

#9 Updated by daviddavis about 1 month ago

  • Blocks Story #8325: Write a guide for changing ALLOWED_CONTENT_CHECKSUMS added

#10 Updated by daviddavis about 1 month ago

  • Sprint/Milestone changed from 3.11.0 to 3.12.0

#11 Updated by pulpbot about 1 month ago

  • Status changed from ASSIGNED to POST

#12 Updated by ipanova@redhat.com about 1 month ago

  • Sprint/Milestone changed from 3.12.0 to 3.11.0

#13 Updated by rchan about 1 month ago

  • Sprint changed from Sprint 91 to Sprint 92

#14 Updated by ipanova@redhat.com about 1 month ago

  • Status changed from POST to MODIFIED

#15 Updated by ipanova@redhat.com 30 days ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF