Project

Profile

Help

Issue #8445

closed

Task #7960: FIPS and support for ALLOWED_CONTENT_CHECKSUMS

Remote artifacts are being rejected by the artifact checksum check

Added by daviddavis over 3 years ago. Updated over 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 93
Quarter:

Description

As of today, the check for remote content has not been added (see #8423). However, it appears that remote content with forbidden checksums is getting rejected. This is problematic because the criteria for rejecting artifacts and remote artifacts differs and it appears that the criteria for artifacts is being applied to remote artifacts.

Steps to reproduce:

name="md5-$RANDOM"
url="https://fixtures.pulpproject.org/rpm-with-md5/"
policy="on_demand"

pulp rpm remote create --name $name --url $url --policy $policy
pulp rpm repository create --name $name --remote $name
pulp rpm repository sync --name $name

Result:

Error: Task /pulp/api/v3/tasks/5696b620-2965-414c-967f-fd6adb1f8aea/ failed: 'Artifact contains forbidden checksum type md5. You can allow it with 'ALLOWED_CONTENT_CHECKSUMS' setting.'
Actions #1

Updated by daviddavis over 3 years ago

  • Subject changed from The stages code rejects remote artifacts that have forbidden checksums to Remote artifacts are being rejected by the artifact checksum check
Actions #2

Updated by daviddavis over 3 years ago

  • Sprint/Milestone set to 3.12.0
Actions #3

Updated by daviddavis over 3 years ago

This seems to have fixed the problem for me but no idea if it's the correct solution:

https://gist.github.com/daviddavis/8ab24a68a72035d6a3bfc7412c992928

Actions #4

Updated by ppicka over 3 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ppicka
Actions #5

Updated by pulpbot over 3 years ago

  • Status changed from ASSIGNED to POST
Actions #6

Updated by fao89 over 3 years ago

  • Triaged changed from No to Yes
  • Sprint set to Sprint 93

Added by ppicka over 3 years ago

Revision 12326af5 | View on GitHub

Don't check RemoteArtifact by artifact check

Don't check RemoteArtifact by artifact check in stages.

closes: #8445 https://pulp.plan.io/issues/8445

Actions #7

Updated by ppicka over 3 years ago

  • Status changed from POST to MODIFIED
Actions #8

Updated by pulpbot over 3 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF