Story #5440
Updated by daviddavis about 5 years ago
h2. Problem
Some users may not be comfortable with the use of certain algorithms that have known vulnerabilities such as md5 and sha1. Also, some security standards discourage use of certain hash algorithms.
h2. Solution
Allow users to set a `HASH_ALGORITHMS` setting before they run Pulp for the first time that includes a list of hash algorithms they wish to use. This list should act as a whitelist.
1. Create a constant of the hash algorithms that we support (eg AVAILABLE_HASH_ALGORITHMS) and validate that each HASH_ALGORITHMS item is in AVAILABLE_HASH_ALGORITHMS
2. Validate that sha256 is in HASH_ALGORITHMS. We use this to verify the uniqueness of artifacts.
3. Make all checksum fields on Artifact nullable except sha256
4. Test that artifact workflows still work
5. Test (or open an issue) to ensure that pulp_rpm properly supports HASH_ALGORITHMS
6. Document the HASH_ALGORITHMS setting and note that it must be set before Pulp is run for the first time