Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Checksum type publication check #1086

Closed
wants to merge 1 commit into from
Closed

Checksum type publication check #1086

wants to merge 1 commit into from

Conversation

pavelpicka
Copy link
Collaborator

User receive error when try to publish content with disallowed checksum type.

closes: #7988
https://pulp.plan.io/issues/7988

@pulpbot
Copy link
Member

pulpbot commented Jan 25, 2021

Attached issue: https://pulp.plan.io/issues/7988

@pavelpicka pavelpicka force-pushed the 7988-publication-fips branch 6 times, most recently from 5481dc3 to 80a4533 Compare February 8, 2021 14:07
@pavelpicka
Copy link
Collaborator Author

Introduced part of error message we can re-use to point user where to update setting about checksum types.

@daviddavis
Copy link
Contributor

I'd highly encourage some testing on this PR since the logic is complicated. You'll probably have to write a unit test.

@pavelpicka pavelpicka force-pushed the 7988-publication-fips branch 6 times, most recently from 403b1f7 to c230684 Compare February 11, 2021 16:00
ipanova
ipanova reviewed Feb 11, 2021
View reviewed changes
CHANGES/7988.feature Outdated Show resolved Hide resolved
daviddavis
daviddavis reviewed Feb 11, 2021
View reviewed changes
pulpcore/constants.py Outdated Show resolved Hide resolved
@daviddavis daviddavis marked this pull request as draft February 16, 2021 14:51
@pavelpicka pavelpicka marked this pull request as ready for review February 19, 2021 14:07
@pavelpicka pavelpicka marked this pull request as draft February 23, 2021 14:41
@pavelpicka pavelpicka force-pushed the 7988-publication-fips branch 2 times, most recently from 5575db1 to d00cfda Compare February 25, 2021 14:10
@pavelpicka pavelpicka marked this pull request as ready for review February 25, 2021 14:24
@pavelpicka
Copy link
Collaborator Author

@bmbouter, @daviddavis, @ipanova PR back to ready for re-review

daviddavis
daviddavis reviewed Feb 26, 2021
View reviewed changes
pulpcore/constants.py Outdated Show resolved Hide resolved
@daviddavis
Copy link
Contributor

Three small comments. Other than that, I think this is ready to merge.

@pavelpicka
Checksum type publication check
65b3198 
User receives error when try to publish content does not contain at least on artifact with disallowed checksum type.

closes: #7988
https://pulp.plan.io/issues/7988
ipanova
ipanova reviewed Mar 1, 2021
View reviewed changes
CHANGES/7988.feature
@@ -0,0 +1 @@
Publication creation will fail when there is content which doesn't contain at least one artifact with allowed checksum.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@daviddavis when combining with this PR #1156 do i read correctly that publish will succeed with 1 forbidden( for example md5) and 1allowed checksum ( sha256) but when we get to streaming the artifact it will fail in any case because that remote artifact has forbidden checksum?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, exactly. The only thing I would mention is that it should continue to the next remote artifact and try to stream it if the first one fails.

@daviddavis
Copy link
Contributor

There is one edge case I thought of. Do plugins ever create RemoteArtifacts with no checksums? Looks like it's possible and I believe that certain plugins would have to if they do not have checksums in the metadata. If this is the case, then this code wouldn't work properly as you could never create a publication for these RemoteArtifacts.

If I am correct here, then I think we should probably just reject any publication that would have a RemoteArtifact with a forbidden checksum.

@mdellweg
Copy link
Member

mdellweg commented Mar 2, 2021

Rubygems do not have checksums. (Last time i checked.)

@daviddavis daviddavis mentioned this pull request Mar 2, 2021
Closed
@daviddavis daviddavis marked this pull request as draft March 4, 2021 17:55
@daviddavis
Copy link
Contributor

In our FIPS meeting today, we decided to postpone this work indefinitely (until a user requests it or we deem it necessary) and instead just rely on rejecting on-demand content during sync and in the content app before saving it.

@daviddavis daviddavis closed this Mar 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daviddavis daviddavis daviddavis left review comments

@dralley dralley dralley left review comments

@mdellweg mdellweg mdellweg left review comments

@ipanova ipanova ipanova approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@pavelpicka @pulpbot @daviddavis @mdellweg @dralley @ipanova