Brian Rosmaita
56186d6d5a
The glanceclient currently assumes that MD5 will always be available. This is not the case, however, in a FIPS-compliant environment. This patch enables the glanceclient to fail gracefully in such a case. Closes-bug: #1871675 Change-Id: Ibd89989e06cc5be7da71f5f21561d73b5abc4104
14 lines
718 B
YAML
14 lines
718 B
YAML
---
|
|
other:
|
|
-|
|
|
For legacy (pre-Rocky) images that do not contain "multihash" metadata,
|
|
or when the ``--allow-md5-fallback`` option is used in cases where the
|
|
multihash metadata is present but the specified algorithm is not available
|
|
to the glanceclient, the glanceclient uses an MD5 checksum to validate
|
|
the download. When operating in a FIPS-compliant environment, however,
|
|
the MD5 algorithm may be unavailable to the glanceclient. In such a case,
|
|
(that is, when the MD5 checksum information is available to the glanceclient
|
|
but the MD5 algorithm is not), the glanceclient will fail the download as
|
|
corrupt because it cannot prove otherwise. This is consistent with
|
|
current behavior.
|