diff options
author | Julia Kreger <juliaashleykreger@gmail.com> | 2020-02-18 11:56:10 -0800 |
---|---|---|
committer | Dmitry Tantsur <dtantsur@protonmail.com> | 2020-03-12 09:24:46 +0000 |
commit | 771cc7fc1a3325a4065072131afaa46cb74e0660 (patch) | |
tree | 2c017a7c88b08f03807fe707e472ddd911e3c703 /releasenotes | |
parent | a18f5ef1876e46aa976db3e8e077451d431bcd6c (diff) | |
download | ironic-771cc7fc1a3325a4065072131afaa46cb74e0660.tar.gz |
Change force_raw_images to use sha256 if md5 is selected
In order to enable ironic's conductor to execute on nodes
set for FIPS 140-2 compliance, we need to not explicitly
choose MD5.
In the case of forcing images to raw, we were calculating
the checksum at least once, if not twice. Now we will honor
the original algorithm unless it is MD5, at which point we
will default to SHA3-256, and only recalculate the checksum
once.
Change-Id: I408a2e461bebf1f6d9fa3e350eb7ab1a3544adad
Story: 2007306
Task: 38791
(cherry picked from commit 06c59972674f063a84307b2d954f9a6013d66ccb)
Diffstat (limited to 'releasenotes')
-rw-r--r-- | releasenotes/notes/image-checksum-recalculation-sha256-fd3d5b4b0b757e86.yaml | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/releasenotes/notes/image-checksum-recalculation-sha256-fd3d5b4b0b757e86.yaml b/releasenotes/notes/image-checksum-recalculation-sha256-fd3d5b4b0b757e86.yaml new file mode 100644 index 000000000..1edd2a483 --- /dev/null +++ b/releasenotes/notes/image-checksum-recalculation-sha256-fd3d5b4b0b757e86.yaml @@ -0,0 +1,10 @@ +--- +upgrade: + - | + If ``[DEFAULT]force_raw_images`` is set to ``true``, then MD5 will not be + utilized to recalculate the image checksum. This requires the + ``ironic-python-agent`` ramdisk to be at least version 3.4.0. +security: + - | + Image checksum recalculation when images are forced to raw images, are now + calculated using SHA3-256 if MD5 was selected. This is now unconditional. |