diff options
author | Brian Rosmaita <rosmaita.fossdev@gmail.com> | 2020-04-07 00:13:49 -0400 |
---|---|---|
committer | Brian Rosmaita <rosmaita.fossdev@gmail.com> | 2020-05-04 08:56:58 -0400 |
commit | 56186d6d5aa1a0c8fde99eeb535a650b0495925d (patch) | |
tree | e94280deebebcc70ee69bd050466a42937d47a99 /releasenotes | |
parent | cf5434a1b886b152781a206815adff176d2e67fd (diff) | |
download | python-glanceclient-56186d6d5aa1a0c8fde99eeb535a650b0495925d.tar.gz |
Fail gracefully when MD5 is unavailable
The glanceclient currently assumes that MD5 will always be available.
This is not the case, however, in a FIPS-compliant environment. This
patch enables the glanceclient to fail gracefully in such a case.
Closes-bug: #1871675
Change-Id: Ibd89989e06cc5be7da71f5f21561d73b5abc4104
Diffstat (limited to 'releasenotes')
-rw-r--r-- | releasenotes/notes/check-for-md5-59db8fd67870b214.yaml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/releasenotes/notes/check-for-md5-59db8fd67870b214.yaml b/releasenotes/notes/check-for-md5-59db8fd67870b214.yaml new file mode 100644 index 0000000..a70176b --- /dev/null +++ b/releasenotes/notes/check-for-md5-59db8fd67870b214.yaml @@ -0,0 +1,13 @@ +--- +other: + -| + For legacy (pre-Rocky) images that do not contain "multihash" metadata, + or when the ``--allow-md5-fallback`` option is used in cases where the + multihash metadata is present but the specified algorithm is not available + to the glanceclient, the glanceclient uses an MD5 checksum to validate + the download. When operating in a FIPS-compliant environment, however, + the MD5 algorithm may be unavailable to the glanceclient. In such a case, + (that is, when the MD5 checksum information is available to the glanceclient + but the MD5 algorithm is not), the glanceclient will fail the download as + corrupt because it cannot prove otherwise. This is consistent with + current behavior. |