Fail gracefully when MD5 is unavailable

The glanceclient currently assumes that MD5 will always be available.
This is not the case, however, in a FIPS-compliant environment.  This
patch enables the glanceclient to fail gracefully in such a case.

Closes-bug: #1871675
Change-Id: Ibd89989e06cc5be7da71f5f21561d73b5abc4104

1 files changed, 13 insertions, 0 deletions

diff --git a/releasenotes/notes/check-for-md5-59db8fd67870b214.yaml b/releasenotes/notes/check-for-md5-59db8fd67870b214.yaml
new file mode 100644
index 0000000..a70176b
--- /dev/null
+++ b/releasenotes/notes/check-for-md5-59db8fd67870b214.yaml
@@ -0,0 +1,13 @@
+---
+other:
+  -|
+   For legacy (pre-Rocky) images that do not contain "multihash" metadata,
+   or when the ``--allow-md5-fallback`` option is used in cases where the
+   multihash metadata is present but the specified algorithm is not available
+   to the glanceclient, the glanceclient uses an MD5 checksum to validate
+   the download.  When operating in a FIPS-compliant environment, however,
+   the MD5 algorithm may be unavailable to the glanceclient. In such a case,
+   (that is, when the MD5 checksum information is available to the glanceclient
+   but the MD5 algorithm is not), the glanceclient will fail the download as
+   corrupt because it cannot prove otherwise.  This is consistent with
+   current behavior.