[PUP-9909] Use file_sha256 to verify module tarballs - Puppet Jira Server

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 6.8.0
Component/s: None
Labels:
- resolved-issue-added

Epic Link:
FIPS masters
Team:
Coremunity
Sprint:
Platform Core KANBAN

Release Notes:
Enhancement
Release Notes Summary:
The `puppet module install` command will prefer SHA-256 when verifying the downloaded module tarball, but fallback to MD5 if necessary.

QA Risk Assessment:
Needs Assessment

Description

The forge api recently added file_sha256 for module downloads, see ~~FORGE-360~~. The PMT should prefer that digest always. If the digest is missing and fips is enabled, it should raise like it does now. If fips is not enabled, then it should fall back to md5.

Attachments

Issue Links

blocks

SERVER-2596 Re-enable tests using `puppet module` in FIPS mode

Accepted

Activity

People

Assignee:: Josh Cooper

Reporter:: Josh Cooper

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2019/07/18 10:01 AM

Updated:: 2019/08/19 11:14 AM

Resolved:: 2019/07/25 4:33 PM