# FIPS user stories ## General * As a user, I can run Pulp 3 in FIPS-enabled mode. * Pulp will support all of the default checksums (see below) including md5 and sha-1 in FIPS mode * As a user, when I migrate from Pulp 2, I get the default set of checksums that I can then later modify * In other words, we will migrate all of the checksum information from Pulp 2 ## Configuring Pulp * As a user, I can configure which checksums I want pulp to use when dealing with content by setting `ALLOWED_CONTENT_CHECKSUMS` * The default list is md5, sha-1, sha-224, sha-256, sha-384, sha-512 * ALLOWED_CONTENT_CHECKSUMS must be a subset of: md5, sha-1, sha-224, sha-256, sha-384, sha-512 * As a user, I can change `ALLOWED_CONTENT_CHECKSUMS` after I have content in Pulp * User must run the `handle-artifact-checksums` command (see Reporting & Updating section) ## Startup Checks * As a user, I get a warning at start time if I have on-demand content checksums that are not in `ALLOWED_CONTENT_CHECKSUMS` * As a user, Pulp refuses to start if I have immediate content that are non compliant with `ALLOWED_CONTENT_CHECKSUMS` * This can be fixed by running the `handle-artifact-checksums` command ## Reporting & Updating Pulp's Checksums * As a user, I can fix immediate content checksums to be compliant with `ALLOWED_CONTENT_CHECKSUMS` * The `handle-artifact-checksums` command will add artifact checksums missing from `ALLOWED_CONTENT_CHECKSUMS` * And it will remove checksums from artifact that are not in `ALLOWED_CONTENT_CHECKSUMS` * As a user, I can evaluate a "what-if scenario" by generating a report of impacted content from a set of user provided checksums (not from `ALLOWED_CONTENT_CHECKSUMS`) * for immediate content, it will give an idea of how long the switch to the new checksum setting might take * for on_demand content, it must be clear how many items will be unusable if a user doesn't go back and download that content * for publications (rpm specific), it would be good to produce a list of affected ones, so user knows what to republish * This may be hard to do without parsing the published artifacts. * Also, ALLOWED_CONTENT_CHECKSUMS should apply to user actions, not passed actions/artifacts. ## Possible Runtime Errors * As a user, I get an error message when I try to sync content and the only available checksum is not in `ALLOWED_CONTENT_CHECKSUMS` * As a user, I get an error message when I try to create a publication which has content with a checksum that is not in `ALLOWED_CONTENT_CHECKSUMS` * As a client, I get an error message when I try to consume on_demand content with a checksum that is not in `ALLOWED_CONTENT_CHECKSUMS` ## Questions * How do we handle the checksums in updateinfo.xml? * Document that `ALLOWED_CONTENT_CHECKSUMS` doesn't apply to updateinfo.xml? * [ttereshc] +1 * Can we support running the handle-artifact-checksums command while Pulp is running? * Maybe allow users to start the process while Pulp is running, take down pulp, then run the handle-artifact-checksums command * How would we handle RemoteArtifacts that have multiple checksums, one/some of which are 'forbidden'? * Probably not something that we need to be concerned with initially - file and rpm don't do this "in real life", There Can Be Only One. * The model allows it - so we need to have a story for handling it 'eventually' ###### tags: `FIPS`