Revert disabling MD5 checksums
This was a significant breaking change that was landed despite explicit disagreement by some community members (myself included). It has already resulted in an accidental Ironic CI breakage, has broken Bifrost and has a potential of breaking Metal3. In case of Metal3, MD5 support is a part of its public API. While MD5 is a potential security hazard, I don't see the need to hurry this change without giving the community time to prepare. This change reverts the new option md5_enabled to True. Change-Id: I32b291ea162e8eb22429712c15cb5b225a6daafd
This commit is contained in:
parent
c05fdf790c
commit
c1c5537ba2
@ -329,8 +329,9 @@ cli_opts = [
|
|||||||
'cluster which may be visible over a storage fabric '
|
'cluster which may be visible over a storage fabric '
|
||||||
'such as FibreChannel.'),
|
'such as FibreChannel.'),
|
||||||
cfg.BoolOpt('md5_enabled',
|
cfg.BoolOpt('md5_enabled',
|
||||||
default=False,
|
default=True,
|
||||||
help='If the MD5 algorithm is enabled for file checksums.'),
|
help='If the MD5 algorithm is enabled for file checksums. '
|
||||||
|
'Will be changed to False in the future.'),
|
||||||
]
|
]
|
||||||
|
|
||||||
CONF.register_cli_opts(cli_opts)
|
CONF.register_cli_opts(cli_opts)
|
||||||
|
@ -123,6 +123,7 @@ class TestStandbyExtension(base.IronicAgentTest):
|
|||||||
standby._validate_image_info(None, image_info)
|
standby._validate_image_info(None, image_info)
|
||||||
|
|
||||||
def test_validate_image_info_legacy_md5_checksum(self):
|
def test_validate_image_info_legacy_md5_checksum(self):
|
||||||
|
CONF.set_override('md5_enabled', False)
|
||||||
image_info = _build_fake_image_info()
|
image_info = _build_fake_image_info()
|
||||||
del image_info['os_hash_algo']
|
del image_info['os_hash_algo']
|
||||||
del image_info['os_hash_value']
|
del image_info['os_hash_value']
|
||||||
|
@ -6,14 +6,7 @@ features:
|
|||||||
(SHA-2) and SHA256 (SHA-2) checksums to be identified and utilized without
|
(SHA-2) and SHA256 (SHA-2) checksums to be identified and utilized without
|
||||||
an explicit declaration of the checksum type utilizing the
|
an explicit declaration of the checksum type utilizing the
|
||||||
``os_hash_algo`` value.
|
``os_hash_algo`` value.
|
||||||
upgrade:
|
|
||||||
- |
|
|
||||||
MD5 support for checksums have been disabled by default. This may result
|
|
||||||
in rebulids or manual deploy attempts to fail if no updated checksum has
|
|
||||||
been supplied for the ``os_hash_value`` and ``os_hash_algo`` settings.
|
|
||||||
To re-enable MD5 support, you may utilize a the ``[DEFAULT]md5_enabled``
|
|
||||||
setting.
|
|
||||||
deprecations:
|
deprecations:
|
||||||
- |
|
- |
|
||||||
Support for MD5 checksums have been deprecated and disabled by default.
|
Support for MD5 checksums have been deprecated and will be removed after
|
||||||
Support for MD5 checksums will be removed after the 2024 Release.
|
the 2024 Release.
|
||||||
|
Loading…
Reference in New Issue
Block a user