Relax FIPS constraints on PyPi packages
What does this MR do and why?
Previously on a FIPS system if a PyPi package were uploaded that included md5_digest
, the upload would fail with a 422 Unprocessible Entity error due to !87180 (merged). This commit relaxes the constraint and only fails if sha256_digest
is not present.
Even on a FIPS system, running a Docker image such as python:latest
doesn't ship with a FIPS-enabled OpenSSL. The change in https://github.com/pypa/twine/issues/776 doesn't omit md5_digest
as a result.
Relates to #385477 (closed)
How to set up and validate locally
- Use a FIPS-enabled kernel (https://docs.gitlab.com/ee/development/fips_compliance.html#setting-up-a-fips-enabled-development-environment).
- Install a standard GitLab EE installation.
- Clone https://gitlab.com/gitlab-com/support/toolbox/gitlab-smoke-tests/.
- Run a pipeline in the repository.
- Manually play
pypi-repository
job.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Stan Hu