Fix Gradle publish failure in FIPS mode
What does this MR do and why?
Previously in FIPS mode when a Gradle build attempted to publish a package with an MD5 checksum, GitLab Rails would return a 422 error. This only showed up as a warning with Maven, but Gradle fails the publish step entirely.
In FIPS mode, we've already told Workhorse not to generate a MD5
checksum via UploadHashFunctions
, and the first FIPS check in the
PUT request ensures that Workhorse obeys that. However, there was a
second check in the PUT request that rejects the .md5
suffix, but
this is unnecessary since no MD5 checksum will be
stored. extract_format
is a shared helper, make this second FIPS
check optional since we still want to reject GET requests with the
.md5
suffix.
Relates to #436387 (closed)
How to set up and validate locally
- Check out the
master
branch. - Set
FIPS_MODE=1
in the environment (e.g.env.runit
). gdk restart rails
- In your GitLab instance, import the project with URL
https://gitlab.com/gitlab-com/support/toolbox/gitlab-smoke-tests
. - Click on
Build
->Pipeline
->Run pipeline
-> click onsh-support-gradle
(gitlab-com/support/toolbox/gitlab-smoke-tests!29 (merged)). - Cancel all builds and retry
maven-repository:gradle
. - The build should fail with a 422 Unprocessible Entity error.
- Repeat the test with this branch.
Edited by Stan Hu