Closed philippthun closed 5 months ago
Use SHA algorithm for content digest in URLUploader
Staging fails when running Diego and CAPI on a FIPS stemcell. The reason for this is that the URLUploader uses MD5 as content hashing algorithm.
CAPI has already been enhanced to support the Content-Digest HTTP header with the following format:
Content-Digest
<algorithm>=:<base64-digest>:
As md5 is not available on FIPS stemcells, the algorithm used by the URLUploader should be one of the following: sha-512, sha-256 or sha-1.
md5
algorithm
URLUploader
sha-512
sha-256
sha-1
See also cloudfoundry/cloud_controller_ng#3558
cloudfoundry/executor
Fixed in: https://github.com/cloudfoundry/executor/commit/2b9c1fb524eb562a49a7da69f54506f93a2a672c
The release is out with the fix - https://github.com/cloudfoundry/diego-release/releases/tag/v2.90.0
Enter an issue title
Use SHA algorithm for content digest in URLUploader
Summary
Staging fails when running Diego and CAPI on a FIPS stemcell. The reason for this is that the URLUploader uses MD5 as content hashing algorithm.
CAPI has already been enhanced to support the
Content-Digest
HTTP header with the following format:As
md5
is not available on FIPS stemcells, thealgorithm
used by theURLUploader
should be one of the following:sha-512
,sha-256
orsha-1
.See also cloudfoundry/cloud_controller_ng#3558
Diego repo
cloudfoundry/executor