[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pulp-list] syncing old repos with sha1 checksums

We got this bug in Katello:


that describes an issue we are having trying to remove packages from existing repos. We call pulp's /pulp/api/services/disassociate/packages/ API call which searches for packages by filename and sha. The issue came from the old repository metadata from this virtualbox repo that Corey synced:


the RPM metadata in the above location are still checksummed with a sha1 signature vs sha256. The issue comes down to the pulp code in v1:


here in pulp/server/api/repo.py:

    def _translate_filename_checksum_pairs(self, pkg_infos):
Translates a list of filename/checksum structures to a list of package ids.
        @param pkg_infos: format is [((filename, checksum), [repoids])]
        @return:    {'repo_id':[pkgids]}, {errors}
        start_translate = time.time()
        p_col = model.Package.get_collection()
        repo_pkgs = {}
        errors = {}
        for item in pkg_infos:
            filename = item[0][0]
            checksum = item[0][1]
            repos = item[1]
found = p_col.find_one({"filename":filename, "checksum.sha256":checksum}, {"id":1})

you can see it will never find the packages with metadata signed with checksum.sha... is this fixed in V2?

Mike McCune
mmccune AT redhat.com
Red Hat Engineering       | Portland, OR
Systems Management        | 650-254-4248

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]