[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pulp-list] syncing old repos with sha1 checksums



We got this bug in Katello:

https://bugzilla.redhat.com/show_bug.cgi?id=855146

that describes an issue we are having trying to remove packages from existing repos. We call pulp's /pulp/api/services/disassociate/packages/ API call which searches for packages by filename and sha. The issue came from the old repository metadata from this virtualbox repo that Corey synced:

http://download.virtualbox.org/virtualbox/rpm/fedora/17/x86_64/

the RPM metadata in the above location are still checksummed with a sha1 signature vs sha256. The issue comes down to the pulp code in v1:

https://bugzilla.redhat.com/show_bug.cgi?id=855146#c7

here in pulp/server/api/repo.py:

    def _translate_filename_checksum_pairs(self, pkg_infos):
        """
Translates a list of filename/checksum structures to a list of package ids.
        @param pkg_infos: format is [((filename, checksum), [repoids])]
        @return:    {'repo_id':[pkgids]}, {errors}
        """
        start_translate = time.time()
        p_col = model.Package.get_collection()
        repo_pkgs = {}
        errors = {}
        for item in pkg_infos:
            filename = item[0][0]
            checksum = item[0][1]
            repos = item[1]
found = p_col.find_one({"filename":filename, "checksum.sha256":checksum}, {"id":1})

you can see it will never find the packages with metadata signed with checksum.sha... is this fixed in V2?

--
Mike McCune
mmccune AT redhat.com
Red Hat Engineering       | Portland, OR
Systems Management        | 650-254-4248


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]