Skip to content

Commit

Permalink
Fixed an issue where the value of gpgcheck wasn't set appropriately
Browse files Browse the repository at this point in the history
On publications created by `mirror_complete` sync.

closes #3462
  • Loading branch information
dralley committed Mar 22, 2024
1 parent 8d5a773 commit 2f8a477
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 6 deletions.
1 change: 1 addition & 0 deletions CHANGES/3462.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fixed an issue where the value of `gpgcheck` wasn't appropriately set on some publications.
19 changes: 13 additions & 6 deletions pulp_rpm/app/tasks/synchronizing.py
Original file line number Diff line number Diff line change
Expand Up @@ -153,12 +153,6 @@ def add_metadata_to_publication(publication, version, prefix=""):
"""
repo_metadata_files = metadata_files_for_mirroring[str(version.repository.pk)]

has_repomd_signature = "repodata/repomd.xml.asc" in repo_metadata_files.keys()

publication.package_checksum_type = CHECKSUM_TYPES.UNKNOWN
publication.metadata_checksum_type = CHECKSUM_TYPES.UNKNOWN
publication.repo_config = {"repo_gpgcheck": has_repomd_signature, "gpgcheck": 0}

for relative_path, metadata_file_path in repo_metadata_files.items():
with open(metadata_file_path, "rb") as metadata_fd:
PublishedMetadata.create_from_file(
Expand Down Expand Up @@ -577,6 +571,19 @@ def is_subrepo(directory):
with RpmPublication.create(
repo_sync_results[PRIMARY_REPO], pass_through=False
) as publication:
gpgcheck = repository.repo_config.get("gpgcheck", 0)
has_repomd_signature = (
"repodata/repomd.xml.asc" in metadata_files_for_mirroring[str(repository.pk)].keys()
)
repo_gpgcheck = has_repomd_signature and repository.repo_config.get("repo_gpgcheck", 0)

publication.package_checksum_type = CHECKSUM_TYPES.UNKNOWN
publication.metadata_checksum_type = CHECKSUM_TYPES.UNKNOWN
publication.repo_config = {
"repo_gpgcheck": int(repo_gpgcheck),
"gpgcheck": int(gpgcheck),
}

for path, repo_version in repo_sync_results.items():
add_metadata_to_publication(publication, repo_version, prefix=path)

Expand Down
46 changes: 46 additions & 0 deletions pulp_rpm/tests/functional/api/test_sync.py
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
"""Tests that sync rpm plugin repositories."""

import pytest
from random import choice

import dictdiffer
import requests
from django.conf import settings
from django.utils.dateparse import parse_datetime

Expand Down Expand Up @@ -1094,3 +1096,47 @@ def test_mirror_mode(sync_policy, init_and_sync, rpm_publication_api):
repository_version=repository.latest_version_href
).count
assert created_publications == 1


@pytest.mark.parallel
def test_config_repo_mirror_sync(
rpm_rpmremote_factory,
rpm_repository_factory,
rpm_publication_factory,
rpm_distribution_factory,
rpm_repository_api,
rpm_publication_api,
monitor_task,
):
"""Whether config.repo has the right content for a mirror sync."""

# TODO: once we have a fixture repository with signed metadata, we should use that
# and extend this test to see that repo_gpgcheck=1 even if the repository has it disabled
remote = rpm_rpmremote_factory(url=RPM_UNSIGNED_FIXTURE_URL)
repository = rpm_repository_factory(
remote=remote.pulp_href, repo_config={"repo_gpgcheck": 1, "gpgcheck": 1}
)
repository_sync_data = RpmRepositorySyncURL(
remote=remote.pulp_href,
sync_policy="mirror_complete",
)

sync_response = rpm_repository_api.sync(repository.pulp_href, repository_sync_data)
monitor_task(sync_response.task)
repository = rpm_repository_api.read(repository.pulp_href)
publication = rpm_publication_api.list(
repository_version=repository.latest_version_href
).results[0]

distribution = rpm_distribution_factory(
publication=publication.pulp_href, generate_repo_config=True
)

content = requests.get(f"{distribution.base_url}config.repo").content

# gpgcheck should follow repo_config
# repo_gpgcheck should match whether the upstream repo has signed metadata or not
assert bytes(f"[{distribution.name}]\n", "utf-8") in content
assert bytes(f"baseurl={distribution.base_url}\n", "utf-8") in content
assert bytes("gpgcheck=1\n", "utf-8") in content
assert bytes("repo_gpgcheck=0", "utf-8") in content

0 comments on commit 2f8a477

Please sign in to comment.