Project

Profile

Help

Issue #1786

comps.xml has doctype with invalid dtd reference

Added by rmcgover over 5 years ago. Updated over 2 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
Master
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

yum distributor's generated comps.xml files contain the doctype declaration:

<!DOCTYPE comps PUBLIC "-//Red Hat, Inc.//DTD Comps info//EN" "comps.dtd">

Attempting to fetch that comps.dtd URI will fail (there's no such file provided
relative to the comps.xml file or anywhere else as far as I can tell).

This probably doesn't matter too much but I've filed this bug mainly for this
reason: the python 3 XML SAX parser in its default configuration will attempt
to fetch external entities, and will crash since comps.dtd can't be loaded.

Other tools, such as xmllint --loaddtd, will also complain.

History

#1 Updated by mhrivnak over 5 years ago

  • Triaged changed from No to Yes

#2 Updated by mhrivnak over 5 years ago

  • Parent task set to #1683

#3 Updated by bmbouter over 5 years ago

The comps.xml does specify an invalid DTD reference, but I'm not sure what to replace it with.

#4 Updated by bmbouter over 5 years ago

After e-mailing a packaging mailing list I've gotten several possible ones. I've looked over them and I think this one is the most complete: https://git.fedorahosted.org/cgit/comps.git/tree/comps.dtd

This one defines all 4 types I have seen in comps.xml files including (group, category, langpacks, and environment).

https://git.fedorahosted.org/cgit/comps.git/tree/comps.dtd

This one is missing definitions for environment, and langpacks, but is otherwise identical to ^

A DTD file is contained in the comps-extras package which installs it here: /usr/share/doc/comps-extras/comps.dtd

Also this project. It is a C library and I don't think we want to pick up a new dependency to solve this issue.

libcomps [1] project was created for the purpose to set a standard but I am afraid that there's no DTD. So if XML is parsable with libcomps then it should be valid.

[1] https://github.com/midnightercz/libcomps

This one only defines category and groups so it is also not as expressive as the top most one. Also it is not a DTD file.

there was a relax NG specification made: https://github.com/rpm-software-management/yum/blob/master/docs/comps.rng

#5 Updated by jluza over 5 years ago

I would stick with official fedora DTD https://pagure.io/fedora-comps/blob/master/f/comps.dtd

#6 Updated by bmbouter over 5 years ago

jluza, Thanks your recommendation seems great

#7 Updated by bmbouter over 5 years ago

  • Sprint Candidate changed from No to Yes

#8 Updated by jcline@redhat.com over 5 years ago

I'm in agreement it should be fixed, but I think it needs to be fixed in the upstream tooling (probably just createrepo_c). It appears the latest Fedora composes have the same doctype declaration[0].

[0] http://ftp.linux.ncsu.edu/pub/fedora/linux/releases/24/Server/x86_64/os/repodata/

#9 Updated by bmbouter over 5 years ago

I agree jcline. I've filed the upstream bug here: https://github.com/rpm-software-management/createrepo_c/issues/62

#10 Updated by bmbouter over 4 years ago

  • Tags RCM added

#11 Updated by amacdona@redhat.com about 3 years ago

  • Sprint Candidate changed from Yes to No

#12 Updated by bmbouter over 2 years ago

  • Status changed from NEW to CLOSED - WONTFIX

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.

#13 Updated by bmbouter over 2 years ago

  • Tags Pulp 2 added

#14 Updated by bmbouter over 2 years ago

  • Tags deleted (RCM)

Please register to edit this issue

Also available in: Atom PDF