Issue #1786
closed
comps.xml has doctype with invalid dtd reference
Description
yum distributor's generated comps.xml files contain the doctype declaration:
<!DOCTYPE comps PUBLIC "-//Red Hat, Inc.//DTD Comps info//EN" "comps.dtd">
Attempting to fetch that comps.dtd URI will fail (there's no such file provided
relative to the comps.xml file or anywhere else as far as I can tell).
This probably doesn't matter too much but I've filed this bug mainly for this
reason: the python 3 XML SAX parser in its default configuration will attempt
to fetch external entities, and will crash since comps.dtd can't be loaded.
Other tools, such as xmllint --loaddtd, will also complain.
Updated by bmbouter over 8 years ago
The comps.xml does specify an invalid DTD reference, but I'm not sure what to replace it with.
Updated by bmbouter over 8 years ago
After e-mailing a packaging mailing list I've gotten several possible ones. I've looked over them and I think this one is the most complete: https://git.fedorahosted.org/cgit/comps.git/tree/comps.dtd
This one defines all 4 types I have seen in comps.xml files including (group, category, langpacks, and environment).
This one is missing definitions for environment, and langpacks, but is otherwise identical to ^
A DTD file is contained in the comps-extras package which installs it here: /usr/share/doc/comps-extras/comps.dtd
Also this project. It is a C library and I don't think we want to pick up a new dependency to solve this issue.
libcomps [1] project was created for the purpose to set a standard but I am afraid that there's no DTD. So if XML is parsable with libcomps then it should be valid.
This one only defines category and groups so it is also not as expressive as the top most one. Also it is not a DTD file.
there was a relax NG specification made: https://github.com/rpm-software-management/yum/blob/master/docs/comps.rng
Updated by jluza over 8 years ago
I would stick with official fedora DTD https://pagure.io/fedora-comps/blob/master/f/comps.dtd
Updated by bmbouter over 8 years ago
jluza, Thanks your recommendation seems great
Updated by jcline@redhat.com over 8 years ago
I'm in agreement it should be fixed, but I think it needs to be fixed in the upstream tooling (probably just createrepo_c). It appears the latest Fedora composes have the same doctype declaration[0].
[0] http://ftp.linux.ncsu.edu/pub/fedora/linux/releases/24/Server/x86_64/os/repodata/
Updated by bmbouter over 8 years ago
I agree jcline. I've filed the upstream bug here: https://github.com/rpm-software-management/createrepo_c/issues/62
Updated by amacdona@redhat.com over 6 years ago
- Sprint Candidate changed from Yes to No
Updated by bmbouter over 5 years ago
- Status changed from NEW to CLOSED - WONTFIX
Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.
.