Project

Profile

Help

Issue #1802

Pulp 2.8 client no longer supports sha1 RPM checksum type

Added by esabouraud over 4 years ago. Updated over 1 year ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
2.8.0
Platform Release:
2.8.3
OS:
RHEL 6
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Sprint 1
Quarter:

Description

After updating to Pulp 2.8.0 client from 2.7.1 through yum on RHEL6 (pulp-admin-client-2.8.0-1.el6, pulp-rpm-admin-extensions-2.8.0-1.el6) I have found I can no longer upload RPMs with a sha1 checksum type. Furthermore, there is no notification that the checksum type is ignored.

I saw that there is an issue related to checksums solved in the 2.8.1 beta so I updated to the beta (pulp-admin-client-2.8.1-0.2.rc.el6, pulp-rpm-admin-extensions-2.8.1-0.2.rc.el6), but the issue persists.
This does cause issues when using yum on older RHEL versions (e.g. RHEL5) to install packages published through pulp.

Downgrading the Pulp client back to 2.7.1 does restore this feature.

Example:

# pulp-admin rpm repo uploads rpm --repo-id=ingenico-front-dev-el6-x86_64 --checksum-type=sha1 --file=/home/esabouraud/rpmbuild/RPMS/x86_64/axisk4-libaxcore5-5.2.4-0.1.unstable.x86_64.rpm

+----------------------------------------------------------------------+
                              Unit Upload
+----------------------------------------------------------------------+

Extracting necessary metadata for each request...
[==================================================] 100%
Analyzing: axisk4-libaxcore5-5.2.4-0.1.unstable.x86_64.rpm
... completed

Creating upload requests on the server...
[==================================================] 100%
Initializing: axisk4-libaxcore5-5.2.4-0.1.unstable.x86_64.rpm
... completed

Starting upload of selected units. If this process is stopped through ctrl+c, the uploads will be paused and may be resumed later using the resume command or canceled entirely using the cancel command.

Uploading: axisk4-libaxcore5-5.2.4-0.1.unstable.x86_64.rpm
[==================================================] 100%
474063/474063 bytes
... completed

Importing into the repository...
This command may be exited via ctrl+c without affecting the request.

[\]
Running...

Task Succeeded

Deleting the upload request...
... completed

# pulp-admin rpm repo content rpm --repo-id=ingenico-front-dev-el6-x86_64 --match 'filename=^axisk.*unstable' --match 'checksumtype=sha256' | grep Filename
Filename:     axisk4-libaxcore5-5.2.4-0.1.unstable.x86_64.rpm
# pulp-admin rpm repo content rpm --repo-id=ingenico-front-dev-el6-x86_64 --match 'filename=^axisk.*unstable' --match 'checksumtype=sha1' | grep Filename
#
pulp27-uploadsha1rpm.txt (6.18 KB) pulp27-uploadsha1rpm.txt upload with pulp-admin-client-2.7.1-1 esabouraud, 04/06/2016 06:33 PM
pulp28-uploadsha1rpm.txt (6.21 KB) pulp28-uploadsha1rpm.txt upload with pulp-admin-client-2.8.1-1 esabouraud, 04/06/2016 06:34 PM

Related issues

Has duplicate Pulp - Issue #1822: Pulp 2.8 client no longer supports sha1 RPM checksum type (REOPEN #1802)CLOSED - DUPLICATE<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

Associated revisions

Revision 75fc16f5 View on GitHub
Added by jortel@redhat.com over 4 years ago

Restore upload checksum type property. closes #1802

History

#1 Updated by mhrivnak over 4 years ago

  • Category deleted (15)
  • Priority changed from Normal to High
  • Platform Release set to 2.8.2
  • Triaged changed from No to Yes

#2 Updated by mhrivnak over 4 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to mhrivnak

On Fedora 23 at least, I'm not able to reproduce.

$ pulp-admin rpm repo uploads rpm --repo-id=foo --checksum-type=sha1 -f ./zip-3.0-15.fc23.x86_64.rpm
$ pulp-admin rpm repo content rpm --repo-id=foo
Arch:         x86_64
Buildhost:    buildvm-03.phx2.fedoraproject.org
Checksum:     d2841486a46e6f95063d3f0529c390aa92ad081b
Checksumtype: sha1
Description:  The zip program is a compression and file packaging utility.  Zip
              is analogous to a combination of the UNIX tar and compress
              commands and is compatible with PKZIP (a compression and file
              packaging utility for MS-DOS systems).  Install the zip package if
              you need to compress files using the zip program.
Epoch:        0
Filename:     zip-3.0-15.fc23.x86_64.rpm
License:      BSD
Name:         zip
Provides:     zip = 3.0-15.fc23-0, zip(x86-64) = 3.0-15.fc23-0
Release:      15.fc23
Requires:     libbz2.so.1()(64bit), libc.so.6()(64bit),
              libc.so.6(GLIBC_2.14)(64bit), libc.so.6(GLIBC_2.2.5)(64bit),
              libc.so.6(GLIBC_2.3)(64bit), libc.so.6(GLIBC_2.3.4)(64bit),
              libc.so.6(GLIBC_2.4)(64bit), libc.so.6(GLIBC_2.7)(64bit),
              rtld(GNU_HASH), unzip
Vendor:       Fedora Project
Version:      3.0

#3 Updated by mhrivnak over 4 years ago

This also works for me on RHEL 6.7 with pulp 2.8.1-0.2.rc

$ cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.7 (Santiago)
$ rpm -qa| grep pulp| sort
mod_wsgi-3.4-2.pulp.el6.x86_64
pulp-admin-client-2.8.1-0.2.rc.el6.noarch
pulp-docker-admin-extensions-2.0.0-1.el6.noarch
pulp-docker-plugins-2.0.0-1.el6.noarch
pulp-puppet-admin-extensions-2.8.1-0.2.rc.el6.noarch
pulp-puppet-plugins-2.8.1-0.2.rc.el6.noarch
pulp-rpm-admin-extensions-2.8.1-0.2.rc.el6.noarch
pulp-rpm-plugins-2.8.1-0.2.rc.el6.noarch
pulp-selinux-2.8.1-0.2.rc.el6.noarch
pulp-server-2.8.1-0.2.rc.el6.noarch
python-isodate-0.5.0-4.pulp.el6.noarch
python-kombu-3.0.33-4.pulp.el6.noarch
python-pulp-bindings-2.8.1-0.2.rc.el6.noarch
python-pulp-client-lib-2.8.1-0.2.rc.el6.noarch
python-pulp-common-2.8.1-0.2.rc.el6.noarch
python-pulp-docker-common-2.0.0-1.el6.noarch
python-pulp-oid_validation-2.8.1-0.2.rc.el6.noarch
python-pulp-puppet-common-2.8.1-0.2.rc.el6.noarch
python-pulp-repoauth-2.8.1-0.2.rc.el6.noarch
python-pulp-rpm-common-2.8.1-0.2.rc.el6.noarch

$ pulp-admin rpm repo create --repo-id=foo
$ pulp-admin rpm repo uploads rpm --repo-id=foo --checksum-type=sha1 -f ./cat-1.0-1.noarch.rpm
$ pulp-admin rpm repo content rpm --repo-id=foo
Arch:         noarch
Buildhost:    smqe-ws15
Checksum:     aa17e0f3346d173b38a9bdfb5e4f599a64afa061
Checksumtype: sha1
Description:  A dummy package of cat
Epoch:        0
Filename:     cat-1.0-1.noarch.rpm
License:      GPLv2
Name:         cat
Provides:     cat = 1.0-1-0
Release:      1
Requires:     
Version:      1.0

#4 Updated by mhrivnak over 4 years ago

  • Status changed from ASSIGNED to CLOSED - WORKSFORME
  • Triaged changed from Yes to No

I tried setting the checksum-type on the repo to sha256 and then doing the upload, but it still worked.

I also tried syncing a repo with sha256 checksums, and then uploaded a package to that same repo using sha1. Again it worked.

I also tried uploading a package using sha256, then immediately uploading the same package to the same repo using sha1. It replaced the original, and again I was left with the sha1 unit in the repo.

I also tried uploading a package using sha256, removing it from the repo to make it an orphan, then re-uploading with sha1. That also worked as expected, leaving the sha1 unit in the repo.

If you have any other guidance on how we could reproduce this, please re-open with more info. Thanks for sending the report.

#5 Updated by esabouraud over 4 years ago

I am indeed able to reproduce the issue, please see the attached verbose upload logs.

This looks like a webservice parameter issue to me : checksum_type has been changed to checksumtype

2.7.1:

2016-04-06 18:21:41,640 - INFO - POST request to /pulp/api/v2/repositories/ingenico-front-dev-el6-x86_64/actions/import_upload/ with parameters {"override_config": {}, "unit_type_id": "rpm", "upload_id": "2a96d0b2-ac9b-4fab-83ea-2a09180b98e4", "unit_key": {}, "unit_metadata": {"checksum_type": "sha1"}}

2.8.1:

2016-04-06 18:26:53,233 - INFO - POST request to /pulp/api/v2/repositories/ingenico-front-dev-el6-x86_64/actions/import_upload/ with parameters {"override_config": {}, "unit_type_id": "rpm", "upload_id": "10902836-d915-4cff-a7af-df39e7d2aed6", "unit_key": {}, "unit_metadata": {"checksumtype": "sha1"}}

#6 Updated by esabouraud over 4 years ago

I don't see any way for me to reopen this issue, I will create a new one.

#7 Updated by mhrivnak over 4 years ago

  • Status changed from CLOSED - WORKSFORME to NEW
  • Assignee deleted (mhrivnak)
  • Platform Release changed from 2.8.2 to 2.8.3
  • Triaged changed from No to Yes

#8 Updated by mhrivnak over 4 years ago

  • Has duplicate Issue #1822: Pulp 2.8 client no longer supports sha1 RPM checksum type (REOPEN #1802) added

#9 Updated by esabouraud over 4 years ago

As mentioned in the duplicate issue, the server version is 2.7.0-1.el6.

#10 Updated by mhrivnak over 4 years ago

  • Sprint/Milestone set to 19

#11 Updated by jortel@redhat.com over 4 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to jortel@redhat.com

#12 Updated by jortel@redhat.com over 4 years ago

  • Status changed from ASSIGNED to POST

#13 Updated by jortel@redhat.com over 4 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#14 Updated by esabouraud over 4 years ago

Issue fixed with pulp client 2.8.3-0.1.beta.el6

2016-04-26 14:17:48,754 - INFO - POST request to /pulp/api/v2/repositories/ingenico-front-dev-el6-x86_64/actions/import_upload/ with parameters {"override_config": {}, "unit_type_id": "rpm", "upload_id": "2494fd73-86fe-4501-88e5-1f17ea85d9f8", "unit_key": {}, "unit_metadata": {"checksum_type": "sha1"}}

#15 Updated by semyers over 4 years ago

  • Status changed from MODIFIED to 5

#16 Updated by pthomas@redhat.com over 4 years ago

  • Status changed from 5 to 6

verified

[root@ibm-x3550m3-09 ~]# rpm -qa pulp-server
pulp-server-2.8.3-0.2.beta.el7.noarch
[root@ibm-x3550m3-09 ~]# 

[root@ibm-x3550m3-09 ~]# pulp-admin login -u admin -p admin

Successfully logged in. Session certificate will expire at May 16 15:15:52 2016
GMT.

[root@ibm-x3550m3-09 ~]# 
[root@ibm-x3550m3-09 ~]# 
[root@ibm-x3550m3-09 ~]# pulp-admin rpm repo create --repo-id foo
Successfully created repository [foo]

[root@ibm-x3550m3-09 ~]# 
[root@ibm-x3550m3-09 ~]# 
[root@ibm-x3550m3-09 ~]#  pulp-admin rpm repo uploads rpm --repo-id=foo --checksum-type=sha1 -f ./cat-1.0-1.noarch.rpm
+----------------------------------------------------------------------+
                              Unit Upload
+----------------------------------------------------------------------+

Extracting necessary metadata for each request...
[==================================================] 100%
Analyzing: cat-1.0-1.noarch.rpm
... completed

Creating upload requests on the server...
[==================================================] 100%
Initializing: cat-1.0-1.noarch.rpm
... completed

Starting upload of selected units. If this process is stopped through ctrl+c,
the uploads will be paused and may be resumed later using the resume command or
canceled entirely using the cancel command.

Uploading: cat-1.0-1.noarch.rpm
[==================================================] 100%
2420/2420 bytes
... completed

Importing into the repository...
This command may be exited via ctrl+c without affecting the request.

[\]
Running...

Task Succeeded

Deleting the upload request...
... completed

[root@ibm-x3550m3-09 ~]# pulp-admin rpm repo content rpm --repo-id=foo
Arch:         noarch
Buildhost:    smqe-ws15
Checksum:     aa17e0f3346d173b38a9bdfb5e4f599a64afa061
Checksumtype: sha1
Description:  A dummy package of cat
Epoch:        0
Filename:     cat-1.0-1.noarch.rpm
License:      GPLv2
Name:         cat
Provides:     cat = 1.0-1-0
Release:      1
Requires:     
Version:      1.0

#17 Updated by semyers over 4 years ago

  • Status changed from 6 to CLOSED - CURRENTRELEASE

#19 Updated by bmbouter over 2 years ago

  • Sprint set to Sprint 1

#20 Updated by bmbouter over 2 years ago

  • Sprint/Milestone deleted (19)

#21 Updated by bmbouter over 1 year ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF