Actions
Issue #1802
closed
Pulp 2.8 client no longer supports sha1 RPM checksum type
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
2.8.0
Platform Release:
2.8.3
OS:
RHEL 6
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Sprint 1
Quarter:
Description
After updating to Pulp 2.8.0 client from 2.7.1 through yum on RHEL6 (pulp-admin-client-2.8.0-1.el6, pulp-rpm-admin-extensions-2.8.0-1.el6) I have found I can no longer upload RPMs with a sha1 checksum type. Furthermore, there is no notification that the checksum type is ignored.
I saw that there is an issue related to checksums solved in the 2.8.1 beta so I updated to the beta (pulp-admin-client-2.8.1-0.2.rc.el6, pulp-rpm-admin-extensions-2.8.1-0.2.rc.el6), but the issue persists.
This does cause issues when using yum on older RHEL versions (e.g. RHEL5) to install packages published through pulp.
Downgrading the Pulp client back to 2.7.1 does restore this feature.
Example:
# pulp-admin rpm repo uploads rpm --repo-id=ingenico-front-dev-el6-x86_64 --checksum-type=sha1 --file=/home/esabouraud/rpmbuild/RPMS/x86_64/axisk4-libaxcore5-5.2.4-0.1.unstable.x86_64.rpm
+----------------------------------------------------------------------+
Unit Upload
+----------------------------------------------------------------------+
Extracting necessary metadata for each request...
[==================================================] 100%
Analyzing: axisk4-libaxcore5-5.2.4-0.1.unstable.x86_64.rpm
... completed
Creating upload requests on the server...
[==================================================] 100%
Initializing: axisk4-libaxcore5-5.2.4-0.1.unstable.x86_64.rpm
... completed
Starting upload of selected units. If this process is stopped through ctrl+c, the uploads will be paused and may be resumed later using the resume command or canceled entirely using the cancel command.
Uploading: axisk4-libaxcore5-5.2.4-0.1.unstable.x86_64.rpm
[==================================================] 100%
474063/474063 bytes
... completed
Importing into the repository...
This command may be exited via ctrl+c without affecting the request.
[\]
Running...
Task Succeeded
Deleting the upload request...
... completed
# pulp-admin rpm repo content rpm --repo-id=ingenico-front-dev-el6-x86_64 --match 'filename=^axisk.*unstable' --match 'checksumtype=sha256' | grep Filename
Filename: axisk4-libaxcore5-5.2.4-0.1.unstable.x86_64.rpm
# pulp-admin rpm repo content rpm --repo-id=ingenico-front-dev-el6-x86_64 --match 'filename=^axisk.*unstable' --match 'checksumtype=sha1' | grep Filename
#
Files
Related issues
Updated by mhrivnak almost 7 years ago
- Category deleted (
15) - Priority changed from Normal to High
- Platform Release set to 2.8.2
- Triaged changed from No to Yes
Updated by mhrivnak almost 7 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to mhrivnak
On Fedora 23 at least, I'm not able to reproduce.
$ pulp-admin rpm repo uploads rpm --repo-id=foo --checksum-type=sha1 -f ./zip-3.0-15.fc23.x86_64.rpm
$ pulp-admin rpm repo content rpm --repo-id=foo
Arch: x86_64
Buildhost: buildvm-03.phx2.fedoraproject.org
Checksum: d2841486a46e6f95063d3f0529c390aa92ad081b
Checksumtype: sha1
Description: The zip program is a compression and file packaging utility. Zip
is analogous to a combination of the UNIX tar and compress
commands and is compatible with PKZIP (a compression and file
packaging utility for MS-DOS systems). Install the zip package if
you need to compress files using the zip program.
Epoch: 0
Filename: zip-3.0-15.fc23.x86_64.rpm
License: BSD
Name: zip
Provides: zip = 3.0-15.fc23-0, zip(x86-64) = 3.0-15.fc23-0
Release: 15.fc23
Requires: libbz2.so.1()(64bit), libc.so.6()(64bit),
libc.so.6(GLIBC_2.14)(64bit), libc.so.6(GLIBC_2.2.5)(64bit),
libc.so.6(GLIBC_2.3)(64bit), libc.so.6(GLIBC_2.3.4)(64bit),
libc.so.6(GLIBC_2.4)(64bit), libc.so.6(GLIBC_2.7)(64bit),
rtld(GNU_HASH), unzip
Vendor: Fedora Project
Version: 3.0
Updated by mhrivnak almost 7 years ago
This also works for me on RHEL 6.7 with pulp 2.8.1-0.2.rc
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.7 (Santiago)
$ rpm -qa| grep pulp| sort
mod_wsgi-3.4-2.pulp.el6.x86_64
pulp-admin-client-2.8.1-0.2.rc.el6.noarch
pulp-docker-admin-extensions-2.0.0-1.el6.noarch
pulp-docker-plugins-2.0.0-1.el6.noarch
pulp-puppet-admin-extensions-2.8.1-0.2.rc.el6.noarch
pulp-puppet-plugins-2.8.1-0.2.rc.el6.noarch
pulp-rpm-admin-extensions-2.8.1-0.2.rc.el6.noarch
pulp-rpm-plugins-2.8.1-0.2.rc.el6.noarch
pulp-selinux-2.8.1-0.2.rc.el6.noarch
pulp-server-2.8.1-0.2.rc.el6.noarch
python-isodate-0.5.0-4.pulp.el6.noarch
python-kombu-3.0.33-4.pulp.el6.noarch
python-pulp-bindings-2.8.1-0.2.rc.el6.noarch
python-pulp-client-lib-2.8.1-0.2.rc.el6.noarch
python-pulp-common-2.8.1-0.2.rc.el6.noarch
python-pulp-docker-common-2.0.0-1.el6.noarch
python-pulp-oid_validation-2.8.1-0.2.rc.el6.noarch
python-pulp-puppet-common-2.8.1-0.2.rc.el6.noarch
python-pulp-repoauth-2.8.1-0.2.rc.el6.noarch
python-pulp-rpm-common-2.8.1-0.2.rc.el6.noarch
$ pulp-admin rpm repo create --repo-id=foo
$ pulp-admin rpm repo uploads rpm --repo-id=foo --checksum-type=sha1 -f ./cat-1.0-1.noarch.rpm
$ pulp-admin rpm repo content rpm --repo-id=foo
Arch: noarch
Buildhost: smqe-ws15
Checksum: aa17e0f3346d173b38a9bdfb5e4f599a64afa061
Checksumtype: sha1
Description: A dummy package of cat
Epoch: 0
Filename: cat-1.0-1.noarch.rpm
License: GPLv2
Name: cat
Provides: cat = 1.0-1-0
Release: 1
Requires:
Version: 1.0
Updated by mhrivnak almost 7 years ago
- Status changed from ASSIGNED to CLOSED - WORKSFORME
- Triaged changed from Yes to No
I tried setting the checksum-type on the repo to sha256 and then doing the upload, but it still worked.
I also tried syncing a repo with sha256 checksums, and then uploaded a package to that same repo using sha1. Again it worked.
I also tried uploading a package using sha256, then immediately uploading the same package to the same repo using sha1. It replaced the original, and again I was left with the sha1 unit in the repo.
I also tried uploading a package using sha256, removing it from the repo to make it an orphan, then re-uploading with sha1. That also worked as expected, leaving the sha1 unit in the repo.
If you have any other guidance on how we could reproduce this, please re-open with more info. Thanks for sending the report.
Updated by esabouraud almost 7 years ago
- File pulp27-uploadsha1rpm.txt pulp27-uploadsha1rpm.txt added
- File pulp28-uploadsha1rpm.txt pulp28-uploadsha1rpm.txt added
I am indeed able to reproduce the issue, please see the attached verbose upload logs.
This looks like a webservice parameter issue to me : checksum_type has been changed to checksumtype
2.7.1:
2016-04-06 18:21:41,640 - INFO - POST request to /pulp/api/v2/repositories/ingenico-front-dev-el6-x86_64/actions/import_upload/ with parameters {"override_config": {}, "unit_type_id": "rpm", "upload_id": "2a96d0b2-ac9b-4fab-83ea-2a09180b98e4", "unit_key": {}, "unit_metadata": {"checksum_type": "sha1"}}
2.8.1:
2016-04-06 18:26:53,233 - INFO - POST request to /pulp/api/v2/repositories/ingenico-front-dev-el6-x86_64/actions/import_upload/ with parameters {"override_config": {}, "unit_type_id": "rpm", "upload_id": "10902836-d915-4cff-a7af-df39e7d2aed6", "unit_key": {}, "unit_metadata": {"checksumtype": "sha1"}}
Updated by esabouraud almost 7 years ago
I don't see any way for me to reopen this issue, I will create a new one.
Updated by mhrivnak almost 7 years ago
- Status changed from CLOSED - WORKSFORME to NEW
- Assignee deleted (
mhrivnak) - Platform Release changed from 2.8.2 to 2.8.3
- Triaged changed from No to Yes
Updated by mhrivnak almost 7 years ago
- Has duplicate Issue #1822: Pulp 2.8 client no longer supports sha1 RPM checksum type (REOPEN #1802) added
Updated by esabouraud almost 7 years ago
As mentioned in the duplicate issue, the server version is 2.7.0-1.el6.
Updated by jortel@redhat.com almost 7 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to jortel@redhat.com
Added by jortel@redhat.com almost 7 years ago
Updated by jortel@redhat.com almost 7 years ago
- Status changed from ASSIGNED to POST
Updated by jortel@redhat.com almost 7 years ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulp_rpm:75fc16f595204395f1b234eebb3669fe1f24f323.
Updated by esabouraud almost 7 years ago
Issue fixed with pulp client 2.8.3-0.1.beta.el6
2016-04-26 14:17:48,754 - INFO - POST request to /pulp/api/v2/repositories/ingenico-front-dev-el6-x86_64/actions/import_upload/ with parameters {"override_config": {}, "unit_type_id": "rpm", "upload_id": "2494fd73-86fe-4501-88e5-1f17ea85d9f8", "unit_key": {}, "unit_metadata": {"checksum_type": "sha1"}}
Updated by pthomas@redhat.com almost 7 years ago
- Status changed from 5 to 6
verified
[root@ibm-x3550m3-09 ~]# rpm -qa pulp-server
pulp-server-2.8.3-0.2.beta.el7.noarch
[root@ibm-x3550m3-09 ~]#
[root@ibm-x3550m3-09 ~]# pulp-admin login -u admin -p admin
Successfully logged in. Session certificate will expire at May 16 15:15:52 2016
GMT.
[root@ibm-x3550m3-09 ~]#
[root@ibm-x3550m3-09 ~]#
[root@ibm-x3550m3-09 ~]# pulp-admin rpm repo create --repo-id foo
Successfully created repository [foo]
[root@ibm-x3550m3-09 ~]#
[root@ibm-x3550m3-09 ~]#
[root@ibm-x3550m3-09 ~]# pulp-admin rpm repo uploads rpm --repo-id=foo --checksum-type=sha1 -f ./cat-1.0-1.noarch.rpm
+----------------------------------------------------------------------+
Unit Upload
+----------------------------------------------------------------------+
Extracting necessary metadata for each request...
[==================================================] 100%
Analyzing: cat-1.0-1.noarch.rpm
... completed
Creating upload requests on the server...
[==================================================] 100%
Initializing: cat-1.0-1.noarch.rpm
... completed
Starting upload of selected units. If this process is stopped through ctrl+c,
the uploads will be paused and may be resumed later using the resume command or
canceled entirely using the cancel command.
Uploading: cat-1.0-1.noarch.rpm
[==================================================] 100%
2420/2420 bytes
... completed
Importing into the repository...
This command may be exited via ctrl+c without affecting the request.
[\]
Running...
Task Succeeded
Deleting the upload request...
... completed
[root@ibm-x3550m3-09 ~]# pulp-admin rpm repo content rpm --repo-id=foo
Arch: noarch
Buildhost: smqe-ws15
Checksum: aa17e0f3346d173b38a9bdfb5e4f599a64afa061
Checksumtype: sha1
Description: A dummy package of cat
Epoch: 0
Filename: cat-1.0-1.noarch.rpm
License: GPLv2
Name: cat
Provides: cat = 1.0-1-0
Release: 1
Requires:
Version: 1.0
Updated by semyers almost 7 years ago
- Status changed from 6 to CLOSED - CURRENTRELEASE
Actions
.
Restore upload checksum type property. closes #1802