Issue #2192
closedThe RPM rsync distributor's "root" config option isn't validated
Description
Let's say I decide to create an RPM repository with a yum importer, yum distributor and RPM rsync distributor. To do so, I might submit an HTTP POST request to /pulp/api/v2/repositories/
with the following payload:
{
"importer_type_id": "yum_importer",
"importer_config": {
"feed": "https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/"
},
"notes": {
"_repo-type": "rpm-repo"
},
"id": "4818bdb8-1fc8-44e8-8504-231466a057f1",
"distributors": [
{
"distributor_config": {
"http": true,
"relative_url": "c23ae706-d9f9-4740-aecd-4bbb2bfde953/",
"https": true
},
"distributor_id": "d2160bbe-ba12-4079-bf61-2c898337780a",
"distributor_type_id": "yum_distributor",
"auto_publish": false
},
{
"distributor_config": {
"predistributor_id": "d2160bbe-ba12-4079-bf61-2c898337780a",
"remote": {
"root": "home/a8333f9e-027",
"host": "example.com",
"ssh_user": "a8333f9e-027",
"ssh_identity_file": "/27f14dc8-3562-4065-ad1d-b5827522b5c2"
}
},
"distributor_id": "a6658d24-2bde-4f85-8afd-5dfe45d53527",
"distributor_type_id": "rpm_rsync_distributor"
}
]
}
The RPM rsync distributor's root
option must be an absolute path. However, in the example payload above, root
is a relative URL. Pulp accepts this payload anyway and will create the repository, importer and distributors.
Pulp should verify root
when processing the request. This will prevent mysterious errors from occurring later when a user decides to perform a publish. Providing immediate feedback to the user also makes the application more user-friendly.
Updated by bmbouter about 5 years ago
- Status changed from NEW to CLOSED - WONTFIX
Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.