Actions
Issue #2192
closed
The RPM rsync distributor's "root" config option isn't validated
Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
2.10.0
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:
Description
Let's say I decide to create an RPM repository with a yum importer, yum distributor and RPM rsync distributor. To do so, I might submit an HTTP POST request to /pulp/api/v2/repositories/ with the following payload:
{
"importer_type_id": "yum_importer",
"importer_config": {
"feed": "https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/"
},
"notes": {
"_repo-type": "rpm-repo"
},
"id": "4818bdb8-1fc8-44e8-8504-231466a057f1",
"distributors": [
{
"distributor_config": {
"http": true,
"relative_url": "c23ae706-d9f9-4740-aecd-4bbb2bfde953/",
"https": true
},
"distributor_id": "d2160bbe-ba12-4079-bf61-2c898337780a",
"distributor_type_id": "yum_distributor",
"auto_publish": false
},
{
"distributor_config": {
"predistributor_id": "d2160bbe-ba12-4079-bf61-2c898337780a",
"remote": {
"root": "home/a8333f9e-027",
"host": "example.com",
"ssh_user": "a8333f9e-027",
"ssh_identity_file": "/27f14dc8-3562-4065-ad1d-b5827522b5c2"
}
},
"distributor_id": "a6658d24-2bde-4f85-8afd-5dfe45d53527",
"distributor_type_id": "rpm_rsync_distributor"
}
]
}
The RPM rsync distributor's root option must be an absolute path. However, in the example payload above, root is a relative URL. Pulp accepts this payload anyway and will create the repository, importer and distributors.
Pulp should verify root when processing the request. This will prevent mysterious errors from occurring later when a user decides to perform a publish. Providing immediate feedback to the user also makes the application more user-friendly.
Actions
.