Issue #2242: Package signature ID checking is broken when syncing in packages - RPM Support - Pulp

Actions

Send by e-mail Copy link

Issue #2242

closed

Package signature ID checking is broken when syncing in packages

Added by Ichimonji10 over 7 years ago. Updated about 5 years ago.

Status:

CLOSED - CURRENTRELEASE

Priority:

Urgent

Assignee:

ttereshc

Sprint/Milestone:

Start date:

Due date:

Estimated time:

Severity:

3. High

Version:

Master

Platform Release:

2.10.1

OS:

Triaged:

Yes

Groomed:

Sprint Candidate:

Tags:

Pulp 2

Sprint:

Sprint 8

Quarter:

Description

Let's say I create a repository with the following configuration:

{'_href': '/pulp/api/v2/repositories/f8d5181f-08ad-4cbd-917d-149280945ede/',
 '_id': {'$oid': '57d1aba5cce18920f03ba13d'},
 '_ns': 'repos',
 'content_unit_counts': {},
 'description': None,
 'display_name': 'f8d5181f-08ad-4cbd-917d-149280945ede',
 'distributors': [],
 'id': 'f8d5181f-08ad-4cbd-917d-149280945ede',
 'importers': [{'_href': '/pulp/api/v2/repositories/f8d5181f-08ad-4cbd-917d-149280945ede/importers/yum_importer/',
                '_id': {'$oid': '57d1aba5cce18920f03ba13e'},
                '_ns': 'repo_importers',
                'config': {'allowed_keys': ['01234567'],
                           'feed': 'https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/',
                           'require_signature': True},
                'id': 'yum_importer',
                'importer_type_id': 'yum_importer',
                'last_sync': None,
                'repo_id': 'f8d5181f-08ad-4cbd-917d-149280945ede',
                'scratchpad': None}],
 'last_unit_added': None,
 'last_unit_removed': None,
 'locally_stored_units': 0,
 'notes': {'_repo-type': 'rpm-repo'},
 'scratchpad': {},
 'total_repository_units': 0}

Importantly, allowed_keys, feed and require_signature are all set. If I sync this repository, I should end up with the following content unit counts:

 'content_unit_counts': {'erratum': 4,
                         'package_category': 1,
                         'package_group': 2,
                         'package_langpacks': 1},

However, here's what the repository actually looks like under Pulp 2.10.1:

{'_href': '/pulp/api/v2/repositories/f8d5181f-08ad-4cbd-917d-149280945ede/',
 '_id': {'$oid': '57d1aba5cce18920f03ba13d'},
 '_ns': 'repos',
 'content_unit_counts': {'erratum': 4,
                         'package_category': 1,
                         'package_group': 2,
                         'package_langpacks': 1,
                         'rpm': 32},
 'description': None,
 'display_name': 'f8d5181f-08ad-4cbd-917d-149280945ede',
 'distributors': [],
 'id': 'f8d5181f-08ad-4cbd-917d-149280945ede',
 'importers': [{'_href': '/pulp/api/v2/repositories/f8d5181f-08ad-4cbd-917d-149280945ede/importers/yum_importer/',
                '_id': {'$oid': '57d1aba5cce18920f03ba13e'},
                '_ns': 'repo_importers',
                'config': {'allowed_keys': ['01234567'],
                           'feed': 'https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/',
                           'require_signature': True},
                'id': 'yum_importer',
                'importer_type_id': 'yum_importer',
                'last_sync': '2016-09-08T18:19:32Z',
                'repo_id': 'f8d5181f-08ad-4cbd-917d-149280945ede',
                'scratchpad': None}],
 'last_unit_added': None,
 'last_unit_removed': None,
 'locally_stored_units': 40,
 'notes': {'_repo-type': 'rpm-repo'},
 'scratchpad': {'checksum_type': 'sha256'},
 'total_repository_units': 40}

As you can see, RPMs are added to the repository. This is strange, because the RPMs are signed, and output from journalctl agrees:

Sep 08 20:19:22 example.com pulp[9122]: celery.worker.job:INFO: Task pulp.server.async.tasks._queue_reserved_task[3a3f9f26-5a20-415c-92c7-5bd855a59058] succeeded in 0.0812295569922s: None
Sep 08 20:19:22 example.com pulp[8758]: celery.worker.strategy:INFO: Received task: pulp.server.async.tasks._release_resource[0487e8f1-12e4-43f0-823b-bcd4375deda7]
Sep 08 20:19:22 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading metadata from https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/.
Sep 08 20:19:22 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): repos.fedorapeople.org
Sep 08 20:19:23 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Parsing metadata.
Sep 08 20:19:23 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading metadata from https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/.
Sep 08 20:19:23 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): repos.fedorapeople.org
Sep 08 20:19:24 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Parsing metadata.
Sep 08 20:19:24 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading metadata from https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/.
Sep 08 20:19:24 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): repos.fedorapeople.org
Sep 08 20:19:25 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Parsing metadata.
Sep 08 20:19:25 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading metadata files.
Sep 08 20:19:25 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (2): repos.fedorapeople.org
Sep 08 20:19:25 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (3): repos.fedorapeople.org
Sep 08 20:19:25 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (4): repos.fedorapeople.org
Sep 08 20:19:25 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (5): repos.fedorapeople.org
Sep 08 20:19:26 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Generating metadata databases.
Sep 08 20:19:26 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Determining which units need to be downloaded.
Sep 08 20:19:26 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading 32 RPMs.
Sep 08 20:19:26 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): repos.fedorapeople.org
Sep 08 20:19:26 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (2): repos.fedorapeople.org
Sep 08 20:19:26 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (3): repos.fedorapeople.org
Sep 08 20:19:26 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (4): repos.fedorapeople.org
Sep 08 20:19:26 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (5): repos.fedorapeople.org
Sep 08 20:19:28 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.repomd.alternate:INFO: The content container reported: {'downloads': {'___/primary/___': {'total_failed': 0, 'total_succeeded': 32}}, 'total_sources': 0} for base URL: https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/
Sep 08 20:19:28 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:WARNING: 32 packages failed signature filter and were not imported.
Sep 08 20:19:28 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading additional units.
Sep 08 20:19:28 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): repos.fedorapeople.org
Sep 08 20:19:30 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): repos.fedorapeople.org
Sep 08 20:19:32 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Sync complete.

For what it's worth, tree /var/lib/pulp shows numerous files in /var/lib/pulp/content/units.

To reproduce this issue, provision a nightly Pulp 2.10.1 system and run python -m unittest2 pulp_smash.tests.rpm.api_v2.test_signatures_checked_for_syncs.

This issue may be related to https://pulp.plan.io/issues/2190, but I'm not sure.

Actions

Copy link

Updated by Ichimonji10 over 7 years ago

Here are the packages installed on one of the systems that exhibit this behaviour:

pulp-admin-client-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
pulp-docker-admin-extensions-2.1.1-0.1.alpha.git.9.e48c093.fc24.noarch
pulp-docker-plugins-2.1.1-0.1.alpha.git.9.e48c093.fc24.noarch
pulp-puppet-admin-extensions-2.10.1-0.1.alpha.git.25.b1e70b6.fc24.noarch
pulp-puppet-plugins-2.10.1-0.1.alpha.git.25.b1e70b6.fc24.noarch
pulp-python-admin-extensions-1.1.2-1.fc24.noarch
pulp-python-plugins-1.1.2-1.fc24.noarch
pulp-rpm-admin-extensions-2.10.1-0.1.alpha.git.11.83ec388.fc24.noarch
pulp-rpm-plugins-2.10.1-0.1.alpha.git.11.83ec388.fc24.noarch
pulp-selinux-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
pulp-server-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
python-kombu-3.0.33-6.pulp.fc24.noarch
python-pulp-bindings-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
python-pulp-client-lib-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
python-pulp-common-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
python-pulp-docker-common-2.1.1-0.1.alpha.git.9.e48c093.fc24.noarch
python-pulp-oid_validation-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
python-pulp-puppet-common-2.10.1-0.1.alpha.git.25.b1e70b6.fc24.noarch
python-pulp-python-common-1.1.2-1.fc24.noarch
python-pulp-repoauth-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
python-pulp-rpm-common-2.10.1-0.1.alpha.git.11.83ec388.fc24.noarch
python-pulp-streamer-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch

Actions

Copy link