Issue #2242
closedPackage signature ID checking is broken when syncing in packages
Description
Let's say I create a repository with the following configuration:
{'_href': '/pulp/api/v2/repositories/f8d5181f-08ad-4cbd-917d-149280945ede/',
'_id': {'$oid': '57d1aba5cce18920f03ba13d'},
'_ns': 'repos',
'content_unit_counts': {},
'description': None,
'display_name': 'f8d5181f-08ad-4cbd-917d-149280945ede',
'distributors': [],
'id': 'f8d5181f-08ad-4cbd-917d-149280945ede',
'importers': [{'_href': '/pulp/api/v2/repositories/f8d5181f-08ad-4cbd-917d-149280945ede/importers/yum_importer/',
'_id': {'$oid': '57d1aba5cce18920f03ba13e'},
'_ns': 'repo_importers',
'config': {'allowed_keys': ['01234567'],
'feed': 'https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/',
'require_signature': True},
'id': 'yum_importer',
'importer_type_id': 'yum_importer',
'last_sync': None,
'repo_id': 'f8d5181f-08ad-4cbd-917d-149280945ede',
'scratchpad': None}],
'last_unit_added': None,
'last_unit_removed': None,
'locally_stored_units': 0,
'notes': {'_repo-type': 'rpm-repo'},
'scratchpad': {},
'total_repository_units': 0}
Importantly, allowed_keys
, feed
and require_signature
are all set. If I sync this repository, I should end up with the following content unit counts:
'content_unit_counts': {'erratum': 4,
'package_category': 1,
'package_group': 2,
'package_langpacks': 1},
However, here's what the repository actually looks like under Pulp 2.10.1:
{'_href': '/pulp/api/v2/repositories/f8d5181f-08ad-4cbd-917d-149280945ede/',
'_id': {'$oid': '57d1aba5cce18920f03ba13d'},
'_ns': 'repos',
'content_unit_counts': {'erratum': 4,
'package_category': 1,
'package_group': 2,
'package_langpacks': 1,
'rpm': 32},
'description': None,
'display_name': 'f8d5181f-08ad-4cbd-917d-149280945ede',
'distributors': [],
'id': 'f8d5181f-08ad-4cbd-917d-149280945ede',
'importers': [{'_href': '/pulp/api/v2/repositories/f8d5181f-08ad-4cbd-917d-149280945ede/importers/yum_importer/',
'_id': {'$oid': '57d1aba5cce18920f03ba13e'},
'_ns': 'repo_importers',
'config': {'allowed_keys': ['01234567'],
'feed': 'https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/',
'require_signature': True},
'id': 'yum_importer',
'importer_type_id': 'yum_importer',
'last_sync': '2016-09-08T18:19:32Z',
'repo_id': 'f8d5181f-08ad-4cbd-917d-149280945ede',
'scratchpad': None}],
'last_unit_added': None,
'last_unit_removed': None,
'locally_stored_units': 40,
'notes': {'_repo-type': 'rpm-repo'},
'scratchpad': {'checksum_type': 'sha256'},
'total_repository_units': 40}
As you can see, RPMs are added to the repository. This is strange, because the RPMs are signed, and output from journalctl
agrees:
Sep 08 20:19:22 example.com pulp[9122]: celery.worker.job:INFO: Task pulp.server.async.tasks._queue_reserved_task[3a3f9f26-5a20-415c-92c7-5bd855a59058] succeeded in 0.0812295569922s: None
Sep 08 20:19:22 example.com pulp[8758]: celery.worker.strategy:INFO: Received task: pulp.server.async.tasks._release_resource[0487e8f1-12e4-43f0-823b-bcd4375deda7]
Sep 08 20:19:22 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading metadata from https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/.
Sep 08 20:19:22 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): repos.fedorapeople.org
Sep 08 20:19:23 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Parsing metadata.
Sep 08 20:19:23 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading metadata from https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/.
Sep 08 20:19:23 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): repos.fedorapeople.org
Sep 08 20:19:24 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Parsing metadata.
Sep 08 20:19:24 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading metadata from https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/.
Sep 08 20:19:24 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): repos.fedorapeople.org
Sep 08 20:19:25 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Parsing metadata.
Sep 08 20:19:25 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading metadata files.
Sep 08 20:19:25 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (2): repos.fedorapeople.org
Sep 08 20:19:25 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (3): repos.fedorapeople.org
Sep 08 20:19:25 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (4): repos.fedorapeople.org
Sep 08 20:19:25 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (5): repos.fedorapeople.org
Sep 08 20:19:26 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Generating metadata databases.
Sep 08 20:19:26 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Determining which units need to be downloaded.
Sep 08 20:19:26 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading 32 RPMs.
Sep 08 20:19:26 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): repos.fedorapeople.org
Sep 08 20:19:26 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (2): repos.fedorapeople.org
Sep 08 20:19:26 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (3): repos.fedorapeople.org
Sep 08 20:19:26 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (4): repos.fedorapeople.org
Sep 08 20:19:26 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (5): repos.fedorapeople.org
Sep 08 20:19:28 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.repomd.alternate:INFO: The content container reported: {'downloads': {'___/primary/___': {'total_failed': 0, 'total_succeeded': 32}}, 'total_sources': 0} for base URL: https://repos.fedorapeople.org/pulp/pulp/fixtures/rpm/
Sep 08 20:19:28 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:WARNING: 32 packages failed signature filter and were not imported.
Sep 08 20:19:28 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Downloading additional units.
Sep 08 20:19:28 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): repos.fedorapeople.org
Sep 08 20:19:30 example.com pulp[9073]: requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS connection (1): repos.fedorapeople.org
Sep 08 20:19:32 example.com pulp[9073]: pulp_rpm.plugins.importers.yum.sync:INFO: Sync complete.
For what it's worth, tree /var/lib/pulp
shows numerous files in /var/lib/pulp/content/units
.
To reproduce this issue, provision a nightly Pulp 2.10.1 system and run python -m unittest2 pulp_smash.tests.rpm.api_v2.test_signatures_checked_for_syncs
.
This issue may be related to https://pulp.plan.io/issues/2190, but I'm not sure.
Updated by Ichimonji10 over 7 years ago
Here are the packages installed on one of the systems that exhibit this behaviour:
pulp-admin-client-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
pulp-docker-admin-extensions-2.1.1-0.1.alpha.git.9.e48c093.fc24.noarch
pulp-docker-plugins-2.1.1-0.1.alpha.git.9.e48c093.fc24.noarch
pulp-puppet-admin-extensions-2.10.1-0.1.alpha.git.25.b1e70b6.fc24.noarch
pulp-puppet-plugins-2.10.1-0.1.alpha.git.25.b1e70b6.fc24.noarch
pulp-python-admin-extensions-1.1.2-1.fc24.noarch
pulp-python-plugins-1.1.2-1.fc24.noarch
pulp-rpm-admin-extensions-2.10.1-0.1.alpha.git.11.83ec388.fc24.noarch
pulp-rpm-plugins-2.10.1-0.1.alpha.git.11.83ec388.fc24.noarch
pulp-selinux-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
pulp-server-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
python-kombu-3.0.33-6.pulp.fc24.noarch
python-pulp-bindings-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
python-pulp-client-lib-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
python-pulp-common-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
python-pulp-docker-common-2.1.1-0.1.alpha.git.9.e48c093.fc24.noarch
python-pulp-oid_validation-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
python-pulp-puppet-common-2.10.1-0.1.alpha.git.25.b1e70b6.fc24.noarch
python-pulp-python-common-1.1.2-1.fc24.noarch
python-pulp-repoauth-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
python-pulp-rpm-common-2.10.1-0.1.alpha.git.11.83ec388.fc24.noarch
python-pulp-streamer-2.10.1-0.1.alpha.git.7.da8dea2.fc24.noarch
Updated by amacdona@redhat.com over 7 years ago
- Priority changed from Normal to Urgent
- Severity changed from 2. Medium to 3. High
- Triaged changed from No to Yes
Updated by ttereshc over 7 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to ttereshc
Updated by ttereshc over 7 years ago
- Status changed from ASSIGNED to POST
Added by ttereshc over 7 years ago
Updated by ttereshc over 7 years ago
- Status changed from POST to MODIFIED
Applied in changeset 50f3fcba87f6f4713d72626ef7b181f8fe93575a.
Updated by semyers over 7 years ago
- Status changed from 5 to CLOSED - CURRENTRELEASE
Do not associate unit if it does not pass signature filter
closes #2242 https://pulp.plan.io/issues/2242