Project

Profile

Help

Issue #7203

The checksum in primary.xml does not match publication

Added by daviddavis 11 months ago. Updated 7 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation
Sprint:
Sprint 84
Quarter:

Description

Not sure if this is a bug or not. Steps to reproduce:

First, sync the repo https://fixtures.pulpproject.org/rpm-with-sha-1-modular/ on-demand.

Then if I publish this repo and its checksums appear to be sha256:

$ http :/pulp/api/v3/publications/rpm/rpm/19f661c0-f80f-45c7-8cce-4d50a84694fe/
HTTP/1.1 200 OK
Allow: GET, DELETE, HEAD, OPTIONS
Connection: keep-alive
Content-Length: 392
Content-Type: application/json
Date: Thu, 23 Jul 2020 20:59:36 GMT
Server: nginx/1.16.1
Vary: Accept, Cookie
X-Frame-Options: SAMEORIGIN

{
    "metadata_checksum_type": "sha256",
    "package_checksum_type": "sha256",
    "pulp_created": "2020-07-23T20:59:24.579748Z",
    "pulp_href": "/pulp/api/v3/publications/rpm/rpm/19f661c0-f80f-45c7-8cce-4d50a84694fe/",
    "repository": "/pulp/api/v3/repositories/rpm/rpm/6e1eebc1-1e9c-4874-b2cb-48a4fb73a091/",
    "repository_version": "/pulp/api/v3/repositories/rpm/rpm/6e1eebc1-1e9c-4874-b2cb-48a4fb73a091/versions/1/"
}

Then if I check the published primary.xml, the checksums are actually sha1.

Associated revisions

Revision 7105778f View on GitHub
Added by ipanova@redhat.com 8 months ago

Added documentation clarification around how checksum_types work during the Publication.

closes #7203 https://pulp.plan.io/issues/7203

History

#1 Updated by ipanova@redhat.com 11 months ago

The default value for metadata_checksum_type and package_checksum_type if not specified is sha256, so if you have not explicitly specified what checksum type it should be, repodata should have sha256. Same would have been with packages if you would not have downloaded with on_demand policy. Because only sha1 is available on the remote repo and you have downloaded with on_demand we have no way how to create sha256. If you would have downloaded with immediate, you would have sha256 in the primary.xml

This is not a bug but maybe we could use some docs that would explain these nuances.

https://github.com/pulp/pulp_rpm/pull/1655#discussion_r405529453

#2 Updated by daviddavis 11 months ago

Also, I noticed that even if I explicitly create the publication with sha256:

http :/pulp/api/v3/publications/rpm/rpm/ repository_version=/pulp/api/v3/repositories/rpm/rpm/615d4d10-cd16-40d2-ab75-dd042e77d27e/versions/1/ metadata_checksum_type=sha256 package_checksum_type=sha256

The primary.xml still ends up being sha1. I would expect an error but if we decide to document this issue, we should document this too.

#3 Updated by ttereshc 10 months ago

  • Triaged changed from No to Yes
  • Sprint set to Sprint 79

#4 Updated by rchan 10 months ago

  • Sprint changed from Sprint 79 to Sprint 80

#5 Updated by rchan 9 months ago

  • Sprint changed from Sprint 80 to Sprint 81

#6 Updated by ipanova@redhat.com 9 months ago

  • Tags Documentation added

#7 Updated by ipanova@redhat.com 9 months ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ipanova@redhat.com

#8 Updated by rchan 9 months ago

  • Sprint changed from Sprint 81 to Sprint 82

#9 Updated by rchan 8 months ago

  • Sprint changed from Sprint 82 to Sprint 83

#10 Updated by pulpbot 8 months ago

  • Status changed from ASSIGNED to POST

#11 Updated by rchan 8 months ago

  • Sprint changed from Sprint 83 to Sprint 84

#12 Updated by ipanova@redhat.com 8 months ago

  • Status changed from POST to MODIFIED

#13 Updated by dalley 7 months ago

  • Sprint/Milestone set to 3.8.0

#14 Updated by pulpbot 7 months ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF