Project

Profile

Help

Issue #9205

closed

yum_distributor publish succeeds even when signing fails

Added by rmcgover about 1 year ago. Updated 8 months ago.

Status:
CLOSED - DUPLICATE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
2.21.1
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Sprint 112
Quarter:

Description

Ticket moved to GitHub: "pulp/pulpcore/2036":https://github.com/pulp/pulpcore/issues/2036


On Pulp2, if GPG signing of repo metadata is enabled per https://docs.pulpproject.org/en/2.21/plugins/pulp_rpm/tech-reference/yum-plugins.html#gpg-signing-of-repository-metadata , but signing fails for any reason, yum publish incorrectly succeeds.

This is wrong - if signing is enabled, it's a mandatory part of the publish process and failures should cause the entire publish to fail.

Steps to reproduce

  • Enable repodata signing by setting "gpg_sign_metadata": true for a repo
  • Ensure configuration is such that signing will fail (e.g. don't set up any secret key)
  • Publish repo

Actual behavior

Signing fails, but publish task for repo is marked successful, as in example:

Aug  3 23:32:40 rhsm-pulp04 pulp: pulp.plugins.util.publish_step:ERROR: [4a67d40b] (4703-09344) Finalizing failed
Aug  3 23:32:40 rhsm-pulp04 pulp: pulp.plugins.util.publish_step:ERROR: [4a67d40b] (4703-09344) Traceback (most recent call last):
Aug  3 23:32:40 rhsm-pulp04 pulp: pulp.plugins.util.publish_step:ERROR: [4a67d40b] (4703-09344)   File "/usr/lib/python2.7/site-packages/pulp/plugins/util/publish_step.py", line 265, in process
Aug  3 23:32:40 rhsm-pulp04 pulp: pulp.plugins.util.publish_step:ERROR: [4a67d40b] (4703-09344)     self.finalize()
Aug  3 23:32:40 rhsm-pulp04 pulp: pulp.plugins.util.publish_step:ERROR: [4a67d40b] (4703-09344)   File "/usr/lib/python2.7/site-packages/pulp_rpm/plugins/distributors/yum/publish.py", line 416, in finalize
Aug  3 23:32:40 rhsm-pulp04 pulp: pulp.plugins.util.publish_step:ERROR: [4a67d40b] (4703-09344)     self.parent.repomd_file_context.finalize()
Aug  3 23:32:40 rhsm-pulp04 pulp: pulp.plugins.util.publish_step:ERROR: [4a67d40b] (4703-09344)   File "/usr/lib/python2.7/site-packages/pulp_rpm/plugins/distributors/yum/metadata/repomd.py", line 49, in finalize
Aug  3 23:32:40 rhsm-pulp04 pulp: pulp.plugins.util.publish_step:ERROR: [4a67d40b] (4703-09344)     signer.sign(self.metadata_file_path)
Aug  3 23:32:40 rhsm-pulp04 pulp: pulp.plugins.util.publish_step:ERROR: [4a67d40b] (4703-09344)   File "/usr/lib/python2.7/site-packages/pulp_rpm/yum_plugin/util.py", line 327, in sign
Aug  3 23:32:40 rhsm-pulp04 pulp: pulp.plugins.util.publish_step:ERROR: [4a67d40b] (4703-09344)     stdout=stdout, stderr=stderr)
Aug  3 23:32:40 rhsm-pulp04 pulp: pulp.plugins.util.publish_step:ERROR: [4a67d40b] (4703-09344) SignerError: Return code: 2
Aug  3 23:32:41 rhsm-pulp04 pulp: celery.app.trace:INFO: [4a67d40b] Task pulp.server.managers.repo.publish.publish[4a67d40b-9a78-4e05-970b-f8851d623d0b] succeeded in 0.957519632997s: {'exception': None, 'repo_id': 'satellite-tools-6_DOT_8-for-rhel-8-x86_64-eus-rpms__8_DOT_1', 'traceback': None, 'started': datetime.datetime(2021, 8, 3, 23, 32, 40, 226116, tzinfo=<isodate.tzinfo.Utc object at 0x7f1edc27a710>), '_ns': 'repo_publish_results', 'completed': datetime.datetime(2021, 8, 3, 23, 32, 41, 155973, tzinfo=<isodate.tzinfo.Utc object at 0x7f1edc27a710>), 'error_message': None, 'distributor_type_id': 'yum_distributor', 'distributor_id': 'yum_distributor', 'summary': {'generate sqlite': 'FINISHED', 'initialize_repo_metadata': 'FINISHED', 'remove_old_repodata': 'FINISHED', 'rpms': 'FINISHED', 'modules': 'SKIPPED', 'close_repo_metadata': 'FINISHED', 'drpms': 'SKIPPED', 'comps': 'FINISHED', 'distribution': 'FINISHED', 'repoview': 'SKIPPED', 'publish_directory': 'FINISHED', 'errata': 'FINISHED', 'metadata': 'FINISHED'}, 'result': 'success', 'id': '6109d219d822f2125ffc3bcf', 'details': [{'num_processed': 1, 'items_total': 1, 'state': 'FINISHED', 'num_success': 1, 'error_details': [...], 'descript...', ...}]}

Expected behavior

Signing fails, and publish task for repo fails.

Additional info

There's code here which catches all exceptions from finalize and doesn't re-raise them or mark the task as failed: https://github.com/pulp/pulp/blob/f84198bb4cb9aaf233e8c4d9208ec7ee9df9790c/server/pulp/plugins/util/publish_step.py#L262

I've filed this as relating to signing since that's where the issue is relevant to me, but the above code seems like it could cause tasks to be incorrectly marked as successful in many other error cases as well, e.g. an I/O error when trying to close the repomd.xml file normally.

Actions #1

Updated by dalley about 1 year ago

  • Triaged changed from No to Yes
  • Sprint set to Sprint 102
Actions #2

Updated by rchan about 1 year ago

  • Sprint changed from Sprint 102 to Sprint 103
Actions #3

Updated by rchan about 1 year ago

  • Sprint changed from Sprint 103 to Sprint 104
Actions #4

Updated by rchan about 1 year ago

  • Sprint changed from Sprint 104 to Sprint 105
Actions #5

Updated by rchan about 1 year ago

  • Sprint changed from Sprint 105 to Sprint 106
Actions #6

Updated by rchan 12 months ago

  • Sprint changed from Sprint 106 to Sprint 107
Actions #7

Updated by rchan 11 months ago

  • Sprint changed from Sprint 107 to Sprint 108
Actions #8

Updated by dalley 11 months ago

  • Project changed from RPM Support to Pulp
  • Status changed from NEW to ASSIGNED
  • Assignee set to dalley
Actions #9

Updated by rchan 11 months ago

  • Sprint changed from Sprint 108 to Sprint 109
Actions #10

Updated by rchan 10 months ago

  • Sprint changed from Sprint 109 to Sprint 110
Actions #11

Updated by rchan 10 months ago

  • Sprint changed from Sprint 110 to Sprint 111
Actions #12

Updated by rchan 9 months ago

  • Sprint changed from Sprint 111 to Sprint 112
Actions #13

Updated by pulpbot 8 months ago

  • Description updated (diff)
  • Status changed from ASSIGNED to CLOSED - DUPLICATE

Also available in: Atom PDF