tmp

Author: jobselko

pulp_python/app/utils.py

@@ -1,7 +1,10 @@
+import hashlib
+import logging
 import pkginfo
 import re
 import shutil
 import tempfile
+import zipfile
 import json
 from collections import defaultdict
 from django.conf import settings
@@ -11,6 +14,8 @@
 from packaging.version import parse, InvalidVersion
 from pulpcore.plugin.models import Remote
 
+logger = logging.getLogger(__name__)
+
 
 PYPI_LAST_SERIAL = "X-PYPI-LAST-SERIAL"
 """TODO This serial constant is temporary until Python repositories implements serials"""
@@ -130,7 +135,7 @@ def parse_project_metadata(project):
         # Release metadata
         "packagetype": project.get("packagetype") or "",
         "python_version": project.get("python_version") or "",
-        "metadata_sha256": "",  # TODO
+        "metadata_sha256": project.get("metadata_sha256") or "",
     }
 
 
@@ -158,9 +163,9 @@ def parse_metadata(project, version, distribution):
     package["url"] = distribution.get("url") or ""
     package["sha256"] = distribution.get("digests", {}).get("sha256") or ""
     package["python_version"] = distribution.get("python_version") or package.get("python_version")
-    package["requires_python"] = distribution.get("requires_python") or package.get(
-        "requires_python"
-    )  # noqa: E501
+    package["requires_python"] = distribution.get("requires_python") or ""  # package.get(
+    #     "requires_python"
+    # )  # noqa: E501
     package["metadata_sha256"] = distribution.get("data-dist-info-metadata", {}).get(
         "sha256"
     ) or package.get("metadata_sha256")
@@ -181,6 +186,9 @@ def get_project_metadata_from_file(filename):
     packagetype = DIST_EXTENSIONS[extensions[pkg_type_index]]
 
     metadata = DIST_TYPES[packagetype](filename)
+    computed_hash = compute_metadata_sha256(filename)
+    metadata.metadata_sha256 = computed_hash
+    logger.info(f"Set metadata.metadata_sha256 to: {computed_hash} for {filename}")
     metadata.packagetype = packagetype
     if packagetype == "sdist":
         metadata.python_version = "source"
@@ -193,6 +201,45 @@ def get_project_metadata_from_file(filename):
     return metadata
 
 
+def compute_metadata_sha256(filename: str) -> str:
+    """
+    Compute SHA256 hash of the metadata file from a Python package.
+
+    Returns SHA256 hash or empty string if metadata cannot be extracted.
+    """
+    logger.info(f"Computing metadata SHA256 for wheel: {filename}")
+
+    if not filename.endswith(".whl"):
+        logger.debug(f"File {filename} is not a wheel, skipping metadata SHA256 computation")
+        return ""
+
+    try:
+        with tempfile.NamedTemporaryFile() as temp_file:
+            with open(filename, "rb") as source:
+                shutil.copyfileobj(source, temp_file)
+                temp_file.flush()
+
+            logger.debug(f"Copied wheel to temp file: {temp_file.name}")
+
+            with zipfile.ZipFile(temp_file.name, "r") as f:
+                logger.debug(f"Wheel contains files: {f.namelist()}")
+
+                for file_path in f.namelist():
+                    if file_path.endswith(".dist-info/METADATA"):
+                        logger.info(f"Found METADATA file: {file_path}")
+                        metadata_content = f.read(file_path)
+                        hash_value = hashlib.sha256(metadata_content).hexdigest()
+                        logger.info(f"Computed metadata SHA256: {hash_value}")
+                        return hash_value
+
+                logger.warning(f"No METADATA file found in wheel {filename}")
+
+    except Exception as e:
+        logger.error(f"Error computing metadata SHA256 for {filename}: {e}")
+
+    return ""
+
+
 def artifact_to_python_content_data(filename, artifact, domain=None):
     """
     Takes the artifact/filename and returns the metadata needed to create a PythonPackageContent.
@@ -448,7 +495,7 @@ def write_simple_detail_json(project_name, project_packages):
                 "filename": package["filename"],
                 "url": package["url"],
                 "hashes": {"sha256": package["sha256"]},
-                "requires_python": package["requires_python"] or None,
+                "requires-python": package["requires_python"] or None,
                 # data-dist-info-metadata is deprecated alias for core-metadata
                 "data-dist-info-metadata": (
                     {"sha256": package["metadata_sha256"]} if package["metadata_sha256"] else False

pulp_python/tests/functional/api/test_pypi_simple_json_api.py

@@ -3,7 +3,13 @@
 import pytest
 import requests
 
-from pulp_python.tests.functional.constants import PYTHON_SM_PROJECT_SPECIFIER
+from pulp_python.tests.functional.constants import (
+    PYTHON_EGG_FILENAME,
+    PYTHON_EGG_URL,
+    PYTHON_SM_PROJECT_SPECIFIER,
+    PYTHON_WHEEL_FILENAME,
+    PYTHON_WHEEL_URL,
+)
 
 API_VERSION = "1.0"
 PYPI_SERIAL_CONSTANT = 1000000000
@@ -38,13 +44,21 @@ def test_simple_json_index_api(
 
 @pytest.mark.parallel
 def test_simple_json_detail_api(
-    python_remote_factory, python_repo_with_sync, python_distribution_factory
+    monitor_task,
+    python_bindings,
+    python_content_factory,
+    python_distribution_factory,
+    python_repo_factory,
 ):
-    remote = python_remote_factory(includes=PYTHON_SM_PROJECT_SPECIFIER)
-    repo = python_repo_with_sync(remote)
+    content_1 = python_content_factory(PYTHON_WHEEL_FILENAME, url=PYTHON_WHEEL_URL)
+    content_2 = python_content_factory(PYTHON_EGG_FILENAME, url=PYTHON_EGG_URL)
+    body = {"add_content_units": [content_1.pulp_href, content_2.pulp_href]}
+
+    repo = python_repo_factory()
+    monitor_task(python_bindings.RepositoriesPythonApi.modify(repo.pulp_href, body).task)
     distro = python_distribution_factory(repository=repo)
 
-    url = f'{urljoin(distro.base_url, "simple/")}aiohttp'
+    url = f'{urljoin(distro.base_url, "simple/")}shelf-reader'
     headers = {"Accept": PYPI_SIMPLE_V1_JSON}
 
     response = requests.get(url, headers=headers)
@@ -53,17 +67,32 @@ def test_simple_json_detail_api(
 
     data = response.json()
     assert data["meta"] == {"api-version": API_VERSION, "_last-serial": PYPI_SERIAL_CONSTANT}
-    assert data["name"] == "aiohttp"
+    assert data["name"] == "shelf-reader"
     assert data["files"]
-    for file in data["files"]:
-        for i in [
-            "filename",
-            "url",
-            "hashes",
-            "data-dist-info-metadata",
-            "requires_python",
-        ]:
-            assert i in file
+
+    # Check data of a wheel
+    file_whl = next(
+        (i for i in data["files"] if i["filename"] == "shelf_reader-0.1-py2-none-any.whl"), None
+    )
+    assert file_whl is not None, "wheel file not found"
+    assert file_whl["url"]
+    assert file_whl["hashes"] == {
+        "sha256": "2eceb1643c10c5e4a65970baf63bde43b79cbdac7de81dae853ce47ab05197e9"
+    }
+    assert file_whl["requires-python"] is None
+    assert file_whl["data-dist-info-metadata"] == {
+        "sha256": "ed333f0db05d77e933a157b7225b403ada9a2f93318d77b41b662eba78bac350"
+    }
+
+    # Check data of a tarball
+    file_tar = next((i for i in data["files"] if i["filename"] == "shelf-reader-0.1.tar.gz"), None)
+    assert file_tar is not None, "tar file not found"
+    assert file_tar["url"]
+    assert file_tar["hashes"] == {
+        "sha256": "04cfd8bb4f843e35d51bfdef2035109bdea831b55a57c3e6a154d14be116398c"
+    }
+    assert file_tar["requires-python"] is None
+    assert file_tar["data-dist-info-metadata"] is False
 
 
 @pytest.mark.parallel