Use createrepo_c flags to ensure we don't parse file digests

Parsing file digests changes the API, due to an accident. We've already
handled that, but we can avoid it happening in the first place and save
some memory while we're at it.

Author: dralley

CHANGES/+dont-load-file-digests.misc

@@ -0,0 +1 @@
+Set a flag during RPM parsing to ensure we don't load file digests.

pulp_rpm/app/constants.py

@@ -1,4 +1,5 @@
 from types import SimpleNamespace
+import createrepo_c as cr
 
 # metadata compression types supported
 COMPRESSION_TYPES = SimpleNamespace(
@@ -51,6 +52,8 @@
     (CHECKSUM_TYPES.SHA512, CHECKSUM_TYPES.SHA512),
 )
 
+CR_HEADER_FLAGS = cr.HDRR_NOFILEDIGESTS
+
 ALLOWED_CHECKSUM_ERROR_MSG = """Checksum must be one of the allowed checksum types.
 You can adjust these with the 'ALLOWED_CONTENT_CHECKSUMS' setting."""
 

pulp_rpm/app/serializers/package.py

@@ -21,6 +21,7 @@
 from tempfile import NamedTemporaryFile
 from pulpcore.plugin.util import get_domain_pk
 
+from pulp_rpm.app.contants import CR_HEADER_FLAGS
 from pulp_rpm.app.models import Package
 from pulp_rpm.app.shared_utils import format_nvra, read_crpackage_from_artifact
 
@@ -429,7 +430,9 @@ def validate(self, data):
         try:
             if uploaded_file:
                 cr_object = cr.package_from_rpm(
-                    uploaded_file.file.name, changelog_limit=settings.KEEP_CHANGELOG_LIMIT
+                    uploaded_file.file.name,
+                    changelog_limit=settings.KEEP_CHANGELOG_LIMIT,
+                    header_reading_flags=CR_HEADER_FLAGS,
                 )
                 new_pkg = Package.createrepo_to_dict(cr_object)
             elif upload:
@@ -446,7 +449,9 @@ def validate(self, data):
 
                 # Now we have a file, read metadata from it
                 cr_object = cr.package_from_rpm(
-                    temp_file.name, changelog_limit=settings.KEEP_CHANGELOG_LIMIT
+                    temp_file.name,
+                    changelog_limit=settings.KEEP_CHANGELOG_LIMIT,
+                    header_reading_flags=CR_HEADER_FLAGS,
                 )
                 new_pkg = Package.createrepo_to_dict(cr_object)
 

pulp_rpm/app/shared_utils.py

@@ -10,7 +10,10 @@
 from django.conf import settings
 from django.utils.dateparse import parse_datetime
 from importlib_resources import files
+
 from pulpcore.plugin.exceptions import InvalidSignatureError
+
+from pulp_rpm.app.constants import CR_HEADER_FLAGS
 from pulp_rpm.app.rpm_version import RpmVersion
 
 
@@ -97,7 +100,9 @@ def read_crpackage_from_artifact(artifact, working_dir="."):
         shutil.copyfileobj(artifact_file, temp_file)
         temp_file.flush()
         cr_pkginfo = cr.package_from_rpm(
-            temp_file.name, changelog_limit=settings.KEEP_CHANGELOG_LIMIT
+            temp_file.name,
+            changelog_limit=settings.KEEP_CHANGELOG_LIMIT,
+            header_reading_flags=CR_HEADER_FLAGS,
         )
 
     artifact_file.close()

pulp_rpm/app/tasks/signing.py

@@ -23,7 +23,6 @@
 from pulp_rpm.app.models.package import Package
 from pulp_rpm.app.models.repository import RpmRepository
 
-
 log = logging.getLogger(__name__)
 
 

pyproject.toml

@@ -26,7 +26,7 @@ classifiers = [
 ]
 requires-python = ">=3.11"
 dependencies = [
-    "createrepo_c~=1.2.1",
+    "createrepo_c~=1.2.3",
     "django_readonly_field~=1.1.1",
     "jsonschema>=4.6,<5.0",
     "libcomps>=0.1.23.post1,<0.2",