diff --git a/CHANGES/+dont-load-file-digests.misc b/CHANGES/+dont-load-file-digests.misc new file mode 100644 index 000000000..5fda2e7f5 --- /dev/null +++ b/CHANGES/+dont-load-file-digests.misc @@ -0,0 +1 @@ +Set a flag during RPM parsing to ensure we don't load file digests. diff --git a/pulp_rpm/app/constants.py b/pulp_rpm/app/constants.py index 2b141e8fe..9f5330135 100644 --- a/pulp_rpm/app/constants.py +++ b/pulp_rpm/app/constants.py @@ -1,4 +1,5 @@ from types import SimpleNamespace +import createrepo_c as cr # metadata compression types supported COMPRESSION_TYPES = SimpleNamespace( @@ -51,6 +52,8 @@ (CHECKSUM_TYPES.SHA512, CHECKSUM_TYPES.SHA512), ) +CR_HEADER_FLAGS = cr.HDRR_NOFILEDIGESTS + ALLOWED_CHECKSUM_ERROR_MSG = """Checksum must be one of the allowed checksum types. You can adjust these with the 'ALLOWED_CONTENT_CHECKSUMS' setting.""" diff --git a/pulp_rpm/app/serializers/package.py b/pulp_rpm/app/serializers/package.py index 124bf3bd7..04fc8a34a 100644 --- a/pulp_rpm/app/serializers/package.py +++ b/pulp_rpm/app/serializers/package.py @@ -21,6 +21,7 @@ from tempfile import NamedTemporaryFile from pulpcore.plugin.util import get_domain_pk +from pulp_rpm.app.constants import CR_HEADER_FLAGS from pulp_rpm.app.models import Package from pulp_rpm.app.shared_utils import format_nvra, read_crpackage_from_artifact @@ -429,7 +430,9 @@ def validate(self, data): try: if uploaded_file: cr_object = cr.package_from_rpm( - uploaded_file.file.name, changelog_limit=settings.KEEP_CHANGELOG_LIMIT + uploaded_file.file.name, + changelog_limit=settings.KEEP_CHANGELOG_LIMIT, + header_reading_flags=CR_HEADER_FLAGS, ) new_pkg = Package.createrepo_to_dict(cr_object) elif upload: @@ -446,7 +449,9 @@ def validate(self, data): # Now we have a file, read metadata from it cr_object = cr.package_from_rpm( - temp_file.name, changelog_limit=settings.KEEP_CHANGELOG_LIMIT + temp_file.name, + changelog_limit=settings.KEEP_CHANGELOG_LIMIT, + header_reading_flags=CR_HEADER_FLAGS, ) new_pkg = Package.createrepo_to_dict(cr_object) diff --git a/pulp_rpm/app/shared_utils.py b/pulp_rpm/app/shared_utils.py index a66648ad6..c4157de8a 100644 --- a/pulp_rpm/app/shared_utils.py +++ b/pulp_rpm/app/shared_utils.py @@ -10,7 +10,10 @@ from django.conf import settings from django.utils.dateparse import parse_datetime from importlib_resources import files + from pulpcore.plugin.exceptions import InvalidSignatureError + +from pulp_rpm.app.constants import CR_HEADER_FLAGS from pulp_rpm.app.rpm_version import RpmVersion @@ -97,7 +100,9 @@ def read_crpackage_from_artifact(artifact, working_dir="."): shutil.copyfileobj(artifact_file, temp_file) temp_file.flush() cr_pkginfo = cr.package_from_rpm( - temp_file.name, changelog_limit=settings.KEEP_CHANGELOG_LIMIT + temp_file.name, + changelog_limit=settings.KEEP_CHANGELOG_LIMIT, + header_reading_flags=CR_HEADER_FLAGS, ) artifact_file.close() diff --git a/pulp_rpm/app/tasks/signing.py b/pulp_rpm/app/tasks/signing.py index cbeeaec34..8201f8061 100644 --- a/pulp_rpm/app/tasks/signing.py +++ b/pulp_rpm/app/tasks/signing.py @@ -23,7 +23,6 @@ from pulp_rpm.app.models.package import Package from pulp_rpm.app.models.repository import RpmRepository - log = logging.getLogger(__name__) diff --git a/pyproject.toml b/pyproject.toml index f89ac6a6a..d4bb065a2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -26,7 +26,7 @@ classifiers = [ ] requires-python = ">=3.11" dependencies = [ - "createrepo_c~=1.2.1", + "createrepo_c~=1.2.3", "django_readonly_field~=1.1.1", "jsonschema>=4.6,<5.0", "libcomps>=0.1.23.post1,<0.2",