Fix leaking file descriptors in streamed download

m-bucher · gerrod3 · ggainey · commit 2576269e8c44 · 2025-12-17T08:56:00.000-05:00
Fixes #7157 Co-authored-by: Gerrod <gerrodubben@gmail.com> (cherry picked from commit 4307aaa)
diff --git a/CHANGES/7157.bugfix b/CHANGES/7157.bugfix
@@ -0,0 +1 @@
+Fixed file handle leak when content app access triggers downloads due to on_demand or streamed policy.
diff --git a/pulpcore/content/handler.py b/pulpcore/content/handler.py
@@ -1334,6 +1334,12 @@ async def finalize():
                 "on-demand-downloading/#on-demand-and-streamed-limitations>"
             )
 
+        # manually close the DownloadFactory's (HTTP-)session, the next artifact-download will
+        # create a new DownloadFactory anyway because it will use a new remote-object.
+        # Leaving it open also left open file-descriptors to /dev/urandom. Most likely these FDs are
+        # held by the underlying SSL library.
+        await downloader.session.close()
+
         if save_artifact and remote.policy != Remote.STREAMED:
             content_artifacts = await asyncio.shield(
                 sync_to_async(self._save_artifact)(download_result, remote_artifact, request)

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Fixed file handle leak when content app access triggers downloads due to on_demand or streamed policy.`