Skip to content

Commit

Permalink
Remove the ability to use checksums weaker than sha256 during publish
Browse files Browse the repository at this point in the history
closes #2488
  • Loading branch information
dralley committed Nov 7, 2023
1 parent f2b7ce1 commit 072aa63
Show file tree
Hide file tree
Showing 7 changed files with 61 additions and 28 deletions.
1 change: 1 addition & 0 deletions CHANGES/2488.removal
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Removed support for publishing repos with a checksum type of md5, sha1, or sha224
5 changes: 0 additions & 5 deletions pulp_rpm/app/constants.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,6 @@

# The same as above, but in a format that choice fields can use
CHECKSUM_CHOICES = (
(CHECKSUM_TYPES.UNKNOWN, CHECKSUM_TYPES.UNKNOWN),
(CHECKSUM_TYPES.MD5, CHECKSUM_TYPES.MD5),
(CHECKSUM_TYPES.SHA, CHECKSUM_TYPES.SHA1),
(CHECKSUM_TYPES.SHA1, CHECKSUM_TYPES.SHA1),
(CHECKSUM_TYPES.SHA224, CHECKSUM_TYPES.SHA224),
(CHECKSUM_TYPES.SHA256, CHECKSUM_TYPES.SHA256),
(CHECKSUM_TYPES.SHA384, CHECKSUM_TYPES.SHA384),
(CHECKSUM_TYPES.SHA512, CHECKSUM_TYPES.SHA512),
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Generated by Django 4.2.5 on 2023-11-07 05:26

from django.db import migrations, models


class Migration(migrations.Migration):

dependencies = [
('rpm', '0056_rpmpublication_checksum_type_and_more'),
]

operations = [
migrations.AlterField(
model_name='package',
name='checksum_type',
field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')]),
),
migrations.AlterField(
model_name='repometadatafile',
name='checksum_type',
field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')]),
),
migrations.AlterField(
model_name='rpmpublication',
name='checksum_type',
field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')]),
),
migrations.AlterField(
model_name='rpmpublication',
name='metadata_checksum_type',
field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')]),
),
migrations.AlterField(
model_name='rpmpublication',
name='package_checksum_type',
field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')]),
),
migrations.AlterField(
model_name='rpmrepository',
name='checksum_type',
field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')], null=True),
),
migrations.AlterField(
model_name='rpmrepository',
name='metadata_checksum_type',
field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')], null=True),
),
migrations.AlterField(
model_name='rpmrepository',
name='package_checksum_type',
field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')], null=True),
),
]
5 changes: 0 additions & 5 deletions pulp_rpm/tests/functional/api/test_download_content.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,6 @@ def test_all(
2. Select a random content unit in the distribution. Download that
content unit from Pulp, and verify that the content unit has the
same checksum when fetched directly from Pulp-Fixtures.
This test targets the following issues:
* `Pulp #2895 <https://pulp.plan.io/issues/2895>`_
* `Pulp Smash #872 <https://github.com/pulp/pulp-smash/issues/872>`_
"""
# Sync a Repository
repo = rpm_unsigned_repo_immediate
Expand Down
10 changes: 0 additions & 10 deletions pulp_rpm/tests/functional/api/test_download_policies.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,6 @@
from pulpcore.client.pulp_rpm import RpmRpmPublication


"""Sync a repository with different download policies.
This test targets the following issue:
`Pulp #4126 <https://pulp.plan.io/issues/4126>`_
`Pulp #4213 <https://pulp.plan.io/issues/4213>`_
`Pulp #4418 <https://pulp.plan.io/issues/4418>`_
"""


@pytest.mark.parametrize("download_policy", DOWNLOAD_POLICIES)
def test_download_policies(
download_policy,
Expand Down
12 changes: 6 additions & 6 deletions pulp_rpm/tests/functional/api/test_publish.py
Original file line number Diff line number Diff line change
Expand Up @@ -663,14 +663,14 @@ def test_on_demand_specified_metadata_and_package_checksum_type(
):
"""Sync and publish an RPM repository and verify the checksum types."""
repomd_checksum_types, primary_checksum_types = get_checksum_types(
package_checksum_type="sha224", metadata_checksum_type="sha224", policy="on_demand"
package_checksum_type="sha384", metadata_checksum_type="sha384", policy="on_demand"
)

for repomd_type, repomd_checksum_type in repomd_checksum_types.items():
assert repomd_checksum_type == "sha224"
assert repomd_checksum_type == "sha384"

for package, package_checksum_type in primary_checksum_types.items():
# since none of the packages in question have sha224 checksums, the
# since none of the packages in question have sha384 checksums, the
# checksums they do have will be used instead. In this case, sha256.
assert package_checksum_type == "sha256"

Expand Down Expand Up @@ -707,14 +707,14 @@ def test_immediate_specified_metadata_checksum_type(get_checksum_types):
def test_immediate_specified_metadata_and_package_checksum_type(get_checksum_types):
"""Sync and publish an RPM repository and verify the checksum types."""
repomd_checksum_types, primary_checksum_types = get_checksum_types(
package_checksum_type="sha224", metadata_checksum_type="sha224", policy="immediate"
package_checksum_type="sha512", metadata_checksum_type="sha512", policy="immediate"
)

for repomd_type, repomd_checksum_type in repomd_checksum_types.items():
assert repomd_checksum_type == "sha224"
assert repomd_checksum_type == "sha512"

for package, package_checksum_type in primary_checksum_types.items():
assert package_checksum_type == "sha224"
assert package_checksum_type == "sha512"


@pytest.mark.parallel
Expand Down
3 changes: 1 addition & 2 deletions pulp_rpm/tests/functional/api/test_pulp_to_pulp.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,7 @@ def test_pulp_pulp_sync(
# Create a publication.
publish_data = RpmRpmPublication(
repository=repo.pulp_href,
metadata_checksum_type="sha384",
package_checksum_type="sha224",
checksum_type="sha384",
)
publication = gen_object_with_cleanup(rpm_publication_api, publish_data)

Expand Down

0 comments on commit 072aa63

Please sign in to comment.