diff --git a/.github/template_gitref b/.github/template_gitref index b5a481aa86..40dbf3c587 100644 --- a/.github/template_gitref +++ b/.github/template_gitref @@ -1 +1 @@ -2021.08.26-276-g45ce134 +2021.08.26-276-g45ce134 \ No newline at end of file diff --git a/.github/workflows/scripts/install.sh b/.github/workflows/scripts/install.sh index 82f19ad89c..e9ecbd23a0 100755 --- a/.github/workflows/scripts/install.sh +++ b/.github/workflows/scripts/install.sh @@ -66,7 +66,7 @@ VARSYAML cat >> vars/main.yaml << VARSYAML pulp_env: {} -pulp_settings: {"allowed_content_checksums": ["sha1", "sha224", "sha256", "sha384", "sha512"], "allowed_export_paths": ["/tmp"], "allowed_import_paths": ["/tmp"], "orphan_protection_time": 0} +pulp_settings: {"allowed_content_checksums": ["sha1", "sha224", "sha256", "sha512"], "allowed_export_paths": ["/tmp"], "allowed_import_paths": ["/tmp"], "orphan_protection_time": 0} pulp_scheme: https pulp_container_tag: "latest" diff --git a/CHANGES/2488.removal b/CHANGES/2488.removal new file mode 100644 index 0000000000..1b5b7984d9 --- /dev/null +++ b/CHANGES/2488.removal @@ -0,0 +1 @@ +Removed support for publishing repos with a checksum type of md5, sha1, or sha224 diff --git a/pulp_rpm/app/constants.py b/pulp_rpm/app/constants.py index bba1bb189c..3d312882e5 100644 --- a/pulp_rpm/app/constants.py +++ b/pulp_rpm/app/constants.py @@ -13,11 +13,6 @@ # The same as above, but in a format that choice fields can use CHECKSUM_CHOICES = ( - (CHECKSUM_TYPES.UNKNOWN, CHECKSUM_TYPES.UNKNOWN), - (CHECKSUM_TYPES.MD5, CHECKSUM_TYPES.MD5), - (CHECKSUM_TYPES.SHA, CHECKSUM_TYPES.SHA1), - (CHECKSUM_TYPES.SHA1, CHECKSUM_TYPES.SHA1), - (CHECKSUM_TYPES.SHA224, CHECKSUM_TYPES.SHA224), (CHECKSUM_TYPES.SHA256, CHECKSUM_TYPES.SHA256), (CHECKSUM_TYPES.SHA384, CHECKSUM_TYPES.SHA384), (CHECKSUM_TYPES.SHA512, CHECKSUM_TYPES.SHA512), diff --git a/pulp_rpm/app/migrations/0057_alter_package_checksum_type_and_more.py b/pulp_rpm/app/migrations/0057_alter_package_checksum_type_and_more.py new file mode 100644 index 0000000000..ddbfde401c --- /dev/null +++ b/pulp_rpm/app/migrations/0057_alter_package_checksum_type_and_more.py @@ -0,0 +1,53 @@ +# Generated by Django 4.2.5 on 2023-11-07 05:26 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('rpm', '0056_rpmpublication_checksum_type_and_more'), + ] + + operations = [ + migrations.AlterField( + model_name='package', + name='checksum_type', + field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')]), + ), + migrations.AlterField( + model_name='repometadatafile', + name='checksum_type', + field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')]), + ), + migrations.AlterField( + model_name='rpmpublication', + name='checksum_type', + field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')]), + ), + migrations.AlterField( + model_name='rpmpublication', + name='metadata_checksum_type', + field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')]), + ), + migrations.AlterField( + model_name='rpmpublication', + name='package_checksum_type', + field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')]), + ), + migrations.AlterField( + model_name='rpmrepository', + name='checksum_type', + field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')], null=True), + ), + migrations.AlterField( + model_name='rpmrepository', + name='metadata_checksum_type', + field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')], null=True), + ), + migrations.AlterField( + model_name='rpmrepository', + name='package_checksum_type', + field=models.TextField(choices=[('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')], null=True), + ), + ] diff --git a/pulp_rpm/app/migrations/0057_rpmpublication_checksum_type_and_more.py b/pulp_rpm/app/migrations/0058_rpmpublication_checksum_type_and_more.py similarity index 80% rename from pulp_rpm/app/migrations/0057_rpmpublication_checksum_type_and_more.py rename to pulp_rpm/app/migrations/0058_rpmpublication_checksum_type_and_more.py index 97523069a0..d64502d269 100644 --- a/pulp_rpm/app/migrations/0057_rpmpublication_checksum_type_and_more.py +++ b/pulp_rpm/app/migrations/0058_rpmpublication_checksum_type_and_more.py @@ -8,11 +8,15 @@ def set_publication_checksum(apps, schema_editor): RpmPublication = apps.get_model("rpm", "RpmPublication") RpmPublication.objects.update(checksum_type=F("metadata_checksum_type")) +def set_repository_checksum(apps, schema_editor): + RpmRepository = apps.get_model("rpm", "RpmRepository") + RpmRepository.objects.filter(metadata_checksum_type__in=["md5", "sha", "sha1", "sha224"]).update(checksum_type="sha256") + class Migration(migrations.Migration): dependencies = [ - ('rpm', '0056_remove_rpmpublication_sqlite_metadata_and_more'), + ('rpm', '0057_alter_package_checksum_type_and_more'), ] operations = [ @@ -32,4 +36,5 @@ class Migration(migrations.Migration): name='checksum_type', field=models.TextField(choices=[('unknown', 'unknown'), ('md5', 'md5'), ('sha1', 'sha1'), ('sha1', 'sha1'), ('sha224', 'sha224'), ('sha256', 'sha256'), ('sha384', 'sha384'), ('sha512', 'sha512')], null=True), ), + migrations.RunPython(set_repository_checksum), ] diff --git a/pulp_rpm/app/models/repository.py b/pulp_rpm/app/models/repository.py index 64f14380d8..eb3a2bc3d1 100644 --- a/pulp_rpm/app/models/repository.py +++ b/pulp_rpm/app/models/repository.py @@ -247,6 +247,7 @@ def on_new_version(self, version): repository_version_pk=version.pk, metadata_signing_service=self.metadata_signing_service, checksum_types={ + "general": self.checksum_type, "metadata": self.metadata_checksum_type, "package": self.package_checksum_type, "general": self.checksum_type, diff --git a/pulp_rpm/tests/functional/api/test_download_policies.py b/pulp_rpm/tests/functional/api/test_download_policies.py index 1e9b63d642..b9695b1d0b 100644 --- a/pulp_rpm/tests/functional/api/test_download_policies.py +++ b/pulp_rpm/tests/functional/api/test_download_policies.py @@ -8,16 +8,6 @@ from pulpcore.client.pulp_rpm import RpmRpmPublication -"""Sync a repository with different download policies. - -This test targets the following issue: - -`Pulp #4126 `_ -`Pulp #4213 `_ -`Pulp #4418 `_ -""" - - @pytest.mark.parametrize("download_policy", DOWNLOAD_POLICIES) def test_download_policies( download_policy, diff --git a/pulp_rpm/tests/functional/api/test_publish.py b/pulp_rpm/tests/functional/api/test_publish.py index 73a7421971..ab57d356e3 100644 --- a/pulp_rpm/tests/functional/api/test_publish.py +++ b/pulp_rpm/tests/functional/api/test_publish.py @@ -43,18 +43,18 @@ def test_publish_with_unsupported_checksum_type( Sync and try to publish an RPM repository. - Sync repository with on_demand policy - - Try to publish with 'md5' checksum type - - Publish should fail because 'md5' is not allowed + - Try to publish with 'sha384' checksum type + - Publish should fail because 'sha384' is not allowed - This test require disallowed 'MD5' checksum type from ALLOWED_CONTENT_CHECKSUMS settings. + This test require disallowed 'sha384' checksum type from ALLOWED_CONTENT_CHECKSUMS settings. """ - if "md5" in settings.ALLOWED_CONTENT_CHECKSUMS: + if "sha384" in settings.ALLOWED_CONTENT_CHECKSUMS: pytest.skip( - reason="Cannot verify the expected hasher error if the 'MD5' checksum is allowed." + reason="Cannot check for the expected error if the 'sha384' checksum is allowed." ) publish_data = RpmRpmPublication( - repository=rpm_unsigned_repo_on_demand.pulp_href, package_checksum_type="md5" + repository=rpm_unsigned_repo_on_demand.pulp_href, package_checksum_type="sha384" ) with pytest.raises(ApiException) as ctx: rpm_publication_api.create(publish_data) @@ -580,14 +580,14 @@ def test_immediate_unspecified_checksum_types(get_checksum_types): def test_on_demand_specified_package_checksum_type(get_checksum_types, delete_orphans_pre): """Sync and publish an RPM repository and verify the checksum types.""" repomd_checksum_types, primary_checksum_types = get_checksum_types( - package_checksum_type="sha384", policy="on_demand" + package_checksum_type="sha512", policy="on_demand" ) for repomd_type, repomd_checksum_type in repomd_checksum_types.items(): assert repomd_checksum_type == "sha256" for package, package_checksum_type in primary_checksum_types.items(): - # since none of the packages in question have sha384 checksums, the + # since none of the packages in question have sha512 checksums, the # checksums they do have will be used instead. In this case, sha256. assert package_checksum_type == "sha256" @@ -596,11 +596,11 @@ def test_on_demand_specified_package_checksum_type(get_checksum_types, delete_or def test_on_demand_specified_metadata_checksum_type(get_checksum_types): """Sync and publish an RPM repository and verify the checksum types.""" repomd_checksum_types, primary_checksum_types = get_checksum_types( - metadata_checksum_type="sha384", policy="on_demand" + metadata_checksum_type="sha512", policy="on_demand" ) for repomd_type, repomd_checksum_type in repomd_checksum_types.items(): - assert repomd_checksum_type == "sha384" + assert repomd_checksum_type == "sha512" for package, package_checksum_type in primary_checksum_types.items(): assert package_checksum_type == "sha256" @@ -611,14 +611,14 @@ def test_on_demand_specified_metadata_and_package_checksum_type( ): """Sync and publish an RPM repository and verify the checksum types.""" repomd_checksum_types, primary_checksum_types = get_checksum_types( - package_checksum_type="sha224", metadata_checksum_type="sha224", policy="on_demand" + package_checksum_type="sha512", metadata_checksum_type="sha512", policy="on_demand" ) for repomd_type, repomd_checksum_type in repomd_checksum_types.items(): - assert repomd_checksum_type == "sha224" + assert repomd_checksum_type == "sha512" for package, package_checksum_type in primary_checksum_types.items(): - # since none of the packages in question have sha224 checksums, the + # since none of the packages in question have sha512 checksums, the # checksums they do have will be used instead. In this case, sha256. assert package_checksum_type == "sha256" @@ -627,25 +627,25 @@ def test_on_demand_specified_metadata_and_package_checksum_type( def test_immediate_specified_package_checksum_type(get_checksum_types): """Sync and publish an RPM repository and verify the checksum types.""" repomd_checksum_types, primary_checksum_types = get_checksum_types( - package_checksum_type="sha384", policy="immediate" + package_checksum_type="sha512", policy="immediate" ) for repomd_type, repomd_checksum_type in repomd_checksum_types.items(): assert repomd_checksum_type == "sha256" for package, package_checksum_type in primary_checksum_types.items(): - assert package_checksum_type == "sha384" + assert package_checksum_type == "sha512" @pytest.mark.parallel def test_immediate_specified_metadata_checksum_type(get_checksum_types): """Sync and publish an RPM repository and verify the checksum types.""" repomd_checksum_types, primary_checksum_types = get_checksum_types( - metadata_checksum_type="sha384", policy="immediate" + metadata_checksum_type="sha512", policy="immediate" ) for repomd_type, repomd_checksum_type in repomd_checksum_types.items(): - assert repomd_checksum_type == "sha384" + assert repomd_checksum_type == "sha512" for package, package_checksum_type in primary_checksum_types.items(): assert package_checksum_type == "sha256" @@ -655,14 +655,14 @@ def test_immediate_specified_metadata_checksum_type(get_checksum_types): def test_immediate_specified_metadata_and_package_checksum_type(get_checksum_types): """Sync and publish an RPM repository and verify the checksum types.""" repomd_checksum_types, primary_checksum_types = get_checksum_types( - package_checksum_type="sha224", metadata_checksum_type="sha224", policy="immediate" + package_checksum_type="sha512", metadata_checksum_type="sha512", policy="immediate" ) for repomd_type, repomd_checksum_type in repomd_checksum_types.items(): - assert repomd_checksum_type == "sha224" + assert repomd_checksum_type == "sha512" for package, package_checksum_type in primary_checksum_types.items(): - assert package_checksum_type == "sha224" + assert package_checksum_type == "sha512" @pytest.mark.parallel diff --git a/pulp_rpm/tests/functional/api/test_pulp_to_pulp.py b/pulp_rpm/tests/functional/api/test_pulp_to_pulp.py index 5afaef2ec6..cfe2590f19 100644 --- a/pulp_rpm/tests/functional/api/test_pulp_to_pulp.py +++ b/pulp_rpm/tests/functional/api/test_pulp_to_pulp.py @@ -32,8 +32,7 @@ def test_pulp_pulp_sync( # Create a publication. publish_data = RpmRpmPublication( repository=repo.pulp_href, - metadata_checksum_type="sha384", - package_checksum_type="sha224", + checksum_type="sha512", ) publication = gen_object_with_cleanup(rpm_publication_api, publish_data) diff --git a/template_config.yml b/template_config.yml index ecc9c52506..3bf8631edb 100644 --- a/template_config.yml +++ b/template_config.yml @@ -56,7 +56,6 @@ pulp_settings: - sha1 - sha224 - sha256 - - sha384 - sha512 allowed_export_paths: - /tmp