Bug 1023335 - [RFE] pulp allows corrupt rpms to be pushed into repos
Summary: [RFE] pulp allows corrupt rpms to be pushed into repos
Alias: None
Product: Pulp
Classification: Retired
Component: rpm-support
Version: 2.2
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: pulp-bugs
QA Contact: pulp-qe-list
: 1029085 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2013-10-25 08:27 UTC by Petter Hassberg
Modified: 2019-04-16 14:05 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2015-02-19 01:12:09 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Pulp Redmine 211 None None None Never

Description Petter Hassberg 2013-10-25 08:27:32 UTC
Description of problem:
I create a repo, and push to it a corrupt rpm, which won't install.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

1. locate a corrupt rpm:
rpm -K /tmp/corruptrpm-1.0-1.noarch.rpm: RSA sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: (MD5) PGP#f44e7eb7)

2. pulp-admin rpm repo create --repo-id test-repo2 --relative-url test-repo2

3. pulp-admin rpm repo uploads rpm -f /tmp/corruptrpm-1.0-1.noarch.rpm --repo-id=test-repo2
                              Unit Upload

Extracting necessary metadata for each request...
[==================================================] 100%
Analyzing: corruptrpm-1.0-1.noarch.rpm
... completed

Creating upload requests on the server...
[==================================================] 100%
Initializing: corruptrpm-1.0-1.noarch.rpm
... completed

Starting upload of selected units. If this process is stopped through ctrl+c,
the uploads will be paused and may be resumed later using the resume command or
cancelled entirely using the cancel command.

Uploading: corruptrpm-1.0-1.noarch.rpm
[==================================================] 100%
2729160/2729160 bytes
... completed

Importing into the repository...
... completed

Deleting the upload request...
... completed

Actual results:

Corrult rpm successfully pushed into pulp.

Expected results:

rpm upload should fail due to incorrect checksum

Additional info:

Comment 1 Petter Hassberg 2013-10-25 08:49:45 UTC
this was not a corrupt rpm after all.

Comment 2 Petter Hassberg 2013-11-11 14:49:22 UTC
This also is applicable with actual corrupt rpm:s with sha1sum mismatch,.

Comment 3 Sayli Karmarkar 2013-11-13 16:56:04 UTC
*** Bug 1029085 has been marked as a duplicate of this bug. ***

Comment 4 Brian Bouterse 2015-02-19 01:12:09 UTC
Moved to https://pulp.plan.io/issues/211

Note You need to log in before you can comment on or make changes to this bug.