The repo auth code uses a regex to substitute yum variables in the entitlement oid path. The reg ex used is: oid_re = re.sub(r'\$[^/]+/', '[^/]+/', oid_url.strip('/')) The idea is to substitute any occurrences of $basearch, $releasever, or some other yum variable with '[^/]+/' before we compare the oid to the requested url. However, the first argument to re.sub requires that the substitution pattern end with a /. So, if you have an oid like repos/pulp/pulp/fedora-14/$basearch, it will not get substituted correctly. We end up comparing the oid with the literal '$basearch' in it to the requested url, which of course will never match.
Changing the afore mentioned line to: oid_re = re.sub(r'\$[^/]+(/|$)', '[^/]+/', oid_url.strip('/')) seems to do the trick. At the end of the first argument, instead of +/, there is +(/|$), which means the substitution pattern can either end in a /, or be the end of the line.
committed to pulp master 0f218c8421418dd6892cc82d7040bf0089e37bc0 cherry picked to rhui branch
build: 0.270
verified [root@pulp-v1-1-server ~]# rpm -q pulp pulp-1.1.4-1.fc16.noarch [root@pulp-v1-1-server ~]# [root@pulp-v1-1-server ~]# cat /usr/lib/python2.7/site-packages/pulp/repo_auth/oid_validation.py |grep oid oid_url = extensions[e] if self._validate_url(oid_url, repo_dest): def _is_download_url_ext(self, ext_oid): @param ext_oid: OID being tested; cannot be None @type ext_oid: a certificiate.OID object result = ext_oid.match('1.3.6.1.4.1.2312.9.2.') and ext_oid.match('.1.6') def _validate_url(self, oid_url, dest): # equivalent regular expressions in oid_url. oid_re = re.sub(r'\$[^/]+/', '[^/]+/', oid_url.strip('/')) return re.match(oid_re, dest) is not None [root@pulp-v1-1-server ~]#
Pulp v1.1 Release