diff --git a/pulp_rpm/app/migrations/0061_rpmrepository_package_signing_service.py b/pulp_rpm/app/migrations/0061_rpmrepository_package_signing_service.py deleted file mode 100644 index 31ffe53d7..000000000 --- a/pulp_rpm/app/migrations/0061_rpmrepository_package_signing_service.py +++ /dev/null @@ -1,19 +0,0 @@ -# Generated by Django 4.2.7 on 2024-02-09 13:32 - -from django.db import migrations, models -import django.db.models.deletion - - -class Migration(migrations.Migration): - - dependencies = [ - ('rpm', '0060_rpmpackagesigningservice'), - ] - - operations = [ - migrations.AddField( - model_name='rpmrepository', - name='package_signing_service', - field=models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, to='rpm.rpmpackagesigningservice'), - ), - ] diff --git a/pulp_rpm/app/migrations/0060_rpmpackagesigningservice.py b/pulp_rpm/app/migrations/0062_rpmpackagesigningservice_and_more.py similarity index 58% rename from pulp_rpm/app/migrations/0060_rpmpackagesigningservice.py rename to pulp_rpm/app/migrations/0062_rpmpackagesigningservice_and_more.py index 5ffbfb66d..3d59fd341 100644 --- a/pulp_rpm/app/migrations/0060_rpmpackagesigningservice.py +++ b/pulp_rpm/app/migrations/0062_rpmpackagesigningservice_and_more.py @@ -1,4 +1,4 @@ -# Generated by Django 4.2.7 on 2024-02-06 20:03 +# Generated by Django 4.2.10 on 2024-04-25 16:39 from django.db import migrations, models import django.db.models.deletion @@ -6,8 +6,7 @@ class Migration(migrations.Migration): dependencies = [ - ("core", "0116_alter_remoteartifact_md5_alter_remoteartifact_sha1_and_more"), - ("rpm", "0059_rpmpublication_compression_type_and_more"), + ("rpm", "0061_fix_modulemd_defaults_digest"), ] operations = [ @@ -31,4 +30,18 @@ class Migration(migrations.Migration): }, bases=("core.signingservice",), ), + migrations.AddField( + model_name="rpmrepository", + name="package_signing_pubkey", + field=models.TextField(max_length=40, null=True), + ), + migrations.AddField( + model_name="rpmrepository", + name="package_signing_service", + field=models.ForeignKey( + null=True, + on_delete=django.db.models.deletion.SET_NULL, + to="rpm.rpmpackagesigningservice", + ), + ), ] diff --git a/pulp_rpm/app/migrations/0062_rpmrepository_package_signing_pubkey.py b/pulp_rpm/app/migrations/0062_rpmrepository_package_signing_pubkey.py deleted file mode 100644 index 99fbb4c86..000000000 --- a/pulp_rpm/app/migrations/0062_rpmrepository_package_signing_pubkey.py +++ /dev/null @@ -1,18 +0,0 @@ -# Generated by Django 4.2.10 on 2024-04-24 18:46 - -from django.db import migrations, models - - -class Migration(migrations.Migration): - - dependencies = [ - ('rpm', '0061_rpmrepository_package_signing_service'), - ] - - operations = [ - migrations.AddField( - model_name='rpmrepository', - name='package_signing_pubkey', - field=models.TextField(max_length=40, null=True), - ), - ] diff --git a/pulp_rpm/app/models/content.py b/pulp_rpm/app/models/content.py index 9bf4a4a22..366de3a6c 100644 --- a/pulp_rpm/app/models/content.py +++ b/pulp_rpm/app/models/content.py @@ -41,7 +41,7 @@ def sign( if not pubkey_fingerprint: raise ValueError("A pubkey_fingerprint must be provided.") _env_vars = env_vars or {} - _env_vars["PULP_SIGNING_KEY_FINGERPRINT"]=pubkey_fingerprint + _env_vars["PULP_SIGNING_KEY_FINGERPRINT"] = pubkey_fingerprint return super().sign(filename, _env_vars) def validate(self): diff --git a/pulp_rpm/app/serializers/package.py b/pulp_rpm/app/serializers/package.py index b826654cc..71bad563d 100644 --- a/pulp_rpm/app/serializers/package.py +++ b/pulp_rpm/app/serializers/package.py @@ -330,9 +330,33 @@ class Meta: ) model = Package + def validate(self, data): + validated_data = super().validate(data) + sign_package = validated_data.get("sign_package") + temp_uploaded_file = validated_data.get("file") + associated_repo = validated_data.get("repository") + signing_service_pk = associated_repo.package_signing_service.pk + signing_fingerprint = associated_repo.package_signing_pubkey + if sign_package is True and not temp_uploaded_file: + raise serializers.ValidationError( + _("To sign a package on upload, a file must be provided.") + ) + if not signing_service_pk and not signing_fingerprint: + raise serializers.ValidationError( + _( + "To sign a package on upload, the related Repository should have" + "both 'package_signing_service' and 'package_signing_pubkey' set." + ) + ) + validated_data["signing_service_pk"] = signing_service_pk + validated_data["signing_fingerprint"] = signing_fingerprint + return validated_data + def create(self, validated_data): # clean api-only option before creating model validated_data.pop("sign_package", None) + validated_data.pop("signing_service_pk", None) + validated_data.pop("signing_fingerprint", None) return super().create(validated_data) diff --git a/pulp_rpm/app/serializers/repository.py b/pulp_rpm/app/serializers/repository.py index 4eec1910a..65911c882 100644 --- a/pulp_rpm/app/serializers/repository.py +++ b/pulp_rpm/app/serializers/repository.py @@ -69,7 +69,7 @@ class RpmRepositorySerializer(RepositorySerializer): package_signing_pubkey = serializers.CharField( help_text=_( "The pubkey V4 fingerprint (160 bits) to be passed to the package signing service." - "The signing service will use that on package signing operations related to this repository." + "The signing service will use that on signing operations related to this repository." ), max_length=40, min_length=40, diff --git a/pulp_rpm/app/tasks/signing.py b/pulp_rpm/app/tasks/signing.py index 43dcee612..aac448565 100644 --- a/pulp_rpm/app/tasks/signing.py +++ b/pulp_rpm/app/tasks/signing.py @@ -8,7 +8,13 @@ def sign_and_create( - app_label, serializer_name, signing_service_pk, signing_fingerprint, temporary_file_pk, *args, **kwargs + app_label, + serializer_name, + signing_service_pk, + signing_fingerprint, + temporary_file_pk, + *args, + **kwargs, ): data = kwargs.pop("data", None) context = kwargs.pop("context", {}) diff --git a/pulp_rpm/app/viewsets/package.py b/pulp_rpm/app/viewsets/package.py index 2ffe05be8..da994ddb2 100644 --- a/pulp_rpm/app/viewsets/package.py +++ b/pulp_rpm/app/viewsets/package.py @@ -2,7 +2,7 @@ from drf_spectacular.utils import extend_schema from pulpcore.plugin.models import PulpTemporaryFile from pulpcore.plugin.serializers import AsyncOperationResponseSerializer -from pulpcore.plugin.tasking import dispatch, general_create +from pulpcore.plugin.tasking import dispatch from pulpcore.plugin.viewsets import ( ContentFilter, OperationPostponedResponse, @@ -78,46 +78,38 @@ class PackageViewSet(SingleArtifactContentUploadViewSet): responses={202: AsyncOperationResponseSerializer}, ) def create(self, request): + # normal case serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) + sign_package = serializer.validated_data.pop("sign_package") + if sign_package is not True: + return super().create(request) + + # signing case invariants + request.data.pop("file") + request.data.pop("sign_package") + temp_uploaded_file = serializer.validated_data.get("file") + signing_service_pk = serializer.validated_data.pop("signing_service_pk") + signing_fingerprint = serializer.validated_data.pop("signing_fingerprint") - # common task params + # dispatch signing task + pulp_temp_file = PulpTemporaryFile(file=temp_uploaded_file.temporary_file_path()) + pulp_temp_file.save() task_args = { "app_label": self.queryset.model._meta.app_label, "serializer_name": serializer.__class__.__name__, + "signing_service_pk": signing_service_pk, + "signing_fingerprint": signing_fingerprint, + "temporary_file_pk": pulp_temp_file.pk, } + task_payload = {k: v for k, v in request.data.items()} task_exclusive = [ item for item in (serializer.validated_data.get(key) for key in ("upload", "repository")) if item ] - - # handle signing, if required - sign_package = serializer.validated_data.pop("sign_package") - temp_uploaded_file = serializer.validated_data.get("file") - if sign_package is True and temp_uploaded_file: - associated_repo = serializer.validated_data.get("repository") - signing_service_pk = associated_repo.package_signing_service.pk - signing_fingerprint = associated_repo.package_signing_pubkey - if not signing_service_pk and not signing_fingerprint: - raise ValueError( - "To sign a package on upload, the related Repository should have" - "both 'package_signing_service' and 'package_signing_pubkey' set." - ) - - request.data.pop("file") - pulp_temp_file = PulpTemporaryFile(file=temp_uploaded_file.temporary_file_path()) - pulp_temp_file.save() - task_fn = rpm_tasks.signing.sign_and_create - task_args["signing_service_pk"] = signing_service_pk - task_args["signing_fingerprint"] = signing_fingerprint - task_args["temporary_file_pk"] = pulp_temp_file.pk - task_payload = {k: v for k, v in request.data.items()} - else: - task_fn = general_create - task_payload = self.init_content_data(serializer, request) task = dispatch( - task_fn, + rpm_tasks.signing.sign_and_create, exclusive_resources=task_exclusive, args=tuple(task_args.values()), kwargs={