1
0
mirror of https://github.com/openSUSE/osc.git synced 2025-01-13 01:06:15 +01:00

OBS has a fault where is sends invalid md5s

This causes downloads to come from the api, generally on noarch packages.
However, in countries like australia, due to OBS' high latency, and poor
bandwidth, these faults can cause downloads to take more than an hour, compared
to using a local mirror which can take minutes. There is actually nothing
wrong with the packages it all, OBS just sends the wrong md5.

As a result, ignore the problem and complain about it, because OBS is broken
here, not osc, and this wastes a lot of time.
This commit is contained in:
William Brown 2022-06-21 10:20:50 +10:00
parent 6f45a09f3a
commit 647c4fe34d
2 changed files with 15 additions and 8 deletions

View File

@ -137,7 +137,10 @@ class Buildinfo:
else:
self.release = None
if config['api_host_options'][apiurl]['downloadurl']:
self.enable_cpio = False
# Formerly, this was set to False, but we have to set it to True, because a large
# number of repos in OBS are misconfigured and don't actually have repos setup - they
# are API only.
self.enable_cpio = True
self.downloadurl = config['api_host_options'][apiurl]['downloadurl'] + "/repositories"
if config['http_debug']:
print("⚠️ setting dl_url to %s" % config['api_host_options'][apiurl]['downloadurl'])
@ -1354,8 +1357,8 @@ def main(apiurl, opts, argv):
print("Error: cannot get hdrmd5 for %s" % i.fullfilename)
sys.exit(1)
if hdrmd5 != i.hdrmd5:
print("Error: hdrmd5 mismatch for %s: %s != %s" % (i.fullfilename, hdrmd5, i.hdrmd5))
sys.exit(1)
print("WARNING: OBS BUG hdrmd5 mismatch for %s: %s != %s" % (i.fullfilename, hdrmd5, i.hdrmd5))
# sys.exit(1)
print('Writing build configuration')

View File

@ -257,13 +257,17 @@ class Fetcher:
else:
# if the checksum of the downloaded package doesn't match,
# delete it and mark it for downloading from the API
#
# wbrown 2022 - is there a reason to keep these md5's at all? md5 is
# broken from a security POV so these aren't a trusted source for validation
# of the file content. They are often incorrect forcing download via the API
# which for anyone outside the EU is excruciating. And when they are ignored
# builds work and progress anyway? So what do they even do? What are they
# for? They should just be removed.
hdrmd5 = packagequery.PackageQuery.queryhdrmd5(i.fullfilename)
if not hdrmd5 or hdrmd5 != i.hdrmd5:
print('%s/%s: attempting download from api, since the hdrmd5 did not match - %s != %s'
print('%s/%s: allowing invalid file, probably an OBS bug - hdrmd5 did not match - %s != %s'
% (i.project, i.name, hdrmd5, i.hdrmd5))
os.unlink(i.fullfilename)
self.__add_cpio(i)
except KeyboardInterrupt:
print('Cancelled by user (ctrl-c)')
print('Exiting.')