mirror of
https://github.com/openSUSE/osc.git
synced 2025-01-13 01:06:15 +01:00
OBS has a fault where is sends invalid md5s
This causes downloads to come from the api, generally on noarch packages. However, in countries like australia, due to OBS' high latency, and poor bandwidth, these faults can cause downloads to take more than an hour, compared to using a local mirror which can take minutes. There is actually nothing wrong with the packages it all, OBS just sends the wrong md5. As a result, ignore the problem and complain about it, because OBS is broken here, not osc, and this wastes a lot of time.
This commit is contained in:
parent
6f45a09f3a
commit
647c4fe34d
@ -137,7 +137,10 @@ class Buildinfo:
|
||||
else:
|
||||
self.release = None
|
||||
if config['api_host_options'][apiurl]['downloadurl']:
|
||||
self.enable_cpio = False
|
||||
# Formerly, this was set to False, but we have to set it to True, because a large
|
||||
# number of repos in OBS are misconfigured and don't actually have repos setup - they
|
||||
# are API only.
|
||||
self.enable_cpio = True
|
||||
self.downloadurl = config['api_host_options'][apiurl]['downloadurl'] + "/repositories"
|
||||
if config['http_debug']:
|
||||
print("⚠️ setting dl_url to %s" % config['api_host_options'][apiurl]['downloadurl'])
|
||||
@ -1354,8 +1357,8 @@ def main(apiurl, opts, argv):
|
||||
print("Error: cannot get hdrmd5 for %s" % i.fullfilename)
|
||||
sys.exit(1)
|
||||
if hdrmd5 != i.hdrmd5:
|
||||
print("Error: hdrmd5 mismatch for %s: %s != %s" % (i.fullfilename, hdrmd5, i.hdrmd5))
|
||||
sys.exit(1)
|
||||
print("WARNING: OBS BUG hdrmd5 mismatch for %s: %s != %s" % (i.fullfilename, hdrmd5, i.hdrmd5))
|
||||
# sys.exit(1)
|
||||
|
||||
print('Writing build configuration')
|
||||
|
||||
|
14
osc/fetch.py
14
osc/fetch.py
@ -257,13 +257,17 @@ class Fetcher:
|
||||
else:
|
||||
# if the checksum of the downloaded package doesn't match,
|
||||
# delete it and mark it for downloading from the API
|
||||
#
|
||||
# wbrown 2022 - is there a reason to keep these md5's at all? md5 is
|
||||
# broken from a security POV so these aren't a trusted source for validation
|
||||
# of the file content. They are often incorrect forcing download via the API
|
||||
# which for anyone outside the EU is excruciating. And when they are ignored
|
||||
# builds work and progress anyway? So what do they even do? What are they
|
||||
# for? They should just be removed.
|
||||
hdrmd5 = packagequery.PackageQuery.queryhdrmd5(i.fullfilename)
|
||||
if not hdrmd5 or hdrmd5 != i.hdrmd5:
|
||||
print('%s/%s: attempting download from api, since the hdrmd5 did not match - %s != %s'
|
||||
% (i.project, i.name, hdrmd5, i.hdrmd5))
|
||||
os.unlink(i.fullfilename)
|
||||
self.__add_cpio(i)
|
||||
|
||||
print('%s/%s: allowing invalid file, probably an OBS bug - hdrmd5 did not match - %s != %s'
|
||||
% (i.project, i.name, hdrmd5, i.hdrmd5))
|
||||
except KeyboardInterrupt:
|
||||
print('Cancelled by user (ctrl-c)')
|
||||
print('Exiting.')
|
||||
|
Loading…
Reference in New Issue
Block a user