#1079 Do not leak internal data into final MMD files attached to CG build.
Merged 5 months ago by mprahl. Opened 5 months ago by jkaluza.
jkaluza/fm-orchestrator remove-mmd-infra-data  into  master

@@ -41,7 +41,7 @@ 

  import koji

  import pungi.arch

  

- from module_build_service import log, build_logs, Modulemd

+ from module_build_service import log, build_logs, Modulemd, glib

  

  logging.basicConfig(level=logging.DEBUG)

  

@@ -567,6 +567,32 @@ 

          mmd.set_rpm_artifacts(rpm_artifacts)

          return mmd

  

+     def _sanitize_mmd(self, mmd):

+         """

+         Returns sanitized modulemd file.

+ 

+         This method mainly removes the internal only information from the

+         modulemd file which should not leak to final modulemd.

+ 

+         :param Modulemd mmd: Modulemd instance to sanitize.

+         :rtype: Modulemd.

+         :return: Sanitized Modulemd instance.

+         """

+         # Remove components.repository and components.cache.

+         for pkg in mmd.get_rpm_components().values():

+             if pkg.get_repository():

+                 pkg.set_repository(None)

+             if pkg.get_cache():

+                 pkg.set_cache(None)

+ 

+         # Remove 'mbs' XMD section.

+         xmd = glib.from_variant_dict(mmd.get_xmd())

+         if "mbs" in xmd:

+             del xmd["mbs"]

+             mmd.set_xmd(glib.dict_values(xmd))

+ 

+         return mmd

+ 

      def _finalize_mmd(self, arch):

          """

          Finalizes the modulemd:

@@ -576,7 +602,7 @@ 

          :rtype: str

          :return: Finalized modulemd string.

          """

-         mmd = self.module.mmd()

+         mmd = self._sanitize_mmd(self.module.mmd())

          if self.devel:

              mmd.set_name(mmd.get_name() + "-devel")

  

@@ -29,7 +29,7 @@ 

  

  import module_build_service.messaging

  import module_build_service.scheduler.handlers.repos # noqa

- from module_build_service import models, conf, build_logs, Modulemd

+ from module_build_service import models, conf, build_logs, Modulemd, glib

  

  from mock import patch, Mock, MagicMock, call, mock_open

  import kobo.rpmlib

@@ -613,3 +613,20 @@ 

                  "dhcp-libs-12:4.3.5-5.module_2118aef6.noarch"])

          else:

              assert set(mmd.get_rpm_artifacts().get()) == set([])

+ 

+     def test_sanitize_mmd(self):

+         mmd = self.cg.module.mmd()

+         component = Modulemd.ComponentRpm()

+         component.set_name("foo")

+         component.set_rationale("foo")

+         component.set_repository("http://private.tld/foo.git")

+         component.set_cache("http://private.tld/cache")

+         mmd.add_rpm_component(component)

+         mmd.set_xmd(glib.dict_values({"mbs": {"buildrequires": []}}))

+         mmd = self.cg._sanitize_mmd(mmd)

+ 

+         for pkg in mmd.get_rpm_components().values():

+             assert pkg.get_repository() is None

+             assert pkg.get_cache() is None

+ 

+         assert "mbs" not in mmd.get_xmd().keys()

This commit introduces KojiContentGenerator._sanitize_mmd method to:
- remove repository and cache from ComponentRPM in Modulemd.
- remove mbs section from xmd.

This is done to not leak internal build-only information to final
modulemd files.

rebased onto 343d145

5 months ago

Pull-Request has been merged by mprahl

5 months ago