From 343d14518027e1ef8b35a929615b145e7abeb631 Mon Sep 17 00:00:00 2001 From: Jan Kaluza Date: Nov 19 2018 08:51:27 +0000 Subject: Do not leak internal data into final MMD files attached to CG build. This commit introduces KojiContentGenerator._sanitize_mmd method to: - remove `repository` and `cache` from ComponentRPM in Modulemd. - remove `mbs` section from `xmd`. This is done to not leak internal build-only information to final modulemd files. --- diff --git a/module_build_service/builder/KojiContentGenerator.py b/module_build_service/builder/KojiContentGenerator.py index 88a1c6b..887f016 100644 --- a/module_build_service/builder/KojiContentGenerator.py +++ b/module_build_service/builder/KojiContentGenerator.py @@ -41,7 +41,7 @@ from six import text_type import koji import pungi.arch -from module_build_service import log, build_logs, Modulemd +from module_build_service import log, build_logs, Modulemd, glib logging.basicConfig(level=logging.DEBUG) @@ -567,6 +567,32 @@ class KojiContentGenerator(object): mmd.set_rpm_artifacts(rpm_artifacts) return mmd + def _sanitize_mmd(self, mmd): + """ + Returns sanitized modulemd file. + + This method mainly removes the internal only information from the + modulemd file which should not leak to final modulemd. + + :param Modulemd mmd: Modulemd instance to sanitize. + :rtype: Modulemd. + :return: Sanitized Modulemd instance. + """ + # Remove components.repository and components.cache. + for pkg in mmd.get_rpm_components().values(): + if pkg.get_repository(): + pkg.set_repository(None) + if pkg.get_cache(): + pkg.set_cache(None) + + # Remove 'mbs' XMD section. + xmd = glib.from_variant_dict(mmd.get_xmd()) + if "mbs" in xmd: + del xmd["mbs"] + mmd.set_xmd(glib.dict_values(xmd)) + + return mmd + def _finalize_mmd(self, arch): """ Finalizes the modulemd: @@ -576,7 +602,7 @@ class KojiContentGenerator(object): :rtype: str :return: Finalized modulemd string. """ - mmd = self.module.mmd() + mmd = self._sanitize_mmd(self.module.mmd()) if self.devel: mmd.set_name(mmd.get_name() + "-devel") diff --git a/tests/test_content_generator.py b/tests/test_content_generator.py index 77dfb8d..7b23efe 100644 --- a/tests/test_content_generator.py +++ b/tests/test_content_generator.py @@ -29,7 +29,7 @@ from os import path import module_build_service.messaging import module_build_service.scheduler.handlers.repos # noqa -from module_build_service import models, conf, build_logs, Modulemd +from module_build_service import models, conf, build_logs, Modulemd, glib from mock import patch, Mock, MagicMock, call, mock_open import kobo.rpmlib @@ -613,3 +613,20 @@ class TestBuild: "dhcp-libs-12:4.3.5-5.module_2118aef6.noarch"]) else: assert set(mmd.get_rpm_artifacts().get()) == set([]) + + def test_sanitize_mmd(self): + mmd = self.cg.module.mmd() + component = Modulemd.ComponentRpm() + component.set_name("foo") + component.set_rationale("foo") + component.set_repository("http://private.tld/foo.git") + component.set_cache("http://private.tld/cache") + mmd.add_rpm_component(component) + mmd.set_xmd(glib.dict_values({"mbs": {"buildrequires": []}})) + mmd = self.cg._sanitize_mmd(mmd) + + for pkg in mmd.get_rpm_components().values(): + assert pkg.get_repository() is None + assert pkg.get_cache() is None + + assert "mbs" not in mmd.get_xmd().keys()