Following changes are made:
all packages will be signed when built
there is no passphrase for the generated key because piping that to gpg is too complex (requires expect)
adds 5 test functions (one negative, 4 positive)
the rpm-sign package had to be added to the Fedora docker image
-Added checks for files and resources.
-Added verifying checksum for the files to be downloaded using metalink file
-If verifying checksum fails, we will fail the discard the download.
-Added checks for resource type to:
- http
- https
- ftp
- ftps
- rsync
-We will also check the digest in below priority:
- sha256
- sha1
- md5
If sha256 is valid in metalink file, we will store sha256 to compare with the downloaded repomd.
In case sha256 is invalid, we will store sha1 and use it for validating the downloaded repomd file.
If both sha1 or sha256 is not valid, we will store md5.
In case we have only one digest present in metalink file and if thats invalid, we will not store any
digest and discard by throwing error, digest missing.
Signed-off-by: Tapas Kundu <tkundu@vmware.com>
Added metalink support for repo files.
If metalink URL is present, we will get the URL with the highest priority.
Then we concat the metalink path to the url and download the metalink file.
Once metalink file is downloaded, we parse it and downlod the repomd.xml
file and then parse the xml to download repoMD parts.
Also, we set the BaseURL for the respective repo to the URL we got from
the metalink file for further package downloads.
Signed-off-by: Tapas Kundu <tkundu@vmware.com>
- plugin event map for guidance to event items
- plugin events init, repo, repomd
- tests for plugin conf
- tests with a repomd sign and verify via plugin
In order to (hopefully) prevent future breakage, the CI has been refactored
so that TDNF is now built on both Fedora and Photon. This ensures
that TDNF remains buildable and somewhat usable on Fedora and other
similar RPM-based distributions. CI now builds the Python module to
verify that builds properly, too.
As the tests only work properly on Photon OS for now, the CI is configured
to only execute them for the Photon environment.
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
Oliver Kurth