From f85064a1d56e46cf469c623379fcce989bd13fba Mon Sep 17 00:00:00 2001 From: Ina Panova Date: Thu, 14 Mar 2024 17:58:11 +0100 Subject: [PATCH] Pass certs and tls config when checking for registry signature extentions API during sync closes #1552 In sync we are checking whether the remot registry implrementations signsture extentions API. We need to pass respective remote tls and certs config if they were provided, hence no need to override core's ``_make_aiohttp_session_from_remote`` and use it directly from core. We do not need to pass auth since we care only about response headers that we check. (cherry picked from commit 03c1923b2ded54874357a22412c66d89df27e150) --- CHANGES/1552.bugfix | 1 + pulp_container/app/downloaders.py | 39 ------------------------------- 2 files changed, 1 insertion(+), 39 deletions(-) create mode 100644 CHANGES/1552.bugfix diff --git a/CHANGES/1552.bugfix b/CHANGES/1552.bugfix new file mode 100644 index 000000000..3bbc34fe4 --- /dev/null +++ b/CHANGES/1552.bugfix @@ -0,0 +1 @@ +Fixed sync failure due to ignored certs during registry signature extentions API check. diff --git a/pulp_container/app/downloaders.py b/pulp_container/app/downloaders.py index bcde18e5e..d9c6fff1c 100644 --- a/pulp_container/app/downloaders.py +++ b/pulp_container/app/downloaders.py @@ -1,13 +1,11 @@ import aiohttp import asyncio import json -import ssl import re from aiohttp.client_exceptions import ClientResponseError from collections import namedtuple from logging import getLogger -from multidict import MultiDict from urllib import parse from pulpcore.plugin.download import DownloaderFactory, HttpDownloader @@ -216,43 +214,6 @@ class NoAuthDownloaderFactory(DownloaderFactory): A downloader factory without any preset auth configuration, TLS or basic auth. """ - def _make_aiohttp_session_from_remote(self): - """ - Same as DownloaderFactory._make_aiohttp_session_from_remote, excluding TLS configuration. - - Returns: - :class:`aiohttp.ClientSession` - - """ - tcp_conn_opts = {"force_close": True} - - if not self._remote.tls_validation: - sslcontext = ssl.create_default_context() - sslcontext.check_hostname = False - sslcontext.verify_mode = ssl.CERT_NONE - tcp_conn_opts["ssl_context"] = sslcontext - - headers = MultiDict({"User-Agent": NoAuthDownloaderFactory.user_agent()}) - if self._remote.headers is not None: - for header_dict in self._remote.headers: - user_agent_header = header_dict.pop("User-Agent", None) - if user_agent_header: - headers["User-Agent"] = f"{headers['User-Agent']}, {user_agent_header}" - headers.extend(header_dict) - - conn = aiohttp.TCPConnector(**tcp_conn_opts) - total = self._remote.total_timeout - sock_connect = self._remote.sock_connect_timeout - sock_read = self._remote.sock_read_timeout - connect = self._remote.connect_timeout - - timeout = aiohttp.ClientTimeout( - total=total, sock_connect=sock_connect, sock_read=sock_read, connect=connect - ) - return aiohttp.ClientSession( - connector=conn, timeout=timeout, headers=headers, requote_redirect_url=False - ) - def _http_or_https(self, download_class, url, **kwargs): """ Same as DownloaderFactory._http_or_https, excluding the basic auth credentials.