Project

General

Profile

Bug #22780

It is possible to upload duplicate (nevra) packages per repository

Added by Daniel Kimsey over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Repositories
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Currently (1.15.2/3.4.2) it is possible to upload a package with a duplicate nevra, but differing digest. The package is uploaded successfully and it is difficult to determine which instance of the package is which.

This can cause issues in CI tools (or general user oops) in that duplicate packages can be uploaded. Not to mention I have no idea how Yum will handle this (likely poorly, I did not verify however pulp issue suggests so). I was able to remove the offending package, but I had to drop to the api and "guess" which was the correct one (the older package id). Pulp has an outstanding issue 213 that mentions this.

My request is that for now, the api default denies attempts to duplicate NEVRA uploads for a given repository. Maybe adding a force or overwrite flag if appropriate.

Related IRC discussion on the matter.

History

#1 Updated by John Mitsch over 1 year ago

  • Legacy Backlogs Release (now unused) set to 114

Also available in: Atom PDF