Do not leak internal data into final MMD files attached to CG build.

This commit introduces KojiContentGenerator._sanitize_mmd method to: - remove `repository` and `cache` from ComponentRPM in Modulemd. - remove `mbs` section from `xmd`. This is done to not leak internal build-only information to final modulemd files.
2026-04-13 16:29:49 +08:00 · 2018-11-19 09:43:40 +01:00
parent 8adce7593b
commit 343d145180
2 changed files with 46 additions and 3 deletions
--- a/module_build_service/builder/KojiContentGenerator.py
+++ b/module_build_service/builder/KojiContentGenerator.py
@@ -41,7 +41,7 @@ from six import text_type
 import koji
 import pungi.arch

-from module_build_service import log, build_logs, Modulemd
+from module_build_service import log, build_logs, Modulemd, glib

 logging.basicConfig(level=logging.DEBUG)

@@ -567,6 +567,32 @@ class KojiContentGenerator(object):
        mmd.set_rpm_artifacts(rpm_artifacts)
        return mmd

+    def _sanitize_mmd(self, mmd):
+        """
+        Returns sanitized modulemd file.
+
+        This method mainly removes the internal only information from the
+        modulemd file which should not leak to final modulemd.
+
+        :param Modulemd mmd: Modulemd instance to sanitize.
+        :rtype: Modulemd.
+        :return: Sanitized Modulemd instance.
+        """
+        # Remove components.repository and components.cache.
+        for pkg in mmd.get_rpm_components().values():
+            if pkg.get_repository():
+                pkg.set_repository(None)
+            if pkg.get_cache():
+                pkg.set_cache(None)
+
+        # Remove 'mbs' XMD section.
+        xmd = glib.from_variant_dict(mmd.get_xmd())
+        if "mbs" in xmd:
+            del xmd["mbs"]
+            mmd.set_xmd(glib.dict_values(xmd))
+
+        return mmd
+
    def _finalize_mmd(self, arch):
        """
        Finalizes the modulemd:
@@ -576,7 +602,7 @@ class KojiContentGenerator(object):
        :rtype: str
        :return: Finalized modulemd string.
        """
-        mmd = self.module.mmd()
+        mmd = self._sanitize_mmd(self.module.mmd())
        if self.devel:
            mmd.set_name(mmd.get_name() + "-devel")

--- a/tests/test_content_generator.py
+++ b/tests/test_content_generator.py
@@ -29,7 +29,7 @@ from os import path

 import module_build_service.messaging
 import module_build_service.scheduler.handlers.repos # noqa
-from module_build_service import models, conf, build_logs, Modulemd
+from module_build_service import models, conf, build_logs, Modulemd, glib

 from mock import patch, Mock, MagicMock, call, mock_open
 import kobo.rpmlib
@@ -613,3 +613,20 @@ class TestBuild:
                "dhcp-libs-12:4.3.5-5.module_2118aef6.noarch"])
        else:
            assert set(mmd.get_rpm_artifacts().get()) == set([])
+
+    def test_sanitize_mmd(self):
+        mmd = self.cg.module.mmd()
+        component = Modulemd.ComponentRpm()
+        component.set_name("foo")
+        component.set_rationale("foo")
+        component.set_repository("http://private.tld/foo.git")
+        component.set_cache("http://private.tld/cache")
+        mmd.add_rpm_component(component)
+        mmd.set_xmd(glib.dict_values({"mbs": {"buildrequires": []}}))
+        mmd = self.cg._sanitize_mmd(mmd)
+
+        for pkg in mmd.get_rpm_components().values():
+            assert pkg.get_repository() is None
+            assert pkg.get_cache() is None
+
+        assert "mbs" not in mmd.get_xmd().keys()