tmp

Author: jobselko

pulp_python/app/pypi/views.py

@@ -361,16 +361,22 @@ def retrieve(self, request, path, package):
         else:
             packages = chain([present], packages)
             name = present[2]
-        releases = (
-            {
-                "filename": f,
-                "url": urljoin(self.base_content_url, f"{path}/{f}"),
-                "sha256": s,
-                "metadata_sha256": ms,
-                "requires_python": rp,
-            }
-            for f, s, _, ms, rp in packages
-        )
+        releases = []
+        for f, s, name, ms, rp in packages:
+            import logging
+
+            logger = logging.getLogger(__name__)
+            logger.info(f"Database content: filename={f}, metadata_sha256={ms}")
+
+            releases.append(
+                {
+                    "filename": f,
+                    "url": urljoin(self.base_content_url, f"{path}/{f}"),
+                    "sha256": s,
+                    "metadata_sha256": ms,
+                    "requires_python": rp,
+                }
+            )
         media_type = request.accepted_renderer.media_type
         headers = {"X-PyPI-Last-Serial": str(PYPI_SERIAL_CONSTANT)}
 

pulp_python/app/serializers.py

@@ -322,6 +322,12 @@ def deferred_validate(self, data):
 
         data.update(_data)
 
+        # Log the final metadata_sha256 value
+        import logging
+
+        logger = logging.getLogger(__name__)
+        logger.info(f"deferred_validate final data metadata_sha256: {data.get('metadata_sha256')}")
+
         return data
 
     def retrieve(self, validated_data):

pulp_python/app/utils.py

@@ -1,7 +1,10 @@
+import hashlib
+import logging
 import pkginfo
 import re
 import shutil
 import tempfile
+import zipfile
 import json
 from collections import defaultdict
 from django.conf import settings
@@ -11,6 +14,8 @@
 from packaging.version import parse, InvalidVersion
 from pulpcore.plugin.models import Remote
 
+logger = logging.getLogger(__name__)
+
 
 PYPI_LAST_SERIAL = "X-PYPI-LAST-SERIAL"
 """TODO This serial constant is temporary until Python repositories implements serials"""
@@ -91,6 +96,9 @@ def parse_project_metadata(project):
         dictionary: of python project metadata
 
     """
+    metadata_sha256_value = project.get("metadata_sha256") or ""
+    logger.info(f"parse_project_metadata: metadata_sha256 = {metadata_sha256_value}")
+
     return {
         # Core metadata
         # Version 1.0
@@ -130,7 +138,7 @@ def parse_project_metadata(project):
         # Release metadata
         "packagetype": project.get("packagetype") or "",
         "python_version": project.get("python_version") or "",
-        "metadata_sha256": "",  # TODO
+        "metadata_sha256": metadata_sha256_value,
     }
 
 
@@ -158,9 +166,9 @@ def parse_metadata(project, version, distribution):
     package["url"] = distribution.get("url") or ""
     package["sha256"] = distribution.get("digests", {}).get("sha256") or ""
     package["python_version"] = distribution.get("python_version") or package.get("python_version")
-    package["requires_python"] = distribution.get("requires_python") or package.get(
-        "requires_python"
-    )  # noqa: E501
+    package["requires_python"] = distribution.get("requires_python") or ""  # package.get(
+    #     "requires_python"
+    # )  # noqa: E501
     package["metadata_sha256"] = distribution.get("data-dist-info-metadata", {}).get(
         "sha256"
     ) or package.get("metadata_sha256")
@@ -181,6 +189,9 @@ def get_project_metadata_from_file(filename):
     packagetype = DIST_EXTENSIONS[extensions[pkg_type_index]]
 
     metadata = DIST_TYPES[packagetype](filename)
+    computed_hash = compute_metadata_sha256(filename)
+    metadata.metadata_sha256 = computed_hash
+    logger.info(f"Set metadata.metadata_sha256 to: {computed_hash} for {filename}")
     metadata.packagetype = packagetype
     if packagetype == "sdist":
         metadata.python_version = "source"
@@ -193,6 +204,45 @@ def get_project_metadata_from_file(filename):
     return metadata
 
 
+def compute_metadata_sha256(filename: str) -> str:
+    """
+    Compute SHA256 hash of the metadata file from a Python package.
+
+    Returns SHA256 hash or empty string if metadata cannot be extracted.
+    """
+    logger.info(f"Computing metadata SHA256 for wheel: {filename}")
+
+    if not filename.endswith(".whl"):
+        logger.debug(f"File {filename} is not a wheel, skipping metadata SHA256 computation")
+        return ""
+
+    try:
+        with tempfile.NamedTemporaryFile() as temp_file:
+            with open(filename, "rb") as source:
+                shutil.copyfileobj(source, temp_file)
+                temp_file.flush()
+
+            logger.debug(f"Copied wheel to temp file: {temp_file.name}")
+
+            with zipfile.ZipFile(temp_file.name, "r") as f:
+                logger.debug(f"Wheel contains files: {f.namelist()}")
+
+                for file_path in f.namelist():
+                    if file_path.endswith(".dist-info/METADATA"):
+                        logger.info(f"Found METADATA file: {file_path}")
+                        metadata_content = f.read(file_path)
+                        hash_value = hashlib.sha256(metadata_content).hexdigest()
+                        logger.info(f"Computed metadata SHA256: {hash_value}")
+                        return hash_value
+
+                logger.warning(f"No METADATA file found in wheel {filename}")
+
+    except Exception as e:
+        logger.error(f"Error computing metadata SHA256 for {filename}: {e}")
+
+    return ""
+
+
 def artifact_to_python_content_data(filename, artifact, domain=None):
     """
     Takes the artifact/filename and returns the metadata needed to create a PythonPackageContent.
@@ -209,6 +259,10 @@ def artifact_to_python_content_data(filename, artifact, domain=None):
     data["filename"] = filename
     data["pulp_domain"] = domain or artifact.pulp_domain
     data["_pulp_domain"] = data["pulp_domain"]
+
+    logger.info(
+        f"artifact_to_python_content_data returning metadata_sha256: {data.get('metadata_sha256')}"
+    )
     return data
 
 
@@ -448,7 +502,7 @@ def write_simple_detail_json(project_name, project_packages):
                 "filename": package["filename"],
                 "url": package["url"],
                 "hashes": {"sha256": package["sha256"]},
-                "requires_python": package["requires_python"] or None,
+                "requires-python": package["requires_python"] or None,
                 # data-dist-info-metadata is deprecated alias for core-metadata
                 "data-dist-info-metadata": (
                     {"sha256": package["metadata_sha256"]} if package["metadata_sha256"] else False

pulp_python/tests/functional/api/test_pypi_simple_json_api.py

@@ -3,7 +3,13 @@
 import pytest
 import requests
 
-from pulp_python.tests.functional.constants import PYTHON_SM_PROJECT_SPECIFIER
+from pulp_python.tests.functional.constants import (
+    PYTHON_EGG_FILENAME,
+    PYTHON_EGG_URL,
+    PYTHON_SM_PROJECT_SPECIFIER,
+    PYTHON_WHEEL_FILENAME,
+    PYTHON_WHEEL_URL,
+)
 
 API_VERSION = "1.0"
 PYPI_SERIAL_CONSTANT = 1000000000
@@ -38,13 +44,21 @@ def test_simple_json_index_api(
 
 @pytest.mark.parallel
 def test_simple_json_detail_api(
-    python_remote_factory, python_repo_with_sync, python_distribution_factory
+    monitor_task,
+    python_bindings,
+    python_content_factory,
+    python_distribution_factory,
+    python_repo_factory,
 ):
-    remote = python_remote_factory(includes=PYTHON_SM_PROJECT_SPECIFIER)
-    repo = python_repo_with_sync(remote)
+    content_1 = python_content_factory(PYTHON_WHEEL_FILENAME, url=PYTHON_WHEEL_URL)
+    content_2 = python_content_factory(PYTHON_EGG_FILENAME, url=PYTHON_EGG_URL)
+    body = {"add_content_units": [content_1.pulp_href, content_2.pulp_href]}
+
+    repo = python_repo_factory()
+    monitor_task(python_bindings.RepositoriesPythonApi.modify(repo.pulp_href, body).task)
     distro = python_distribution_factory(repository=repo)
 
-    url = f'{urljoin(distro.base_url, "simple/")}aiohttp'
+    url = f'{urljoin(distro.base_url, "simple/")}shelf-reader'
     headers = {"Accept": PYPI_SIMPLE_V1_JSON}
 
     response = requests.get(url, headers=headers)
@@ -53,17 +67,32 @@ def test_simple_json_detail_api(
 
     data = response.json()
     assert data["meta"] == {"api-version": API_VERSION, "_last-serial": PYPI_SERIAL_CONSTANT}
-    assert data["name"] == "aiohttp"
+    assert data["name"] == "shelf-reader"
     assert data["files"]
-    for file in data["files"]:
-        for i in [
-            "filename",
-            "url",
-            "hashes",
-            "data-dist-info-metadata",
-            "requires_python",
-        ]:
-            assert i in file
+
+    # Check data of a wheel
+    file_whl = next(
+        (i for i in data["files"] if i["filename"] == "shelf_reader-0.1-py2-none-any.whl"), None
+    )
+    assert file_whl is not None, "wheel file not found"
+    assert file_whl["url"]
+    assert file_whl["hashes"] == {
+        "sha256": "2eceb1643c10c5e4a65970baf63bde43b79cbdac7de81dae853ce47ab05197e9"
+    }
+    assert file_whl["requires-python"] is None
+    assert file_whl["data-dist-info-metadata"] == {
+        "sha256": "ed333f0db05d77e933a157b7225b403ada9a2f93318d77b41b662eba78bac350"
+    }
+
+    # Check data of a tarball
+    file_tar = next((i for i in data["files"] if i["filename"] == "shelf-reader-0.1.tar.gz"), None)
+    assert file_tar is not None, "tar file not found"
+    assert file_tar["url"]
+    assert file_tar["hashes"] == {
+        "sha256": "04cfd8bb4f843e35d51bfdef2035109bdea831b55a57c3e6a154d14be116398c"
+    }
+    assert file_tar["requires-python"] is None
+    assert file_tar["data-dist-info-metadata"] is False
 
 
 @pytest.mark.parallel