Pulp Fixtures is a collection of raw fixture data, scripts for compiling that data into a useful format, and make targets for controlling the whole mess.
Note that the latest version of these fixtures are available as hosted fixtures.
Why does Pulp Fixtures exist? It exists so that the fixture data used by Pulp Smash can easily be recreated, and can be altered in a controlled way. Pulp Smash does not directly make use of Pulp Fixtures. Instead:
- A user clones the Pulp Fixtures repository. The "user" could be a human, or a bot like Jenkins.
- The user compiles the fixture data they want.
- The user uploads that fixture data to an HTTP server.
- The user ensures that their Pulp Smash installation is configured to use the uploaded fixture data. See pulp_smash.constants.
For exact usage instructions, clone this repository and run make help.
You can run these fixtures locally using a container. We host the container images at both quay and docker hub:
podman run -d --rm -p 8000:8080 docker.io/pulp/pulp-fixtures:latest
podman run -d --rm -p 8000:8080 quay.io/pulp/pulp-fixtures:latestOr with docker:
docker run -d --rm -p 8000:8080 docker.io/pulp/pulp-fixtures:latest
docker run -d --rm -p 8000:8080 quay.io/pulp/pulp-fixtures:latestYou can also build and run the pulp fixtures container locally with podman/buildah:
buildah bud -f Containerfile -t pulp/pulp-fixtures .
podman run -d -p 8000:8080 pulp/pulp-fixturesOr you can use docker:
docker build -f Containerfile -t pulp/pulp-fixtures .
docker run -d -p 8000:8080 pulp/pulp-fixturesBy default the base url is http://localhost:8000. If you want to change this, run:
podman run -d -e BASE_URL=http://pulp-fixtures:8080 pulp/pulp-fixturesMost make targets are implemented as bash scripts. Bash 4.4 or newer is required. In addition, exotic dependencies are listed below, according to make target. Common dependencies like fmt, patch and realpath are omitted.
Some RPM, SRPM and DRPM fixtures are signed with an OpenPGP-compatible keypair. See make help.
Warning
The private key used to sign RPM, SRPM and DRPM files is publicly available. The signatures on these files afford absolutely no security. The signatures are present only for testing purposes.
helpNo exotic dependencies are needed.
lintSee
lint-pylintandlint-shellcheck.lint-pylintThe
pylintexecutable must be available.lint-shellcheckThe
shellcheckexecutable must be available.cleanNo exotic dependencies are needed.
fixtures/debianThe
gnupg,equivs, andreprepropackages must be installed.fixtures/debian-invalidDepends on the
fixtures/debiantarget.fixtures/dockerThe
dockerexecutable must be available.Ensure the service is running and usable by the current user. This may require adding the current user to an appropriate group and reloading permissions, with a command such as
gpasswd --add $(id -u) docker && newgrp.fixtures/fileNo exotic dependencies are needed.
fixtures/file2No exotic dependencies are needed.
fixtures/file-invalidNo exotic dependencies are needed.
fixtures/file-largeNo exotic dependencies are needed.
fixtures/file-manyNo exotic dependencies are needed.
fixtures/file-perfNo exotic dependencies are needed.
fixtures/file-dl-forwardNo exotic dependencies are needed.
fixtures/file-dl-reverseNo exotic dependencies are needed.
fixtures/file-mixedSee
fixtures/file.fixtures/ostreeThe
ostreeexecutable must be available.fixtures/python-pypiThe
jq,jinja2andpython3executables must be available.fixtures/rpm-alt-layoutSee
fixtures/rpm-unsigned.fixtures/rpm-incomplete-filelistsSee
fixtures/rpm-unsigned.fixtures/rpm-incomplete-otherSee
fixtures/rpm-unsigned.fixtures/rpm-invalid-rpmNo exotic dependencies are needed.
fixtures/rpm-invalid-updateinfoSee
fixtures/rpm-unsigned.fixtures/rpm-string-version-updateinfoSee
fixtures/rpm-unsigned.fixtures/rpm-long-updateinfoSee
fixtures/rpm-unsigned.fixtures/rpm-mirrorlist-badNo exotic dependencies are needed.
Note
There is no known specification (syntax, naming, etc) of mirrorlist files. These files are modeled on CentOS mirrorlists. See: http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os. For an example of an alternate implementation, see: https://www.archlinux.org/mirrorlist/. As a result, this target may exhibit erroneous behaviour.
fixtures/rpm-mirrorlist-goodSee
fixtures/rpm-mirrorlist-bad.fixtures/rpm-mirrorlist-mixedSee
fixtures/rpm-mirrorlist-bad.fixtures/rpm-missing-filelistsSee
fixtures/rpm-unsigned.fixtures/rpm-missing-otherSee
fixtures/rpm-unsigned.fixtures/rpm-missing-primarySee
fixtures/rpm-unsigned.fixtures/rpm-modularThe
createrepo_candmodifyrepo_cexecutables must be available.Note
All packages and metadata (modules, defaults, obsoletes and advisories) are taken and combined from dnf-ci-fedora-modular, dnf-ci-thirdparty-modular, dnf-ci-fedora-modular-updates and dnf-ci-obsoletes repositories found here.
updateinfo.xmlwas updated with modules and packages names and version to not need more binary data.fixtures/rpm-pkglists-updateinfoSee
fixtures/rpm-unsigned.fixtures/rpm-references-updateinfoSee
fixtures/rpm-unsigned.fixtures/rpm-richnweak-depsThe
createrepo_cexecutable must be available.fixtures/rpm-signedThe
createrepo_c,modifyrepo_candrpmsignexecutables must be available.fixtures/rpm-unsignedThe
createrepo_candmodifyrepo_cexecutables must be available.fixtures/rpm-updated-updateinfoSee
fixtures/rpm-unsigned.fixtures/rpm-with-modulesThe
createrepo_candmodifyrepo_cexecutables must be available.fixtures/rpm-with-non-asciiThe
fedpkgexecutable must be available.fixtures/rpm-with-non-utf-8The
fedpkgexecutable must be available.fixtures/rpm-with-sha512See
fixtures/rpm-unsigned.fixtures/rpm-with-vendorThe
fedpkgandcreaterepo_cexecutables must be available.fixtures/rpm-with-pulp-distributionSee
fixtures/rpm-unsigned.fixtures/srpm-duplicateSee
fixtures/srpm-richnweak-deps.fixtures/srpm-richnweak-depsThe
rpmdev-setuptree,rpmbuildandcreaterepo_cexecutable must be available.fixtures/srpm-signedThe
createrepo_candmodifyrepo_cexecutables must be available.fixtures/srpm-unsignedThe
createrepo_c,modifyrepo_candrpmsignexecutables must be available.gnupghomeThe
gpgexecutable must be available.
The RPM, SRPM and DRPM assets are unsigned, and signatures are added as needed when generating fixtures. The opposite approach of using signed assets and stripping signatures as needed is less safe, as the keypair can more easily go out of sync with the assets.
By default, GnuPG works with files in the ~/.gnupg directory, and the rpmsign executable works with the ~/.rpmmacros file. (Other RPM packaging tools also use this file.) It is unacceptable for Pulp Fixtures to modify these files. Given this, how can package signing be done?
Altering the behaviour of GnuPG is easy: if the GNUPGHOME environment variable is set, the named directory is used instead of ~/.gnupg.
Altering the behaviour of rpmsign is harder: It includes hard-coded references to ~/.rpmmacros. The solution adopted is to pass all needed macros via the --define option, so that the ~/.rpmmacros file need not be consulted. Using this option is hacky, as it is not listed in the rpmsign man page, and it is mentioned only briefly in the rpm man page. However, this solution is more targeted than an alternative solution like temporarily overriding the HOME environment variable.
To see which packages have been signed with the pulp-fixture-signing-key key, execute a command like the following:
find fixtures \( -name '*.rpm' -o -name '*.srpm' -o -name '*.drpm' \) | xargs rpm --checksigIf a line like the following is shown, then the named package is unsigned:
fixtures/rpm-unsigned/lion-0.4-1.noarch.rpm: sha1 md5 OKIf a line like the following is shown, then the named package is signed:
fixtures/rpm/lion-0.4-1.noarch.rpm: (RSA) sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: RSA#269d9d98 (MD5) PGP#269d9d98)The MISSING KEYS message is present because the pulp-fixture-signing-key public key has not been imported to your keystore. You should not import it, as the pulp-fixture-signing-key private key is public. It exists for testing purposes, and provides no assurances of identity.