[Pulp-dev] pulp 3 upload API validation

Michael Hrivnak mhrivnak at redhat.com
Mon Jul 10 19:26:10 UTC 2017

On Mon, Jul 10, 2017 at 3:06 PM, Dennis Kliban <dkliban at redhat.com> wrote:

> The upload API for Artifacts is going to allow users to specify the
> artifact size and a digest. The Artifact model currently supports  'md5',
> 'sha1', 'sha224', 'sha256', 'sha384', and 'sha512' digests.
> Do we want to let users specify more than one digest per upload? e.g. md5
> and sha256?

There may be no harm in this, but it would add complexity to the
verification and not add much value. I'd stick with just one unless there's
a compelling reason for multiple.

> Do we want to store all 6 digests for each Artifact?

The expensive part of calculating the digests is reading the file. As long
as you're already reading the entire file, which we will during
verification, you may as well stuff the bits through multiple hashers
(digesters?) and get all the digests. Pulp 2 has a function that does this:


But we can't always guarantee that we'll have all the checksums available,
for at least two reasons. 1) If in the future if we want to use yet another
algorithm, we probably won't want to run a migration that re-reads every
file and calculates the additional digest. 2) For on-demand content, we
don't have it locally, so we can't calculate any additional checksums until
it gets fetched.

So this may be one of those times where we use a good-ole-fashioned getter
method that returns the requested digest if it's on the artifact,
calculates it if not, or raises an exception if the value isn't available
and can't be calculated.


Michael Hrivnak

Principal Software Engineer, RHCE

Red Hat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20170710/bdccddaf/attachment.htm>

More information about the Pulp-dev mailing list