Problem sync repo between Foreman to Artifactory: Parsing interrupted: Out of order metadata

lrubiose · January 22, 2025, 12:34pm

Problem:

Hello,

when we configure in Foreman a yum repository with url of Artifactory and we synchronize the repository we get the following error:

Katello::Errors::Pulp3Error: Parsing interrupted: Out of order metadata: 2251738c67b18174f703c69c0be1f6384528be92 vs 7eeb4151aa7f728c5542c0b6a907b52ab99b6a01.

Artifactory’s repository is a local repository and contains official RHEL rpm.

Expected outcome:

Success in synchronization

Foreman and Proxy versions:

Foreman and Proxy plugin versions:

foreman 3.12

client 3.12

plugins 3.12

candlepin 4.4

pulpcore 3.49

katello 4.14

puppet7

Distribution and version:

NAME=“Red Hat Enterprise Linux”

VERSION=“8.10 (Ootpa)”

Other relevant data:

We know that these three rpms are not in repodata file 4ddfdba9379b2fbd988714719e74641f8bc0352a-other.xml

sha1 → 360f36b7c53b1bd99552120e54723afc75679f86 → fonts-filesystem-2.0.5-7.el9.1.noarch.rpm

sha1 → 2251738c67b18174f703c69c0be1f6384528be92 → dejavu-sans-fonts-2.37-18.el9.noarch.rpm

sha1 → 70f522e056b5ddc4f8eccbee97dbd94f8071f3e5 → google-droid-sans-fonts-20200215-11.el9.2.noarch.rpm

The sha1 2251738c67b18174f703c69c0be1f6384528be92 obtained in the error belongs to the rpm dejavu-sans-fonts-2.37-18.el9.noarch.rpm

If we delete this rpm from the repository of Artifactory and we synchronize, we get the error from the other two rpms.

These three rpms are not corrupts. We executed the command “rpm -K” with successful result.

When we delete these three rpms, Foreman syncs without errors.

We don’t know if the repodata’s files are well calculated and Foreman is very strict or is Artifactory doesn’t create them properly.

We made a yum in /etc/yum.repos.d/ with the Artifactory repo and results were successful.

Regards,

Luis

sajha · January 22, 2025, 2:34pm

@lrubiose I found a similar thread here: Error during repo sync-Out of order metadata - #2 by gvde with some steps to check those checksums in primary.xml and other xmls to check if there are any inconsistencies. My first guess is the metadata for the upstream repository is corrupted for the 3 packages.

lrubiose · January 23, 2025, 2:56pm

Hello @sajha.

Thank you very much for your response.

Unfortunately in that topic the metadata was inconsistent, but in our case the metadata is okay.
We have checked the packages and we can confirm that they are not corrupted.

Now, we need some help to keep investigating this issue.

sajha · January 27, 2025, 4:27pm

@dralley Does this ring any bells?

dralley · January 27, 2025, 11:36pm

I dunno what Artifactory is doing, but any package in the repository ought to have an entry in all 3 metadata files, even if that entry is “empty” of metadata.

lrubiose · January 28, 2025, 12:51pm

Hello @dralley,

Thank you for your response.

The following code shows the file other.xml of Artifactory’s repodata (only two lines). As you can see, it doesn’t contains the rpm metadata for fonts-filesystem

<?xml version='1.0' encoding='UTF-8'?>
<otherdata xmlns="http://linux.duke.edu/metadata/other" packages="1"/>

filelists.xml:

<?xml version='1.0' encoding='UTF-8'?>
<filelists xmlns="http://linux.duke.edu/metadata/filelists" packages="1">
  <package pkgid="360f36b7c53b1bd99552120e54723afc75679f86" name="fonts-filesystem" arch="noarch">
    <version epoch="1" ver="2.0.5" rel="7.el9.1"/>
    <file type="dir">/etc/fonts</file>
    <file>/etc/fonts/conf.d</file>
    <file type="dir">/usr/share/fontconfig</file>
    <file>/usr/share/fontconfig/conf.avail</file>
    <file>/usr/share/fonts</file>
  </package>
</filelists>

primary.xml

<?xml version='1.0' encoding='UTF-8'?>
<metadata xmlns="http://linux.duke.edu/metadata/common" xmlns:rpm="http://linux.duke.edu/metadata/rpm" packages="1">
  <package type="rpm">
    <name>fonts-filesystem</name>
    <arch>noarch</arch>
    <version epoch="1" ver="2.0.5" rel="7.el9.1"/>
    <checksum type="sha" pkgid="YES">360f36b7c53b1bd99552120e54723afc75679f86</checksum>
    <summary>Directories used by font packages</summary>
    <description>This package contains the basic directory layout used by font packages,
including the correct permissions for the directories.</description>
    <packager>Red Hat, Inc. &lt;http://bugzilla.redhat.com/bugzilla></packager>
    <url>https://docs.fedoraproject.org/en-US/packaging-guidelines/FontsPolicy/</url>
    <time file="1737733094" build="1631794698"/>
    <size package="11459" installed="0" archive="788"/>
    <location href="fonts-filesystem-2.0.5-7.el9.1.noarch.rpm"/>
    <format>
      <rpm:license>MIT</rpm:license>
      <rpm:vendor>Red Hat, Inc.</rpm:vendor>
      <rpm:group>Unspecified</rpm:group>
      <rpm:buildhost>ppc-004.build.eng.bos.redhat.com</rpm:buildhost>
      <rpm:sourcerpm>fonts-rpm-macros-2.0.5-7.el9.1.src.rpm</rpm:sourcerpm>
      <rpm:header-range start="6752" end="11309"/>
      <rpm:provides>
        <rpm:entry name="fontpackages-filesystem" flags="EQ" epoch="1" ver="2.0.5" rel="7.el9.1"/>
        <rpm:entry name="fonts-filesystem" flags="EQ" epoch="1" ver="2.0.5" rel="7.el9.1"/>
      </rpm:provides>
      <rpm:requires/>
      <rpm:conflicts/>
      <rpm:obsoletes>
        <rpm:entry name="fontpackages-filesystem" flags="LT" epoch="1" ver="2.0.5" rel="7.el9.1"/>
      </rpm:obsoletes>
      <file type="dir">/etc/fonts</file>
      <file>/etc/fonts/conf.d</file>
    </format>
  </package>
</metadata>

This is the repository (only one rpm):

We think that Foreman Katello Pulp requires that the rpms exist in all repodata files. But we don’t know how Katello works.

Regards
Luis

dralley · January 28, 2025, 7:29pm

Right, Pulp certainly requires that.

It doesn’t make sense for

<?xml version='1.0' encoding='UTF-8'?>
<otherdata xmlns="http://linux.duke.edu/metadata/other" packages="1"/>

To say that there is “1” package but then be completely empty of any package entries. So I would consider this a bug with Artifactory primarily.

lrubiose · January 30, 2025, 8:40am

Hi @dralley,

Our Artifactory’s team saw in logs that when the repodata is created, these rpms have characteres in metadata that Artifactory doesn’t support.

They are speaking with JFrog.

Thanks !!!

lrubiose · February 5, 2025, 11:06am

Hello everyone,

The changelog of the RPMs contains emojis, and Artifactory doesn’t like that.

2025-02-03T10:54:38.540Z [jfrt ] [WARN ] [205f81c8d38d3588] [o.j.m.e.m.RpmMetadata:191     ] [8d38d3588|art-exec-4] - Package fonts-filesystem-2.0.5 XML stream has invalid xml characters in the line : '- 3.0.3-1                        
🐞 Fix bugs in the 3.0.2 refactoring                                                                                                                                                                                                       
- 3.0.2-1                                                                                                                                                                                                                                  
🐞 Workaround Fedora problems created by rpm commit 93604e2                                                                                                                                                                                
   harder'                                                                                                                                                                                                                                 
2025-02-03T10:54:38.544Z [jfrt ] [WARN ] [205f81c8d38d3588] [o.j.m.e.m.RpmMetadata:191     ] [8d38d3588|art-exec-4] - Package dejavu-sans-fonts-2.37 XML stream has invalid xml characters in the line : '- 2.37-13                        
🐞 Workaround Fedora problems created by rpm commit 93604e2'                                                                                                                                                                               
2025-02-03T10:54:38.548Z [jfrt ] [WARN ] [205f81c8d38d3588] [o.j.m.e.m.RpmMetadata:191     ] [8d38d3588|art-exec-4] - Package google-droid-sans-fonts-20200215 XML stream has invalid xml characters in the line : '- 20200215-6           
🐞 Workaround Fedora problems created by rpm commit 93604e2'

The security level we have configured in Artifactory is very strict.

The solution is to set the variable artifactory.yum.xml.printer.mode=-1, but that comes with other side effects that our Artifactory team is currently analyzing.

Regards.
Luis Rubio