From 49a566152187d6e18658f74688a7505ec4916b40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubom=C3=ADr=20Sedl=C3=A1=C5=99?= <lsedlar@redhat.com>
Date: Fri, 8 Jan 2021 14:34:34 +0100
Subject: [PATCH] pkgset: Remove reuse file when packages are not signed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In such case we never want to reuse the pkgset, as it risks leaking
unsigned packages. Safest option is to remove the file completely.

Fixes: https://pagure.io/pungi/issue/1480
JIRA: RHELCMP-3720
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
---
 pungi/phases/pkgset/pkgsets.py | 10 ++++++++--
 pungi/scripts/pungi_koji.py    | 21 +++++++++++++++------
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/pungi/phases/pkgset/pkgsets.py b/pungi/phases/pkgset/pkgsets.py
index e82a47cf..9fa0bcf5 100644
--- a/pungi/phases/pkgset/pkgsets.py
+++ b/pungi/phases/pkgset/pkgsets.py
@@ -35,6 +35,10 @@ from pungi.util import pkg_is_srpm, copy_all
 from pungi.arch import get_valid_arches, is_excluded
 
 
+class UnsignedPackagesError(RuntimeError):
+    pass
+
+
 class ExtendedRpmWrapper(kobo.pkgset.SimpleRpmWrapper):
     """
     ExtendedRpmWrapper extracts only certain RPM fields instead of
@@ -144,7 +148,7 @@ class PackageSetBase(kobo.log.LoggingBase):
 
     def raise_invalid_sigkeys_exception(self, rpminfos):
         """
-        Raises RuntimeError containing details of RPMs with invalid
+        Raises UnsignedPackagesError containing details of RPMs with invalid
         sigkeys defined in `rpminfos`.
         """
 
@@ -166,7 +170,9 @@ class PackageSetBase(kobo.log.LoggingBase):
 
         if not isinstance(rpminfos, dict):
             rpminfos = {self.sigkey_ordering: rpminfos}
-        raise RuntimeError("\n".join(get_error(k, v) for k, v in rpminfos.items()))
+        raise UnsignedPackagesError(
+            "\n".join(get_error(k, v) for k, v in rpminfos.items())
+        )
 
     def read_packages(self, rpms, srpms):
         srpm_pool = ReaderPool(self, self._logger)
diff --git a/pungi/scripts/pungi_koji.py b/pungi/scripts/pungi_koji.py
index 8c905565..2a08840f 100644
--- a/pungi/scripts/pungi_koji.py
+++ b/pungi/scripts/pungi_koji.py
@@ -5,6 +5,7 @@ from __future__ import print_function
 
 import argparse
 import getpass
+import glob
 import json
 import locale
 import logging
@@ -327,12 +328,20 @@ def main():
     )
     notifier.compose = compose
     COMPOSE = compose
-    run_compose(
-        compose,
-        create_latest_link=create_latest_link,
-        latest_link_status=latest_link_status,
-        latest_link_components=latest_link_components,
-    )
+    try:
+        run_compose(
+            compose,
+            create_latest_link=create_latest_link,
+            latest_link_status=latest_link_status,
+            latest_link_components=latest_link_components,
+        )
+    except pungi.phases.pkgset.pkgsets.UnsignedPackagesError:
+        # There was an unsigned package somewhere. It is not safe to reuse any
+        # package set from this compose (since we could leak the unsigned
+        # package). Let's make sure all reuse files are deleted.
+        for fp in glob.glob(compose.paths.work.pkgset_reuse_file("*")):
+            os.unlink(fp)
+        raise
 
 
 def run_compose(