{"id":28396553,"url":"https://github.com/pulp/pulp-fixtures","last_synced_at":"2025-10-08T19:06:36.223Z","repository":{"id":40991987,"uuid":"57318779","full_name":"pulp/pulp-fixtures","owner":"pulp","description":"Scripts to generate fixture data for Pulp.","archived":false,"fork":false,"pushed_at":"2025-06-25T16:18:11.000Z","size":45940,"stargazers_count":3,"open_issues_count":9,"forks_count":35,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-09-24T16:54:10.558Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pulp.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2016-04-28T16:46:45.000Z","updated_at":"2025-06-25T16:18:15.000Z","dependencies_parsed_at":"2024-03-28T16:57:57.702Z","dependency_job_id":null,"html_url":"https://github.com/pulp/pulp-fixtures","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pulp/pulp-fixtures","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulp-fixtures","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulp-fixtures/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulp-fixtures/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulp-fixtures/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pulp","download_url":"https://codeload.github.com/pulp/pulp-fixtures/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulp-fixtures/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000702,"owners_count":26082805,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-31T22:12:28.615Z","updated_at":"2025-10-08T19:06:36.203Z","avatar_url":"https://github.com/pulp.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":".. image:: https://github.com/pulp/pulp-fixtures/workflows/Build%20and%20publish%20pulp-fixture%20OCI%20Image/badge.svg\n\n\nPulp Fixtures\n=============\n\nPulp Fixtures is a collection of raw fixture data, scripts for compiling that\ndata into a useful format, and make targets for controlling the whole mess.\n\nNote that the latest version of these fixtures are available as `hosted fixtures`_.\n\nWhy does Pulp Fixtures exist? It exists so that the fixture data used by `Pulp\nSmash`_  can easily be recreated, and can be altered in a controlled way. Pulp\nSmash does not directly make use of Pulp Fixtures. Instead:\n\n1. A user clones the Pulp Fixtures repository. The \"user\" could be a human, or\n   a bot like Jenkins.\n2. The user compiles the fixture data they want.\n3. The user uploads that fixture data to an HTTP server.\n4. The user ensures that their Pulp Smash installation is configured to use the\n   uploaded fixture data. See `pulp_smash.constants`_.\n\nFor exact usage instructions, clone this repository and run ``make help``.\n\nContainer\n---------\n\nYou can run these fixtures locally using a container. We host the container images at both quay and\ndocker hub::\n\n    podman run -d --rm -p 8000:8080 docker.io/pulp/pulp-fixtures:latest\n    podman run -d --rm -p 8000:8080 quay.io/pulp/pulp-fixtures:latest\n\nOr with docker::\n\n    docker run -d --rm -p 8000:8080 docker.io/pulp/pulp-fixtures:latest\n    docker run -d --rm -p 8000:8080 quay.io/pulp/pulp-fixtures:latest\n\nYou can also build and run the pulp fixtures container locally with podman/buildah::\n\n    buildah bud -f Containerfile -t pulp/pulp-fixtures .\n    podman run -d -p 8000:8080 pulp/pulp-fixtures\n\nOr you can use docker::\n\n    docker build -f Containerfile -t pulp/pulp-fixtures .\n    docker run -d -p 8000:8080 pulp/pulp-fixtures\n\nBy default the base url is ``http://localhost:8000``. If you want to change this, run::\n\n    podman run -d -e BASE_URL=http://pulp-fixtures:8080 pulp/pulp-fixtures\n\nDependencies\n------------\n\nMost make targets are implemented as bash scripts. Bash 4.4 or newer is\nrequired. In addition, exotic dependencies are listed below, according to make\ntarget. Common dependencies like ``fmt``, ``patch`` and ``realpath`` are\nomitted.\n\nSome RPM, SRPM and DRPM fixtures are signed with an OpenPGP-compatible keypair.\nSee ``make help``.\n\n.. WARNING:: The private key used to sign RPM, SRPM and DRPM files is publicly\n    available. The signatures on these files afford absolutely *no* security.\n    The signatures are present only for testing purposes.\n\n``help``\n    No exotic dependencies are needed.\n\n``lint``\n    See ``lint-pylint`` and ``lint-shellcheck``.\n\n``lint-pylint``\n    The ``pylint`` executable must be available.\n\n``lint-shellcheck``\n    The ``shellcheck`` executable must be available.\n\n``clean``\n    No exotic dependencies are needed.\n\n``fixtures/debian``\n    The ``gnupg``, ``equivs``, and ``reprepro`` packages must be installed.\n\n``fixtures/debian-invalid``\n    Depends on the ``fixtures/debian`` target.\n\n``fixtures/docker``\n    The ``docker`` executable must be available.\n\n    Ensure the service is running and usable by the current user. This may\n    require adding the current user to an appropriate group and reloading\n    permissions, with a command such as ``gpasswd --add $(id -u) docker \u0026\u0026\n    newgrp``.\n\n``fixtures/file``\n    No exotic dependencies are needed.\n\n``fixtures/file2``\n    No exotic dependencies are needed.\n\n``fixtures/file-invalid``\n    No exotic dependencies are needed.\n\n``fixtures/file-large``\n    No exotic dependencies are needed.\n\n``fixtures/file-many``\n    No exotic dependencies are needed.\n\n``fixtures/file-perf``\n    No exotic dependencies are needed.\n\n``fixtures/file-dl-forward``\n    No exotic dependencies are needed.\n\n``fixtures/file-dl-reverse``\n    No exotic dependencies are needed.\n\n``fixtures/file-mixed``\n    See ``fixtures/file``.\n\n``fixtures/ostree``\n    The ``ostree`` executable must be available.\n\n``fixtures/python-pypi``\n    The ``jq``, ``jinja2`` and ``python3`` executables must be available.\n\n``fixtures/rpm-alt-layout``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-incomplete-filelists``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-incomplete-other``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-invalid-rpm``\n    No exotic dependencies are needed.\n\n``fixtures/rpm-invalid-updateinfo``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-string-version-updateinfo``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-long-updateinfo``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-mirrorlist-bad``\n    No exotic dependencies are needed.\n\n    .. NOTE:: There is no known specification (syntax, naming, etc) of\n        mirrorlist files. These files are modeled on CentOS mirrorlists. See:\n        http://mirrorlist.centos.org/?release=6\u0026arch=x86_64\u0026repo=os. For an\n        example of an alternate implementation, see:\n        https://www.archlinux.org/mirrorlist/. As a result, this target may\n        exhibit erroneous behaviour.\n\n``fixtures/rpm-mirrorlist-good``\n    See ``fixtures/rpm-mirrorlist-bad``.\n\n``fixtures/rpm-mirrorlist-mixed``\n    See ``fixtures/rpm-mirrorlist-bad``.\n\n``fixtures/rpm-missing-filelists``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-missing-other``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-missing-primary``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-modular``\n    The ``createrepo_c`` and ``modifyrepo_c`` executables must be available.\n\n    .. NOTE:: All packages and metadata (modules, defaults, obsoletes and advisories)\n        are taken and combined from dnf-ci-fedora-modular, dnf-ci-thirdparty-modular,\n        dnf-ci-fedora-modular-updates and dnf-ci-obsoletes repositories found\n        `here\u003chttps://github.com/rpm-software-management/ci-dnf-stack\u003e`_.\n        ``updateinfo.xml`` was updated with modules and packages names and version to\n        not need more binary data.\n\n``fixtures/rpm-pkglists-updateinfo``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-references-updateinfo``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-richnweak-deps``\n    The ``createrepo_c`` executable must be available.\n\n``fixtures/rpm-signed``\n    The ``createrepo_c``, ``modifyrepo_c`` and ``rpmsign`` executables must be\n    available.\n\n``fixtures/rpm-unsigned``\n    The ``createrepo_c`` and ``modifyrepo_c`` executables must be available.\n\n``fixtures/rpm-updated-updateinfo``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-with-modules``\n    The ``createrepo_c`` and ``modifyrepo_c`` executables must be available.\n\n``fixtures/rpm-with-non-ascii``\n    The ``fedpkg`` executable must be available.\n\n``fixtures/rpm-with-non-utf-8``\n    The ``fedpkg`` executable must be available.\n\n``fixtures/rpm-with-sha512``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/rpm-with-vendor``\n    The ``fedpkg`` and ``createrepo_c`` executables must be available.\n\n``fixtures/rpm-with-pulp-distribution``\n    See ``fixtures/rpm-unsigned``.\n\n``fixtures/srpm-duplicate``\n    See ``fixtures/srpm-richnweak-deps``.\n\n``fixtures/srpm-richnweak-deps``\n    The ``rpmdev-setuptree``, ``rpmbuild`` and ``createrepo_c`` executable must be\n    available.\n\n``fixtures/srpm-signed``\n    The ``createrepo_c`` and ``modifyrepo_c`` executables must be available.\n\n``fixtures/srpm-unsigned``\n    The ``createrepo_c``, ``modifyrepo_c`` and ``rpmsign`` executables must be\n    available.\n\n``gnupghome``\n    The ``gpg`` executable must be available.\n\nPackage Signatures\n------------------\n\nThe RPM, SRPM and DRPM assets are unsigned, and signatures are added as needed\nwhen generating fixtures. The opposite approach of using signed assets and\nstripping signatures as needed is less safe, as the keypair can more easily go\nout of sync with the assets.\n\nBy default, GnuPG works with files in the ``~/.gnupg`` directory, and the\n``rpmsign`` executable works with the ``~/.rpmmacros`` file. (Other RPM\npackaging tools also use this file.) It is unacceptable for Pulp Fixtures to\nmodify these files. Given this, how can package signing be done?\n\nAltering the behaviour of GnuPG is easy: if the ``GNUPGHOME`` environment\nvariable is set, the named directory is used instead of ``~/.gnupg``.\n\nAltering the behaviour of ``rpmsign`` is harder: It includes hard-coded\nreferences to ``~/.rpmmacros``. The solution adopted is to pass all needed\nmacros via the ``--define`` option, so that the ``~/.rpmmacros`` file need not\nbe consulted. Using this option is hacky, as it is not listed in the ``rpmsign``\nman page, and it is mentioned only briefly in the ``rpm`` man page. However,\nthis solution is more targeted than an alternative solution like temporarily\noverriding the ``HOME`` environment variable.\n\nTo see which packages have been signed with the pulp-fixture-signing-key key, execute a command\nlike the following:\n\n.. code-block:: sh\n\n    find fixtures \\( -name '*.rpm' -o -name '*.srpm' -o -name '*.drpm' \\) | xargs rpm --checksig\n\nIf a line like the following is shown, then the named package is unsigned::\n\n    fixtures/rpm-unsigned/lion-0.4-1.noarch.rpm: sha1 md5 OK\n\nIf a line like the following is shown, then the named package is signed::\n\n    fixtures/rpm/lion-0.4-1.noarch.rpm: (RSA) sha1 ((MD5) PGP) md5 NOT OK (MISSING KEYS: RSA#269d9d98 (MD5) PGP#269d9d98)\n\nThe ``MISSING KEYS`` message is present because the pulp-fixture-signing-key public key has not\nbeen imported to your keystore. You should not import it, as **the pulp-fixture-signing-key\nprivate key is public.** It exists for testing purposes, and provides no\nassurances of identity.\n\n.. _hosted fixtures: https://fixtures.pulpproject.org/","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpulp%2Fpulp-fixtures","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpulp%2Fpulp-fixtures","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpulp%2Fpulp-fixtures/lists"}