katello 4.13.0.rc1 → 4.13.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bd34bfe58b23b1d93a3997cebe69df8ee33721ed70f580c6e9702f7fc6ba6bd2
-  data.tar.gz: 0c11d4179198241b8086a718fd240ae3c91af22a9912637aa88b9e2534fb11ff
+  metadata.gz: 7b483b80f6a5f7194a08c115f000a799cf5fbfadb5ff15a3c23425474858083e
+  data.tar.gz: 40c8c3a668d0cf608ad9d4c051a5eebd6fa8c1bca6f6b5ee9821ebb53aabaff1
 SHA512:
-  metadata.gz: 8007ac10ec5431af852d6ed99534aaa40b986c2f007769a591f32d59a47afdc9f7535e850bfb6c263d9301476776a31f4b6ecc5223e76083a3923e92db66ca6e
-  data.tar.gz: b2d7cfadb5189daa8be9bba7ddd8b4bd4b17993ed64ff2db28a87738f9bab6a7f0ef8242c2e599293307530625cb56aebc33b62f876386b58e38cbc73c50020a
+  metadata.gz: 4752d03a68ac8daa4499926108b811b644d29fea06dde68e8a7ebe0f3571e23d6329c23d8acc6f66eb49b675118d3a7bb7e9e00d08f499b77597f841be20c63c
+  data.tar.gz: ed21c09ff884e6a3b8a7e23dd2e824810507b0d84b058368c731e5479fcd9a61d778d0d7e4110db5b2ca8d6c14e9e64521b9e80660bfc06a05579b9226e366e6

data/app/controllers/katello/api/registry/registry_proxies_controller.rb

@@ -3,15 +3,14 @@ module Katello
   class Api::Registry::RegistryProxiesController < Api::V2::ApiController
     before_action :disable_strong_params
     before_action :confirm_settings
-    before_action :confirm_push_settings, only: [:start_upload_blob, :upload_blob, :finish_upload_blob,
-                                                 :push_manifest]
     skip_before_action :authorize
     before_action :optional_authorize, only: [:token, :catalog]
     before_action :registry_authorize, except: [:token, :v1_search, :catalog]
     before_action :authorize_repository_read, only: [:pull_manifest, :tags_list]
-    # TODO: authorize_repository_write commented out until Katello indexes Pulp container push repositories.
-    # before_action :authorize_repository_write, only: [:start_upload_blob, :upload_blob, :finish_upload_blob,
-    #                                                   :push_manifest]
+    # TODO: authorize_repository_write commented out due to container push changes. Additional task needed to fix.
+    # before_action :authorize_repository_write, only: [:start_upload_blob, :upload_blob, :finish_upload_blob, :push_manifest]
+    before_action :container_push_prop_validation, only: [:start_upload_blob, :upload_blob, :finish_upload_blob, :push_manifest]
+    before_action :create_container_repo_if_needed, only: [:start_upload_blob, :upload_blob, :finish_upload_blob, :push_manifest]
     skip_before_action :check_media_type, only: [:start_upload_blob, :upload_blob, :finish_upload_blob,
                                                  :push_manifest]
 
@@ -85,6 +84,301 @@ module Katello
       return false
     end
 
+    def container_push_prop_validation(props = nil)
+      # Handle validation and repo creation for container pushes before talking to pulp
+      return false unless confirm_push_settings
+      props = parse_blob_push_props if props.nil?
+      return false unless check_blob_push_field_syntax(props)
+
+      # validate input and find the org and product either using downcase label or id
+      if props[:schema] == "label"
+        return false unless check_blob_push_org_label(props)
+        return false unless check_blob_push_product_label(props)
+      else
+        return false unless check_blob_push_org_id(props)
+        return false unless check_blob_push_product_id(props)
+      end
+
+      return false unless check_blob_push_container(props)
+      true
+    end
+
+    def parse_blob_push_props(path_string = nil)
+      # path string should follow one of these formats:
+      #   - /v2/{org_label}/{product_label}/{name}/blobs/uploads...
+      #   - /v2/id/{org_id}/{product_id}/{name}/blobs/uploads...
+      #   - /v2/{org_label}/{product_label}/{name}/manifests/...
+      #   - /v2/id/{org_id}/{product_id}/{name}/manifests/...
+      # inputs not matching format will return {valid_format: false}
+      path_string = @_request.fullpath if path_string.nil?
+      segments = path_string.split('/')
+
+      if segments.length >= 7 && segments[0] == "" && segments[1] == "v2" &&
+        segments[2] != "id" && (segments[5] == "blobs" || segments[5] == "manifests")
+
+        return {
+          valid_format: true,
+          schema: "label",
+          organization: segments[2],
+          product: segments[3],
+          name: segments[4]
+        }
+      elsif segments.length >= 8 && segments[0] == "" && segments[1] == "v2" &&
+        segments[2] == "id" && (segments[6] == "blobs" || segments[6] == "manifests")
+
+        return {
+          valid_format: true,
+          schema: "id",
+          organization: segments[3],
+          product: segments[4],
+          name: segments[5]
+        }
+      else
+        return {valid_format: false}
+      end
+    end
+
+    def check_blob_push_field_syntax(props)
+      # check basic url field syntax
+      unless props[:valid_format]
+        return render_podman_error(
+          "NAME_INVALID",
+          "Invalid format. Container pushes should follow 'organization_label/product_label/name' OR 'id/organization_id/product_id/name' schema.",
+          :bad_request
+        )
+      end
+      return true
+    end
+
+    # rubocop:disable Metrics/MethodLength
+    def check_blob_push_org_label(props)
+      org_label = props[:organization]
+      unless org_label.present? && org_label.length > 0
+        return render_podman_error(
+          "NAME_INVALID",
+          "Invalid format. Organization label cannot be blank.",
+          :bad_request
+        )
+      end
+      org = Organization.where("LOWER(label) = '#{org_label}'") # convert to lowercase
+      # reject ambiguous orgs (possible due to lowercase conversion)
+      if org.length > 1
+        # Determine if the repo already exists in one of the possible products. If yes,
+        # inform the user they need to destroy the existing repo and use the ID format
+        unless props[:product].blank? || props[:name].blank?
+          org.each do |o|
+            products = get_matching_products_from_org(o, props[:product])
+            products.each do |prod|
+              root_repos = get_root_repo_from_product(prod, props[:name])
+              unless root_repos.empty?
+                return render_podman_error(
+                  "NAME_INVALID",
+                  "Due to a change in your organizations, this container name has become "\
+                    "ambiguous (org name '#{org_label}'). If you wish to continue using this "\
+                    "container name, destroy the organization in conflict with '#{o.name} (id "\
+                    "#{o.id}). If you wish to keep both orgs, destroy '#{o.label}/#{prod.label}/"\
+                    "#{root_repos.first.label}' and retry your push using the id format.",
+                  :conflict
+                )
+              end
+            end
+          end
+        end
+
+        # Otherwise tell them to try pushing with ID format
+        return render_podman_error(
+          "NAME_INVALID",
+          "Organization label '#{org_label}' is ambiguous. Try using an id-based container name.",
+          :conflict
+        )
+      end
+      if org.length == 0
+        return render_podman_error(
+          "NAME_UNKNOWN",
+          "Organization not found: '#{org_label}'",
+          :not_found
+        )
+      end
+      @organization = org.first
+      true
+    end
+
+    def check_blob_push_org_id(props)
+      org_id = props[:organization]
+      unless org_id.present? && org_id == org_id.to_i.to_s
+        return render_podman_error(
+          "NAME_INVALID",
+          "Invalid format. Organization id must be an integer without leading zeros.",
+          :bad_request
+        )
+      end
+      @organization = Organization.find_by_id(org_id.to_i)
+      if @organization.nil?
+        return render_podman_error(
+          "NAME_UNKNOWN",
+          "Organization id not found: '#{org_id}'",
+          :not_found
+        )
+      end
+      true
+    end
+
+    def check_blob_push_product_label(props)
+      prod_label = props[:product]
+      unless prod_label.present? && prod_label.length > 0
+        return render_podman_error(
+          "NAME_INVALID",
+          "Invalid format. Product label cannot be blank.",
+          :bad_request
+        )
+      end
+      product = get_matching_products_from_org(@organization, prod_label)
+      # reject ambiguous products (possible due to lowercase conversion)
+      if product.length > 1
+        # Determine if the repo already exists in one of the possible products. If yes,
+        # inform the user they need to destroy the existing repo and use the ID format
+        unless props[:name].blank?
+          product.each do |prod|
+            root_repos = get_root_repo_from_product(prod, props[:name])
+            unless root_repos.empty?
+              return render_podman_error(
+                "NAME_INVALID",
+                "Due to a change in your products, this container name has become ambiguous "\
+                  "(product name '#{prod_label}'). If you wish to continue using this container "\
+                  "name, destroy the product in conflict with '#{prod.name}' (id #{prod.id}). If "\
+                  "you wish to keep both products, destroy '#{@organization.label}/#{prod.label}/"\
+                  "#{root_repos.first.label}' and retry your push using the id format.",
+                :conflict
+              )
+            end
+          end
+        end
+
+        return render_podman_error(
+          "NAME_INVALID",
+          "Product label '#{prod_label}' is ambiguous. Try using an id-based container name.",
+          :conflict
+        )
+      end
+      if product.length == 0
+        return render_podman_error(
+          "NAME_UNKNOWN",
+          "Product not found: '#{prod_label}'",
+          :not_found
+        )
+      end
+      @product = product.first
+      true
+    end
+
+    def check_blob_push_product_id(props)
+      prod_id = props[:product]
+      unless prod_id.present? && prod_id == prod_id.to_i.to_s
+        return render_podman_error(
+          "NAME_INVALID",
+          "Invalid format. Product id must be an integer without leading zeros.",
+          :bad_request
+        )
+      end
+      @product = @organization.products.find_by_id(prod_id.to_i)
+      if @product.nil?
+        return render_podman_error(
+          "NAME_UNKNOWN",
+          "Product id not found: '#{prod_id}'",
+          :not_found
+        )
+      end
+      true
+    end
+
+    def get_matching_products_from_org(organization, product_label)
+      return organization.products.where("LOWER(label) = '#{product_label}'") # convert to lowercase
+    end
+
+    def get_root_repo_from_product(product, root_repo_name)
+      return product.root_repositories.where(label: root_repo_name)
+    end
+
+    def check_blob_push_container(props)
+      unless props[:name].present? && props[:name].length > 0
+        return render_podman_error(
+          "NAME_INVALID",
+          "Invalid format. Container name cannot be blank.",
+          :bad_request
+        )
+      end
+
+      @container_name = props[:name]
+      @container_push_name_format = props[:schema]
+      if @container_push_name_format == "label"
+        @container_path_input = "#{props[:organization]}/#{props[:product]}/#{props[:name]}"
+      else
+        @container_path_input = "id/#{props[:organization]}/#{props[:product]}/#{props[:name]}"
+      end
+
+      # If the repo already exists, check if the existing push format matches
+      root_repo = get_root_repo_from_product(@product, @container_name).first
+      if !root_repo.nil? && @container_push_name_format != root_repo.container_push_name_format
+        return render_podman_error(
+          "NAME_INVALID",
+          "Repository name '#{@container_name}' already exists in this product using a different naming scheme. Please retry your request with the #{root_repo.container_push_name_format} format or destroy and recreate the repository using your preferred schema.",
+          :conflict
+        )
+      end
+
+      true
+    end
+
+    def create_container_repo_if_needed
+      if get_root_repo_from_product(@product, @container_name).empty?
+        root = @product.add_repo(
+          name: @container_name,
+          label: @container_name,
+          download_policy: 'immediate',
+          content_type: Repository::DOCKER_TYPE,
+          unprotected: true,
+          is_container_push: true,
+          container_push_name: @container_path_input,
+          container_push_name_format: @container_push_name_format
+        )
+        sync_task(::Actions::Katello::Repository::CreateRoot, root, @container_path_input)
+      end
+    end
+
+    def blob_push_cleanup
+      # after manifest upload, index content and set version href using pulp api
+      root_repo = get_root_repo_from_product(@product, @container_name)&.first
+      instance_repo = root_repo&.library_instance
+
+      unless root_repo.present? && instance_repo.present?
+        return render_podman_error(
+          "BLOB_UPLOAD_UNKNOWN",
+          "Could not locate local uploaded repository for content indexing.",
+          :not_found
+        )
+      end
+
+      api = ::Katello::Pulp3::Repository.api(SmartProxy.pulp_primary, ::Katello::Repository::DOCKER_TYPE).container_push_api
+      api_response = api.list(name: @container_path_input)&.results&.first
+      latest_version_href = api_response&.latest_version_href
+      pulp_href = api_response&.pulp_href
+
+      if latest_version_href.empty? || pulp_href.empty?
+        return render_podman_error(
+          "BLOB_UPLOAD_UNKNOWN",
+          "Could not locate repository properties for content indexing.",
+          :not_found
+        )
+      end
+
+      instance_repo.update!(version_href: latest_version_href)
+      ::Katello::Pulp3::RepositoryReference.where(root_repository_id: instance_repo.root_id,
+        content_view_id: instance_repo.content_view.id, repository_href: pulp_href).create!
+      instance_repo.index_content
+
+      true
+    end
+
     def find_writable_repository
       Repository.docker_type.syncable.find_by_container_repository_name(params[:repository])
     end
@@ -205,17 +499,6 @@ module Katello
       redirect_client { Resources::Registry::Proxy.get(@_request.fullpath, headers, max_redirects: 0) }
     end
 
-    def push_manifest
-      headers = translated_headers_for_proxy
-      headers['Content-Type'] = request.headers['Content-Type'] if request.headers['Content-Type']
-      body = @_request.body.read
-      pulp_response = Resources::Registry::Proxy.put(@_request.fullpath, body, headers)
-      pulp_response.headers.each do |key, value|
-        response.header[key.to_s] = value
-      end
-      head pulp_response.code
-    end
-
     def start_upload_blob
       headers = translated_headers_for_proxy
       headers['Content-Type'] = request.headers['Content-Type'] if request.headers['Content-Type']
@@ -225,6 +508,7 @@ module Katello
       pulp_response.headers.each do |key, value|
         response.header[key.to_s] = value
       end
+
       head pulp_response.code
     end
 
@@ -268,6 +552,21 @@ module Katello
       head pulp_response.code
     end
 
+    def push_manifest
+      headers = translated_headers_for_proxy
+      headers['Content-Type'] = request.headers['Content-Type'] if request.headers['Content-Type']
+      body = @_request.body.read
+      pulp_response = Resources::Registry::Proxy.put(@_request.fullpath, body, headers)
+      pulp_response.headers.each do |key, value|
+        response.header[key.to_s] = value
+      end
+
+      cleanup_result = blob_push_cleanup if pulp_response.code.between?(200, 299)
+      return false unless cleanup_result
+
+      head pulp_response.code
+    end
+
     def ping
       response.headers['Docker-Distribution-API-Version'] = 'registry/2.0'
       render json: {}, status: :ok
@@ -278,10 +577,10 @@ module Katello
     end
 
     def v1_search
-      # Checks for podman client and issues a 404 in that case. Podman
+      # Checks for v2 client and issues a 404 in that case. Podman
       # examines the response from a /v1_search request. If the result
       # is a 4XX, it will then proceed with a request to /_catalog
-      if request.headers['HTTP_USER_AGENT'].downcase.include?('libpod')
+      if request.headers['HTTP_DOCKER_DISTRIBUTION_API_VERSION'] == 'registry/2.0'
         render json: {}, status: :not_found
         return
       end
@@ -423,8 +722,11 @@ module Katello
 
     def confirm_push_settings
       return true if SETTINGS.dig(:katello, :container_image_registry, :allow_push)
-      render_error('custom_error', :status => :not_found,
-                   :locals => { :message => "Registry push not supported" })
+      render_podman_error(
+        "UNSUPPORTED",
+        "Registry push is not enabled. To enable, add ':katello:'->':container_image_registry:'->':allow_push: true' in the katello settings file.",
+        :unprocessable_entity
+      )
     end
 
     def request_url
@@ -446,10 +748,19 @@ module Katello
       Rails.logger.debug "With body: #{filter_sensitive_data(response.body)}\n" unless route_name == 'pull_blob'
     end
 
+    def render_podman_error(code, message, status = :bad_request)
+      # Renders a podman-compatible error and returns false.
+      #     code: uppercase string code from opencontainer error code spec:
+      #         https://specs.opencontainers.org/distribution-spec/?v=v1.0.0#DISTRIBUTION-SPEC-140
+      #     message: a custom error string
+      #     status: a symbol in the 400 block of the rails response code table:
+      #         https://guides.rubyonrails.org/layouts_and_rendering.html#the-status-option
+      render json: {errors: [{code: code, message: message}]}, status: status
+      false
+    end
+
     def item_not_found(item)
-      msg = "#{item} was not found!"
-      # returning errors based on registry specifications in https://docs.docker.com/registry/spec/api/#errors
-      render json: {errors: [code: :invalid_request, message: msg, details: msg]}, status: :not_found
+      render_podman_error("NAME_UNKNOWN", "#{item} was not found!", :not_found)
     end
   end
 end

data/app/controllers/katello/api/rhsm/candlepin_proxies_controller.rb

@@ -259,6 +259,14 @@ module Katello
     def facts
       User.current = User.anonymous_admin
       @host.update_candlepin_associations(rhsm_params)
+      if params[:environments]
+        new_envs = params[:environments].map do |env|
+          get_content_view_environment("cp_id", env['id'])
+        end
+        new_envs.compact!
+        Rails.logger.debug "Setting new content view environments for host #{@host.to_label}: #{new_envs.map(&:label)}"
+        @host.content_facet.content_view_environments = new_envs
+      end
       update_host_registered_through(@host, request.headers)
       @host.refresh_statuses([::Katello::RhelLifecycleStatus])
       render :json => {:content => _("Facts successfully updated.")}, :status => :ok

data/app/controllers/katello/api/v2/repositories_controller.rb

@@ -48,7 +48,7 @@ Pass [] to make repo available for clients regardless of OS version. Maximum len
       param :ssl_client_cert_id, :number, :desc => N_("Identifier of the content credential containing the SSL Client Cert"), :allow_nil => true
       param :ssl_client_key_id, :number, :desc => N_("Identifier of the content credential containing the SSL Client Key"), :allow_nil => true
       param :unprotected, :bool, :desc => N_("true if this repository can be published via HTTP")
-      param :checksum_type, String, :desc => N_("Checksum of the repository, currently 'sha1' & 'sha256' are supported")
+      param :checksum_type, String, :desc => N_("Checksum used for published repository contents. Supported types: %s") % Katello::RootRepository::CHECKSUM_TYPES.join(', ')
       param :docker_upstream_name, String, :desc => N_("Name of the upstream docker repository")
       param :include_tags, Array, :desc => N_("Comma-separated list of tags to sync for a container image repository")
       param :exclude_tags, Array, :desc => N_("Comma-separated list of tags to exclude when syncing a container image repository. Default: any tag ending in \"-source\"")

data/app/lib/actions/katello/capsule_content/sync_capsule.rb

@@ -69,8 +69,13 @@ module Actions
         end
 
         def update_content_counts(_execution_plan)
-          smart_proxy = ::SmartProxy.unscoped.find(input[:smart_proxy_id])
-          ::ForemanTasks.async_task(::Actions::Katello::CapsuleContent::UpdateContentCounts, smart_proxy)
+          if Setting[:automatic_content_count_updates]
+            smart_proxy = ::SmartProxy.unscoped.find(input[:smart_proxy_id])
+            ::ForemanTasks.async_task(::Actions::Katello::CapsuleContent::UpdateContentCounts, smart_proxy)
+          else
+            Rails.logger.info "Skipping content counts update as automatic content count updates are disabled. To enable automatic content count updates, set the 'automatic_content_count_updates' setting to true.
+To update content counts manually, run the 'Update Content Counts' action."
+          end
         end
 
         def resource_locks

data/app/lib/actions/katello/organization/manifest_delete.rb

@@ -16,10 +16,15 @@ module Actions
             repositories.each do |repo|
               plan_action(Katello::Repository::RefreshRepository, repo)
             end
-            plan_self
+            plan_self(:organization_name => organization.name)
           end
         end
 
+        def run
+          organization = ::Organization.find_by(name: input[:organization_name])
+          organization&.manifest_expiration_date(cached: false) # update organization.manifest_imported? value
+        end
+
         def failure_notification(plan)
           ::Katello::UINotifications::Subscriptions::ManifestDeleteError.deliver!(
             :subject => subject_organization,

data/app/lib/actions/katello/repository/create.rb

@@ -13,10 +13,13 @@ module Actions
 
           org = repository.organization
           sequence do
-            create_action = plan_action(Pulp3::Orchestration::Repository::Create,
-                                        repository, SmartProxy.pulp_primary, force_repo_create)
-
-            return if create_action.error
+            # Container push repositories will already be in pulp. The version_href is
+            # directly updated after a push.
+            unless root.is_container_push
+              create_action = plan_action(Pulp3::Orchestration::Repository::Create,
+                                          repository, SmartProxy.pulp_primary, force_repo_create)
+              return if create_action.error
+            end
 
             # when creating a clone, the following actions are handled by the
             # publish/promote process
@@ -32,13 +35,16 @@ module Actions
               end
             end
 
-            concurrence do
-              plan_self(:repository_id => repository.id, :clone => clone)
-              if !clone && repository.url.present?
-                repository.product.alternate_content_sources.with_type(repository.content_type).each do |acs|
-                  acs.smart_proxies.each do |smart_proxy|
-                    smart_proxy_acs = ::Katello::SmartProxyAlternateContentSource.create(alternate_content_source_id: acs.id, smart_proxy_id: smart_proxy.id, repository_id: repository.id)
-                    plan_action(Pulp3::Orchestration::AlternateContentSource::Create, smart_proxy_acs)
+            # Container push repos do not need metadata generation or ACS (they do not sync)
+            unless root.is_container_push
+              concurrence do
+                plan_self(:repository_id => repository.id, :clone => clone)
+                if !clone && repository.url.present?
+                  repository.product.alternate_content_sources.with_type(repository.content_type).each do |acs|
+                    acs.smart_proxies.each do |smart_proxy|
+                      smart_proxy_acs = ::Katello::SmartProxyAlternateContentSource.create(alternate_content_source_id: acs.id, smart_proxy_id: smart_proxy.id, repository_id: repository.id)
+                      plan_action(Pulp3::Orchestration::AlternateContentSource::Create, smart_proxy_acs)
+                    end
                   end
                 end
               end

data/app/lib/actions/katello/repository/create_root.rb

@@ -2,13 +2,15 @@ module Actions
   module Katello
     module Repository
       class CreateRoot < Actions::EntryAction
-        def plan(root)
+        def plan(root, relative_path = nil)
           root.save!
           repository = ::Katello::Repository.new(:environment => root.organization.library,
                                       :content_view_version => root.organization.library.default_content_view_version,
                                       :root => root)
-          repository.relative_path = repository.custom_repo_path
+          repository.container_repository_name = relative_path
+          repository.relative_path = relative_path || repository.custom_repo_path
           repository.save!
+
           action_subject(repository)
           plan_action(::Actions::Katello::Repository::Create, repository)
         end

data/app/lib/actions/katello/repository/discover.rb

@@ -31,10 +31,17 @@ module Actions
             (on nil do
               unless output[:to_follow].empty?
                 password = decrypt_field(input[:upstream_password])
-                repo_discovery = ::Katello::RepoDiscovery.new(input[:url], input[:content_type],
-                                                              input[:upstream_username], password,
-                                                              input[:search],
-                                                              output[:crawled], output[:repo_urls], output[:to_follow])
+                repo_discovery = ::Katello::RepoDiscovery.class_for(input[:content_type]).new(
+                                                                                                input[:url],
+                                                                                                output[:crawled],
+                                                                                                output[:repo_urls],
+                                                                                                output[:to_follow],
+                                                                                                {
+                                                                                                  upstream_username: input[:upstream_username],
+                                                                                                  upstream_password: password,
+                                                                                                  search: input[:search]
+                                                                                                }
+                                                                                              )
 
                 repo_discovery.run(output[:to_follow].shift)
                 suspend { |suspended_action| world.clock.ping suspended_action, 0.001 }

data/app/lib/actions/katello/upstream_subscriptions/bind_entitlement.rb

@@ -4,7 +4,7 @@ module Actions
       class BindEntitlement < Actions::Base
         def run
           output[:response] = ::Katello::Resources::Candlepin::UpstreamConsumer
-            .bind_entitlement(pool)
+            .bind_entitlement(**pool)
         end
 
         def humanized_name

data/app/lib/actions/pulp3/orchestration/orphan_cleanup/remove_orphans.rb

@@ -14,6 +14,7 @@ module Actions
                   plan_action(Actions::Pulp3::OrphanCleanup::DeleteOrphanRemotes, proxy)
                 end
                 plan_action(Actions::Pulp3::OrphanCleanup::RemoveOrphans, proxy)
+                plan_action(Actions::Pulp3::OrphanCleanup::PurgeCompletedTasks, proxy)
               end
             end
           end

data/app/lib/actions/pulp3/orphan_cleanup/purge_completed_tasks.rb

@@ -0,0 +1,15 @@
+module Actions
+  module Pulp3
+    module OrphanCleanup
+      class PurgeCompletedTasks < Pulp3::AbstractAsyncTask
+        def plan(smart_proxy)
+          plan_self(:smart_proxy_id => smart_proxy.id)
+        end
+
+        def run
+          output[:pulp_tasks] = ::Katello::Pulp3::Api::Core.new(smart_proxy).purge_completed_tasks
+        end
+      end
+    end
+  end
+end

data/app/lib/actions/pulp3/repository/create_publication.rb

@@ -14,6 +14,10 @@ module Actions
         def invoke_external_task
           unless input[:skip_publication_creation]
             repository = ::Katello::Repository.find(input[:repository_id])
+            if repository.root.sha1_checksum?
+              repository.root.remove_sha1_checksum_type
+              repository.root.save!
+            end
             output[:response] = repository.backend_service(smart_proxy).with_mirror_adapter.create_publication
           end
         end