From f84e7260a6c318b48fa1d5b3b1db5d3bd9f33f56 Mon Sep 17 00:00:00 2001
From: Gerrod Ubben <gerrodubben@gmail.com>
Date: Wed, 25 Feb 2026 21:24:23 -0500
Subject: [PATCH] Turn off TUF metadata update on provenance verification

---
 pulp_python/app/provenance.py  | 2 +-
 pulp_python/app/serializers.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/pulp_python/app/provenance.py b/pulp_python/app/provenance.py
index ad46dfc0..41e1c206 100644
--- a/pulp_python/app/provenance.py
+++ b/pulp_python/app/provenance.py
@@ -58,7 +58,7 @@ class Provenance(BaseModel):
     attestation_bundles: list[AttestationBundle]
 
 
-def verify_provenance(filename, sha256, provenance, offline=False):
+def verify_provenance(filename, sha256, provenance, offline=True):
     """Verify the provenance object is valid for the package."""
     dist = Distribution(name=filename, digest=sha256)
     for bundle in provenance.attestation_bundles:
diff --git a/pulp_python/app/serializers.py b/pulp_python/app/serializers.py
index 47a8b41d..38db2005 100644
--- a/pulp_python/app/serializers.py
+++ b/pulp_python/app/serializers.py
@@ -352,7 +352,7 @@ def validate_attestations(self, value):
             raise serializers.ValidationError(_("Invalid attestations: {}".format(e)))
         return attestations
 
-    def handle_attestations(self, filename, sha256, attestations, offline=False):
+    def handle_attestations(self, filename, sha256, attestations, offline=True):
         """Handle converting attestations to a Provenance object."""
         user = get_current_authenticated_user()
         publisher = AnyPublisher(kind="Pulp User", prn=get_prn(user))