[Rpm-metadata] RFE: auto processing of XML files in repodata/ ?
Piete.Brooks at cl.cam.ac.uk
Fri Jan 25 09:13:41 UTC 2008
> auto-adding the files is somewhat of a security hang up.
> It means if anyone can write anything to the repodata dir
... just the once ...
> then those files will continue being propagated w/o my knowing it
... assuming the processing is automatic, or you don't read the output
> and potentially damaging my clients.
I understand the problem.
>> 1) include any .xml[.gz] file which is mentioned in the old repomd.xml
>> 2) include any .xml[.gz] file in the old repodata/
I take it that those two are ruled out.
>> 3) do (1) or (2) if a command line flag is passed to createrepo (-a ?)
Would you be happy with that? The default remains that extra files are
ignored, but if the user explicitly asks "do auto process all XMLs", it will
>> 4) have a built in list of files to look for and auto process
>> 5) allow a list of files which should be looked for, on the command line
>> 6) allow a list of files which should be processed, on the cmd line
> the list might be something that is doable.
Any of the above?
I don't see a config file, so no way to tailor it per site.
> If you feel like sending a patch I'd definitely take a look.
I write perl rather than python. I can (just about) read python, but I suspect
you'd not want anything I wrote in it!
Any use if I wrote in perl or comments the sort of thing I was after?
More information about the Rpm-metadata