[Rpm-metadata] RFE: auto processing of XML files in repodata/ ?
skvidal at fedoraproject.org
Thu Jan 31 07:06:48 UTC 2008
On Fri, 2008-01-25 at 09:13 +0000, Piete Brooks wrote:
> > auto-adding the files is somewhat of a security hang up.
> > It means if anyone can write anything to the repodata dir
> ... just the once ...
> > then those files will continue being propagated w/o my knowing it
> ... assuming the processing is automatic, or you don't read the output
Then why not just script the modifyrepo lines if the process is
> >> 1) include any .xml[.gz] file which is mentioned in the old repomd.xml
> >> 2) include any .xml[.gz] file in the old repodata/
> I take it that those two are ruled out.
more likely than not, yes
> >> 3) do (1) or (2) if a command line flag is passed to createrepo (-a ?)
> Would you be happy with that? The default remains that extra files are
> ignored, but if the user explicitly asks "do auto process all XMLs", it will
> do (1)?
> I don't see a config file, so no way to tailor it per site.
true - a config file would be a bit odd for something as
instance-specific as createrepo.
> > If you feel like sending a patch I'd definitely take a look.
> I write perl rather than python. I can (just about) read python, but I suspect
> you'd not want anything I wrote in it!
> Any use if I wrote in perl or comments the sort of thing I was after?
yah - perl wouldn't be all that helpful.
More information about the Rpm-metadata