[yum-commits] plugins/puppetverify yum-utils.spec

skvidal at osuosl.org skvidal at osuosl.org
Fri May 20 21:48:15 UTC 2011


 plugins/puppetverify/puppetverify.conf |    5 ++
 plugins/puppetverify/puppetverify.py   |   72 +++++++++++++++++++++++++++++++++
 yum-utils.spec                         |   18 ++++++++
 3 files changed, 95 insertions(+)

New commits:
commit 060e4a9cf9452212dbdba6a40ae5f0b0594415e2
Author: Seth Vidal <skvidal at fedoraproject.org>
Date:   Fri May 20 17:47:23 2011 -0400

    add puppetverify plugin

diff --git a/plugins/puppetverify/puppetverify.conf b/plugins/puppetverify/puppetverify.conf
new file mode 100644
index 0000000..4fb627e
--- /dev/null
+++ b/plugins/puppetverify/puppetverify.conf
@@ -0,0 +1,5 @@
+[main]
+enabled=1
+puppet_state_file = /var/lib/puppet/state/state.yaml
+
+
diff --git a/plugins/puppetverify/puppetverify.py b/plugins/puppetverify/puppetverify.py
new file mode 100644
index 0000000..a557cba
--- /dev/null
+++ b/plugins/puppetverify/puppetverify.py
@@ -0,0 +1,72 @@
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Library General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+# Copyright 2011 Red Hat, Inc
+# written by Seth Vidal <skvidal at fedoraproject.org>
+
+# this plugin will modify the verify checks with the checksums
+# from the files in puppet - so you don't get false positives versus 
+# what puppet thinks the file should be.
+
+
+from yum.plugins import TYPE_CORE
+from yum.constants import *
+import yaml
+import os
+
+
+def generic_string_constructor(loader, node):          
+   return loader.construct_scalar(node)       
+
+yaml.add_constructor(u'!ruby/sym', generic_string_constructor)
+
+
+
+requires_api_version = '2.4'
+plugin_type = (TYPE_CORE,)
+yaml_data = {}
+
+
+def get_checksum(thisfn):
+    global yaml_data
+    if os.path.exists(puppet_state_file):
+        if not yaml_data:
+            yaml_data = yaml.load(open(puppet_state_file, 'r').read())
+            
+        p_fn = "File[%s]" % thisfn
+        if p_fn not in yaml_data:
+            return
+
+        v = yaml_data[p_fn]
+        if 'checksums' in v:
+            if 'md5' in v['checksums']: # are puppet checksums in anything else?
+                csum = v['checksums']['md5'].replace('{md5}', '')
+            return ('md5', csum)
+
+
+def verify_package_hook(conduit):
+    for i in conduit.verify_package:
+        results = get_checksum(i.filename)
+        if not results: continue
+        i.digest = results # tuple(csumtype, csum)
+        # you can set other values like file mode, size, date, etc here
+        
+   
+def config_hook(conduit):
+    '''
+    Yum Plugin Config Hook: 
+    '''
+    global puppet_state_file
+    puppet_state_file = conduit.confString('main', 'puppet_state_file', default='/var/lib/puppet/state/state.yaml')
+
diff --git a/yum-utils.spec b/yum-utils.spec
index 19c2f8b..f7eb566 100644
--- a/yum-utils.spec
+++ b/yum-utils.spec
@@ -367,6 +367,17 @@ When this plugin is installed it adds the yum command "ps", which allows you
 to see which running processes are accociated with which packages (and if they
 need rebooting, or have updates, etc.)
 
+%package -n yum-plugin-puppetverify
+Summary: Yum plugin to add puppet checksums to verify data
+Group: System Environment/Base
+Provides: yum-puppetverify = %{version}-%{release}
+Requires: yum >= 3.2.12
+Requires: PyYaml >= 3.09
+Requires: puppet
+
+%description -n yum-plugin-puppetverify
+Supplies checksums for files in packages from puppet's state file. 
+
 %prep
 %setup -q
 
@@ -404,6 +415,7 @@ plugins="\
  local \
  fs-snapshot \
  ps \
+ puppetverify \
 "
 
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/yum/pluginconf.d/ $RPM_BUILD_ROOT/usr/lib/yum-plugins/
@@ -658,6 +670,12 @@ fi
 %config(noreplace) %{_sysconfdir}/yum/pluginconf.d/ps.conf
 /usr/lib/yum-plugins/ps.*
 
+%files -n yum-plugin-puppetverify
+%defattr(-, root, root)
+%doc COPYING
+%config(noreplace) %{_sysconfdir}/yum/pluginconf.d/puppetverify.conf
+/usr/lib/yum-plugins/puppetverify.*
+
 %changelog
 * Thu Jan 13 2011 Tim Lauridsen <timlau at fedoraproject.org> 
 - mark as 1.1.30 


More information about the Yum-commits mailing list