[Yum-devel] Yumgate plugin and server

Jack Neely jjneely at ncsu.edu
Mon Nov 6 23:57:10 UTC 2006 

On Mon, Nov 06, 2006 at 05:02:50PM -0500, Robin Norwood wrote:
> Hi,
> 
> I've spent a few days working out a method for an authenticated yum
> repository, along with a client plugin to authenticate against it.  I
> have an initial version available at:
> 
> https://yumgate.108.redhat.com/
> 
> The idea is that I want to be able to prevent users from using a yum
> repository unless they provide a magic token.  When a yumgate-enabled
> repository is used, yumgate-client provides the registration token, and
> 'registers' the system against the server.  For subsequent requests, the
> plugin provides a unique identifier and gets back a session token.  That
> session token is inserted into the headers of the rest of the requests.
> 
> This may seem a little overcomplicated at first glance, but the idea is
> to make the 'registration' and 'create session' tokens over https -
> protecting the 'secret' tokens.  Normal yum requests can then go over
> http for speed.
> 
> I picked straight mod_python and pgsql for the server side - this app
> should be lightweight enough that one of the various frameworks would be
> overkill.
> 
> Still a bunch to do to get it useful.  It isn't in an easily installable
> or usable state right now, but it works once the server is set up and
> the client is given the registration token.  I wanted to get it out
> there for people to look over and give feedback regarding the idea and
> the direction I'm taking.  I'll be working on cleaning it up, providing
> an easy way to install it, and better error handling over the next few
> days.
> 
> One technical question: I initially was looking to subclass
> YumRepository, but I wasn't able to get it to work.  Is there a way to
> do this?  Unfortunately I don't remember exactly the error I was
> getting, but I was trying to look up a repository, and if it was a
> 'yumgate' repo, wrap it in my subclass and insert it back into the list
> of repositories.
> 
> For now setting repo.http_headers does what I want, but I
> haven't worked out how error handling will work (for instance, if the
> session expires, the client should just try to generate a new session).
> 
> Thanks,
> 
> -RN
> 
> -- 
> Robin Norwood
> Red Hat, Inc.
> 
> "The Sage does nothing, yet nothing remains undone."
> -Lao Tzu, Te Tao Ching
> _______________________________________________
> Yum-devel mailing list
> Yum-devel at linux.duke.edu
> https://lists.dulug.duke.edu/mailman/listinfo/yum-devel

Greetings Robin,

You seem to be working along a similar path as I.  I am very interested
in creating an open source solution to having strongly authenticated Yum
repositories much like what you have setup.  Also, web based management
tools, and client tracking/logging, and a flexible permissions
management system are very valuable to me...and I hope others.  :-)

I'm the maintainer of Current at

    http://current.tigris.org/

SVN has the beginnings of lots of things including support for Yum 3.0.
Trunk works with MySQL, the last devel release should work with SQLite
and MySQL.  Postgres is in there too and will work once development
nears a new stable release.

Perhaps you might be interested in some of the code or in working
together?

Jack Neely

-- 
Jack Neely <jjneely at ncsu.edu>
Campus Linux Services Project Lead
Information Technology Division, NC State University
GPG Fingerprint: 1917 5AC1 E828 9337 7AA4  EA6B 213B 765F 3B6A 5B89

More information about the Yum-devel mailing list