[Yum-devel] post 3.2.0 things to think about

Thu May 3 21:00:48 UTC 2007

On Wed, 2007-05-02 at 22:07 -0400, Jeremy Katz wrote:
> On Wed, 2007-05-02 at 13:37 -0400, seth vidal wrote:
> > 1. supporting gpg/x509 signatures detached from repomd.xml on each repo
> > - so we can check the content for validity
> 
> Sounds like a good thing to have
> 
> > 2. yum-util system-sync - to make two systems more or less identical
> > pkg-wise to each other (maybe also spit out a %packages section to a
> > ks.cfg, too)
> 
> Not entirely sure how useful this really is since configuration is also
> a huge part of systems being identical, but meh.

I've been asked for it quite a bit and while i've told folks - no no -
just use kickstart the number of folks who don't want to do that is
oddly larger than I would expect. Mostly folks afraid of messing with
the 'other stuff' on a machine their not familiar with, probably.

> > 3. taking the 'tolerant' config option in yum and using it to implement
> > what the --skip-broken plugin does (more or less) but internal to yum
> 
> Lots of people seem to want this.  I'm not sure I'm sold on it since I'd
> really rather stop the problems before they get to users.  But at the
> same time, we can't really do that for all combinations of repos I
> guess.  The tricky thing will be doing this in a way that can work
> nicely with pirut, yumex, etc

Well we should be able to step around conflicts a bit easier in the
future, I think. Unresolveable deps shouldn't be impossible, either. I
think it's just a matter of making sure we work on the error/results
codes well so pirut,yumex,etc can report things quasi-sensibly.
Alternatively, we can just shove it into the logs :)

> > 5. yum-gate - take the code that rnorwood posted and maybe work on
> > making it more releasable for folks to use as an authenticated yum repo.
> > Alternatively, look at one of the other system-config-mgmt tools to work
> > for that. 
> 
> Yeah, it'd be nice to get something good here.  I think that there are
> likely a lot of people out there who'd jump on it if we put out an easy
> way of doing it

I like what tim just posted of ssl client certs. That makes what
yum-gate does pretty simple. If you combined the client certs with the
yumvars-redefintion we added in 3.1.7 via postconfig hook then you could
do custom repos with authentication. That handles a good portion of
yum-gate - though we could definitely make it simpler to implement
w/some docs.

> > 6. YumBase.install() has a pattern=pkgglob kwarg it takes, remove() and
> > update() don't. I want to fix that. If for no other reason than to make
> > the yum cli code simpler.
> 
> That's just silliness ;-)

I talk w/the crazy!
-sv