[Yum-devel] [PATCH] ssl patches for new urlgrabber and "proper" ssl support add options matching up to the options that were implemented in the m2crypto patch to yum and urlgrabber that many folks used (centos and rhel5 in particular)

Tim Lauridsen tim.lauridsen at googlemail.com
Sat Aug 15 09:48:53 UTC 2009


On 08/14/2009 07:10 PM, Seth Vidal wrote:
>      sslcacert = Option()
>      sslverify = BoolOption(True)
>      sslclientcert = Option()
>      sslclientkey = Option()
>
> Add these options in to every place we setup a urlgrabber instance.
> ---
>   yum/config.py  |   12 ++++++++++++
>   yum/yumRepo.py |   19 +++++++++++++++++--
>   2 files changed, 29 insertions(+), 2 deletions(-)
>
> diff --git a/yum/config.py b/yum/config.py
> index 75f8581..2f057c3 100644
> --- a/yum/config.py
> +++ b/yum/config.py
> @@ -698,6 +698,12 @@ class YumConf(StartupConf):
>
>       color_search_match = Option('bold')
>
> +    sslcacert = Option()
> +    sslverify = BoolOption(True)
> +    sslclientcert = Option()
> +    sslclientkey = Option()
> +
> +
>       _reposlist = []
>
>   class RepoConf(BaseConfig):
> @@ -751,6 +757,12 @@ class RepoConf(BaseConfig):
>       mdpolicy = Inherit(YumConf.mdpolicy)
>       cost = IntOption(1000)
>
> +    sslcacert = Inherit(YumConf.sslcacert)
> +    sslverify = Inherit(YumConf.sslverify)
> +    sslclientcert = Inherit(YumConf.sslclientcert)
> +    sslclientkey = Inherit(YumConf.sslclientkey)
> +
> +
>   def readStartupConfig(configfile, root):
>       '''
>       Parse Yum's main configuration file and return a StartupConf instance.
> diff --git a/yum/yumRepo.py b/yum/yumRepo.py
> index 12c7d35..fac218a 100644
> --- a/yum/yumRepo.py
> +++ b/yum/yumRepo.py
> @@ -475,7 +475,12 @@ class YumRepository(Repository, config.RepoConf):
>                                       timeout=self.timeout,
>                                       copy_local=self.copy_local,
>                                       http_headers=headers,
> -                                    reget='simple')
> +                                    reget='simple',
> +                                    ssl_verify_peer=self.sslverify,
> +                                    ssl_verify_host=self.sslverify,
> +                                    ssl_ca_cert=self.sslcacert,
> +                                    ssl_cert=self.sslclientcert,
> +                                    ssl_key=self.sslclientkey)
>
>           self._grabfunc.opts.user_agent = default_grabber.opts.user_agent
>
> @@ -667,7 +672,12 @@ class YumRepository(Repository, config.RepoConf):
>                                       retry = self.retries,
>                                       throttle = self.throttle,
>                                       progress_obj = self.callback,
> -                                    proxies=self.proxy_dict)
> +                                    proxies=self.proxy_dict,
> +                                    ssl_verify_peer=self.sslverify,
> +                                    ssl_verify_host=self.sslverify,
> +                                    ssl_ca_cert=self.sslcacert,
> +                                    ssl_cert=self.sslclientcert,
> +                                    ssl_key=self.sslclientkey)
>                       ug.opts.user_agent = default_grabber.opts.user_agent
>                       result = ug.urlgrab(url, local, text=self.id + "/metalink")
>
> @@ -770,6 +780,11 @@ class YumRepository(Repository, config.RepoConf):
>                               timeout=self.timeout,
>                               checkfunc=checkfunc,
>                               http_headers=headers,
> +                            ssl_verify_peer=self.sslverify,
> +                            ssl_verify_host=self.sslverify,
> +                            ssl_ca_cert=self.sslcacert,
> +                            ssl_cert=self.sslclientcert,
> +                            ssl_key=self.sslclientkey
>                               )
>
>               ug.opts.user_agent = default_grabber.opts.user_agent


The patch looks fine, but maybe you should add an require python-urlgrabber >= x.xx to yum.spec, where x.xx is the 
urlgrabber contain the ssl cert changes, just to not forget it a release time.

Tim


More information about the Yum-devel mailing list