[Yum-devel] A new ctrl-c gotcha/regression
seth vidal
skvidal at fedoraproject.org
Mon Feb 14 17:42:31 UTC 2011
On Mon, 2011-02-14 at 19:40 +0200, Panu Matilainen wrote:
> On 02/14/2011 07:07 PM, James Antill wrote:
> > On Mon, 2011-02-14 at 18:37 +0200, Panu Matilainen wrote:
> >> Spotted while looking at something related: commit
> >> e95f16d8342bc4dcdfde6b8858a8704bc4c1bdf8 causes yum to hold the rpmdb
> >> open throughout the remaing package downloads after first signature
> >> check happens. Which wont exactly help catching ctrl-c in timely manner...
> >
> > Blah. We should have thought thought of that, of course it doesn't help
> > that C-c has been semi-broken for a while now (and it won't trigger on
> > rawhide due to no sig checks -- AFAIK this code is only in rawhide, or
> > the rawhide rebuild repos).
> >
> >> Perhaps the simplest bandaid would be adding an optional argument
> >> sigCheckPkg() to automatically nuke the ts after checking and use it for
> >> the call from within downloadPkgs(). The downside of this is that it'll
> >> cause a bunch of rpmdb re-re-re-opens, depending on the number of repos
> >> and their config. There's no helping that with rpm 4.4.x, but with>=
> >> 4.6.x rpm doesn't actually need the database for signature checking, it
> >> uses an in-memory keyring which is only initially populated from the
> >> database.
> >
> > Yeh, it's probably not worth it ... no sane person has more than 10
> > repos. which downloaded packages have come from, so I bet it's just
> > noise even in 4.4.x (and this feature is unlikely to get into RHEL-5
> > anyway).
> >
> > Another thought, given that, how bad is it to just always nuke to ts on
> > 4.6.x+?
>
> You certainly don't want to nuke the entire ts for each individual
> signature check, as it'd result in rpmdb open+close for every single
> package in the transaction. Once per-repo would be "bad enough" (if
> bearable) already, especially since its technically completely unnecessary.
>
> Basically the trick with newer rpms is to keep the actual ts, but just
> call ts.closeDB() on it once the keyring is loaded. No rocket science,
> I'm just trying to figure out how best fit it into the yum ecosystem.
>
/me adds another item in favor of detached sigs and/or x509 sigs instead
of going through rpm for all of it.
-sv
More information about the Yum-devel
mailing list