[yum-git] plugins/tmprepo
James Antill
james at linux.duke.edu
Fri Jul 25 16:08:40 UTC 2008
plugins/tmprepo/tmprepo.conf | 7 ++++--
plugins/tmprepo/tmprepo.py | 50 ++++++++++++++++++++++++++++++++++---------
2 files changed, 45 insertions(+), 12 deletions(-)
New commits:
commit dc7958219611f7e2058a7ae13697dc76259dea79
Author: James Antill <james at and.org>
Date: Fri Jul 25 12:07:23 2008 -0400
Merge the gpgcheck upstream config. changes into tmprepo
diff --git a/plugins/tmprepo/tmprepo.conf b/plugins/tmprepo/tmprepo.conf
index f5e3b83..a3d51ef 100644
--- a/plugins/tmprepo/tmprepo.conf
+++ b/plugins/tmprepo/tmprepo.conf
@@ -1,5 +1,8 @@
[main]
enabled=1
-# You can uncomment this to allow tmporary repositories to disable/alter
+# You can uncomment this to allow tmporary repositories to disable/alter
# gpg checking. This is not recommended.
-# gpgcheck=false
+# You might want to use remote_gpgcheck=packages, but if you do understand
+# what the security implications are.
+# remote_gpgcheck=repository
+# local_gpgcheck=packages
diff --git a/plugins/tmprepo/tmprepo.py b/plugins/tmprepo/tmprepo.py
index 7d3daeb..845cfc4 100644
--- a/plugins/tmprepo/tmprepo.py
+++ b/plugins/tmprepo/tmprepo.py
@@ -39,12 +39,33 @@ plugin_type = (TYPE_INTERACTIVE,)
def make_validate(log, gpgcheck):
def tvalidate(repo):
- if gpgcheck:
-
- # Don't allow them to set gpgcheck=False
- if not repo.gpgcheck:
+ if gpgcheck.lower() not in ('false', 'no', '0'):
+
+ if gpgcheck.lower() not in ('packages', 'pkgs',
+ '1', 'yes', 'true',
+ 'repo', 'repository'):
+ log.warn("GPGcheck set to unknown value: %s" % gpgcheck)
+ return False
+
+ if repo.gpgcheck not in ('packages', 'true', 'repo'):
+ log.warn("Repo %s GPGcheck set to unknown value: %s" %
+ (repo, gpgcheck))
+ return False
+
+ # Don't ever allow them to set gpgcheck='false'
+ if repo.gpgcheck == 'false':
log.warn("Repo %s tried to set gpgcheck=false" % repo)
return False
+
+ # Now do the more complicated comparisons...
+ if (gpgcheck.lower() in ('packages', 'pkgs', '1', 'yes', 'true') and
+ repo.gpgcheck == 'repo'):
+ log.warn("Repo %s tried to set gpgcheck=repository" % repo)
+ return False
+ if (gpgcheck.lower() in ('repository', 'repo', '1', 'yes', 'true') and
+ repo.gpgcheck == 'packages'):
+ log.warn("Repo %s tried to set gpgcheck=packages" % repo)
+ return False
# Don't allow them to set gpgkey=anything
for key in repo.gpgkey:
@@ -96,7 +117,7 @@ def add_dir_repo(base, trepo, cleanup):
name=Tmp. repo. for %(path)s
baseurl=file:%(dname)s
enabled=1
-gpgcheck=1
+gpgcheck=packages
metadata_expire=0
# Make cost smaller, as we know it's "local" ... if this isn't good just create
# your own .repo file. ... then you won't need to createrepo each run either.
@@ -117,12 +138,15 @@ cost=500
AutoCleanupDir("%s/%s" % (base.conf.cachedir, repoid))
return tmp_fname
-def add_repos(base, log, tmp_repos, tvalidate, cleanup_dir_temp):
+def add_repos(base, log, tmp_repos, tvalidate, tlocvalidate, cleanup_dir_temp):
""" Add temporary repos to yum. """
# Don't use self._splitArg()? ... or require URLs without commas?
for trepo in tmp_repos:
if trepo.startswith("/"):
trepo = "file:%s" % trepo
+ validate = tvalidate
+ if trepo.startswith("file:"):
+ validate = tlocvalidate
if trepo.startswith("file:") and trepo.endswith("/"):
if not os.path.isdir(trepo[len("file:"):]):
log.warn("Failed to find directory " + trepo[len("file:"):])
@@ -139,19 +163,21 @@ def add_repos(base, log, tmp_repos, tvalidate, cleanup_dir_temp):
log.warn("Failed to retrieve " + trepo)
continue
- base.getReposFromConfigFile(fname, validate=tvalidate)
+ base.getReposFromConfigFile(fname, validate=validate)
added = True
# Just do it all again...
base.setupProgressCallbacks()
-my_gpgcheck = True
+rgpgcheck = 'repo' # Remote
+lgpgcheck = 'packages'
def config_hook(conduit):
'''
Yum Plugin Config Hook:
Add the --tmprepo option.
'''
- global my_gpgcheck
+ global rgpgcheck
+ global lgpgcheck
global def_tmp_repos_cleanup
parser = conduit.getOptParser()
@@ -166,7 +192,10 @@ def config_hook(conduit):
parser.add_option("--tmprepo-keep-created", action='store_true',
dest='tmp_repos_cleanup', default=False,
help="keep created direcotry based tmp. repos.")
- my_gpgcheck = conduit.confBool('main', 'gpgcheck', default=True)
+ # We default to repository for actual repo files, because that's the most
+ # secure, but packages for local dirs./files
+ rgpgcheck = conduit.confString('main', 'remote_gpgcheck', default='repo')
+ lgpgcheck = conduit.confString('main', 'local_gpgcheck', default='packages')
def_tmp_repos_cleanup = conduit.confBool('main', 'cleanup', default=False)
_tmprepo_done = False
@@ -187,4 +216,5 @@ def prereposetup_hook(conduit):
log = logging.getLogger("yum.verbose.main")
add_repos(conduit._base, log, opts.tmp_repos,
make_validate(log, my_gpgcheck),
+ make_validate(log, my_dgpgcheck),
not (opts.tmp_repos_cleanup or def_tmp_repos_cleanup))
More information about the Yum-cvs-commits
mailing list