[Yum-devel] [PATCH] Add aclpkgs configuration variable

Seth Vidal skvidal at fedoraproject.org
Mon Oct 26 22:09:07 UTC 2009



On Mon, 26 Oct 2009, James Antill wrote:

> ---
> docs/yum.conf.5 |   27 +++++++++++++++++++++++++++
> yum/__init__.py |   43 +++++++++++++++++++++++++++++++++++++++++++
> yum/config.py   |    4 +++-
> 3 files changed, 73 insertions(+), 1 deletions(-)



What does 'mark' and ' wash' mean and what problem is this solving b/c 
you've clearly gotten a bee in your bonnet about something but I have no idea 
what that is.

Is this about the include/exclude list in mock for x86_64?


and if so - why is this called ACLs? What kind of access control list is 
this?

NACK until A LOT more explanation is given.

-sv


>
> diff --git a/docs/yum.conf.5 b/docs/yum.conf.5
> index eab9335..b2b5366 100644
> --- a/docs/yum.conf.5
> +++ b/docs/yum.conf.5
> @@ -111,6 +111,28 @@ separated list.
> Shell globs using wildcards (eg. * and ?) are allowed.
>
> .IP
> +\fBaclpkgs\fR
> +List of ACLs, and if needed packages to match. ACLs are split into 2 or 3 parts,
> +separated by ".". The first part is either: include, exclude, mark or wash. The
> +second part specifies the what you are operatoring on: name, nevr, nevra, arch,
> +blank (meaning the full 7 matches used in exclude/includepkgs) marked, washed
> +and "*". The last part, if needed, says if the match should be a strict
> +equality check or allow shell globs using wildcards (eg. * and ?) are with
> +either: eq or match. There is an implicit "include.*" as the final ACL.
> + Eg. Both these ACLs will exclude 32bit pkgs on x86_64, except glibc.
> +
> +aclpkgs = include.name.eq:glibc exclude.arch.match:i?86
> +.br
> +aclpkgs = mark.washed
> +.br
> +          wash.arch.eq:x86_64 wash.arch.eq:noarch
> +.br
> +          wash.name.eq:glibc
> +.br
> +          exclude.marked
> +.br
> +
> +.IP
> \fBexactarch\fR
> Either `1' or `0'. Set to `1' to make yum update only update the architectures
> of packages that you have installed. ie: with this enabled yum will not install
> @@ -591,6 +613,11 @@ Same as the [main] \fBexclude\fR option but only for this repository.
> Substitution variables, described below, are honored here.
>
> .IP
> +\fBaclpkgs\fR
> +Same as the [main] \fBaclpkgs\fR option but only for this repository.
> +Substitution variables, described below, are honored here.
> +
> +.IP
> \fBincludepkgs\fR
> Inverse of exclude. This is a list of packages you want to use from a
> repository. If this option lists only one package then that is all yum will
> diff --git a/yum/__init__.py b/yum/__init__.py
> index ff5e485..d3c0ee8 100644
> --- a/yum/__init__.py
> +++ b/yum/__init__.py
> @@ -552,6 +552,7 @@ class YumBase(depsolve.Depsolve):
>         self._pkgSack = self.repos.getPackageSack()
>
>         self.excludePackages()
> +        self.aclPackages()
>         self._pkgSack.excludeArchs(archlist)
>
>         #FIXME - this could be faster, too.
> @@ -560,6 +561,7 @@ class YumBase(depsolve.Depsolve):
>         for repo in repos:
>             self.includePackages(repo)
>             self.excludePackages(repo)
> +            self.aclPackages(repo)
>         self.plugins.run('exclude')
>         self._pkgSack.buildIndexes()
>
> @@ -1258,6 +1260,47 @@ class YumBase(depsolve.Depsolve):
>         exid = "yum.includepkgs.3"
>         self.pkgSack.addPackageExcluder(repo.id, exid, 'exclude.marked')
>
> +    def aclPackages(self, repo=None):
> +        """ Allow users to apply somewhat arbitrary ACLs to the pkg list. """
> +
> +        if repo is None:
> +            acllist = self.conf.aclpkgs
> +            repoid = None
> +            exid_beg = 'yum.aclpkgs'
> +        else:
> +            acllist = repo.aclpkgs
> +            repoid = repo.id
> +            exid_beg = 'yum.aclpkgs.' + repoid
> +
> +        if not acllist:
> +            return
> +
> +        acl_end = {'marked' : 1, 'washed' : 1, 'nevr.eq' : 2, '*' : 1}
> +        for acl in ('eq', 'match'):
> +            acl_end['name.'  + acl] = 2
> +            acl_end['arch.'  + acl] = 2
> +            acl_end['nevra.' + acl] = 2
> +            acl_end[acl] = 2
> +        valid_acls = {}
> +        for acl in acl_end:
> +            valid_acls['include.' + acl] = acl_end[acl]
> +            valid_acls['exclude.' + acl] = acl_end[acl]
> +            valid_acls['mark.'    + acl] = acl_end[acl]
> +            valid_acls['wash.'    + acl] = acl_end[acl]
> +        count = 0
> +        for acl_data in acllist:
> +            count += 1
> +            exid = "%s.%u" % (exid_beg, count)
> +            acl_data = acl_data.split(':', 2)
> +            if len(acl_data) != valid_acls.get(acl_data[0], 0):
> +                continue
> +
> +            if len(acl_data) == 2:
> +                acl, val = acl_data
> +                self.pkgSack.addPackageExcluder(repoid, exid, acl, val)
> +            else:
> +                self.pkgSack.addPackageExcluder(repoid, exid, acl_data[0])
> +
>     def doLock(self, lockfile = YUM_PID_FILE):
>         """perform the yum locking, raise yum-based exceptions, not OSErrors"""
>
> diff --git a/yum/config.py b/yum/config.py
> index 2ae7e89..376a478 100644
> --- a/yum/config.py
> +++ b/yum/config.py
> @@ -617,6 +617,7 @@ class YumConf(StartupConf):
>
>     commands = ListOption()
>     exclude = ListOption()
> +    aclpkgs = ListOption()
>     failovermethod = Option('roundrobin')
>     proxy = UrlOption(schemes=('http', 'ftp', 'https'), allow_none=True)
>     proxy_username = Option()
> @@ -733,8 +734,9 @@ class RepoConf(BaseConfig):
>     metalink   = UrlOption()
>     mediaid = Option()
>     gpgkey = UrlListOption()
> -    exclude = ListOption()
> +    exclude = ListOption()     # Should be excludepkgs, but need to migrate
>     includepkgs = ListOption()
> +    aclpkgs = ListOption()
>
>     proxy = Inherit(YumConf.proxy)
>     proxy_username = Inherit(YumConf.proxy_username)
> -- 
> 1.6.2.5
>
> _______________________________________________
> Yum-devel mailing list
> Yum-devel at lists.baseurl.org
> http://lists.baseurl.org/mailman/listinfo/yum-devel
>


More information about the Yum-devel mailing list