[Yum-devel] [PATCH] Add aclpkgs configuration variable
Seth Vidal
skvidal at fedoraproject.org
Mon Oct 26 22:09:07 UTC 2009
On Mon, 26 Oct 2009, James Antill wrote:
> ---
> docs/yum.conf.5 | 27 +++++++++++++++++++++++++++
> yum/__init__.py | 43 +++++++++++++++++++++++++++++++++++++++++++
> yum/config.py | 4 +++-
> 3 files changed, 73 insertions(+), 1 deletions(-)
What does 'mark' and ' wash' mean and what problem is this solving b/c
you've clearly gotten a bee in your bonnet about something but I have no idea
what that is.
Is this about the include/exclude list in mock for x86_64?
and if so - why is this called ACLs? What kind of access control list is
this?
NACK until A LOT more explanation is given.
-sv
>
> diff --git a/docs/yum.conf.5 b/docs/yum.conf.5
> index eab9335..b2b5366 100644
> --- a/docs/yum.conf.5
> +++ b/docs/yum.conf.5
> @@ -111,6 +111,28 @@ separated list.
> Shell globs using wildcards (eg. * and ?) are allowed.
>
> .IP
> +\fBaclpkgs\fR
> +List of ACLs, and if needed packages to match. ACLs are split into 2 or 3 parts,
> +separated by ".". The first part is either: include, exclude, mark or wash. The
> +second part specifies the what you are operatoring on: name, nevr, nevra, arch,
> +blank (meaning the full 7 matches used in exclude/includepkgs) marked, washed
> +and "*". The last part, if needed, says if the match should be a strict
> +equality check or allow shell globs using wildcards (eg. * and ?) are with
> +either: eq or match. There is an implicit "include.*" as the final ACL.
> + Eg. Both these ACLs will exclude 32bit pkgs on x86_64, except glibc.
> +
> +aclpkgs = include.name.eq:glibc exclude.arch.match:i?86
> +.br
> +aclpkgs = mark.washed
> +.br
> + wash.arch.eq:x86_64 wash.arch.eq:noarch
> +.br
> + wash.name.eq:glibc
> +.br
> + exclude.marked
> +.br
> +
> +.IP
> \fBexactarch\fR
> Either `1' or `0'. Set to `1' to make yum update only update the architectures
> of packages that you have installed. ie: with this enabled yum will not install
> @@ -591,6 +613,11 @@ Same as the [main] \fBexclude\fR option but only for this repository.
> Substitution variables, described below, are honored here.
>
> .IP
> +\fBaclpkgs\fR
> +Same as the [main] \fBaclpkgs\fR option but only for this repository.
> +Substitution variables, described below, are honored here.
> +
> +.IP
> \fBincludepkgs\fR
> Inverse of exclude. This is a list of packages you want to use from a
> repository. If this option lists only one package then that is all yum will
> diff --git a/yum/__init__.py b/yum/__init__.py
> index ff5e485..d3c0ee8 100644
> --- a/yum/__init__.py
> +++ b/yum/__init__.py
> @@ -552,6 +552,7 @@ class YumBase(depsolve.Depsolve):
> self._pkgSack = self.repos.getPackageSack()
>
> self.excludePackages()
> + self.aclPackages()
> self._pkgSack.excludeArchs(archlist)
>
> #FIXME - this could be faster, too.
> @@ -560,6 +561,7 @@ class YumBase(depsolve.Depsolve):
> for repo in repos:
> self.includePackages(repo)
> self.excludePackages(repo)
> + self.aclPackages(repo)
> self.plugins.run('exclude')
> self._pkgSack.buildIndexes()
>
> @@ -1258,6 +1260,47 @@ class YumBase(depsolve.Depsolve):
> exid = "yum.includepkgs.3"
> self.pkgSack.addPackageExcluder(repo.id, exid, 'exclude.marked')
>
> + def aclPackages(self, repo=None):
> + """ Allow users to apply somewhat arbitrary ACLs to the pkg list. """
> +
> + if repo is None:
> + acllist = self.conf.aclpkgs
> + repoid = None
> + exid_beg = 'yum.aclpkgs'
> + else:
> + acllist = repo.aclpkgs
> + repoid = repo.id
> + exid_beg = 'yum.aclpkgs.' + repoid
> +
> + if not acllist:
> + return
> +
> + acl_end = {'marked' : 1, 'washed' : 1, 'nevr.eq' : 2, '*' : 1}
> + for acl in ('eq', 'match'):
> + acl_end['name.' + acl] = 2
> + acl_end['arch.' + acl] = 2
> + acl_end['nevra.' + acl] = 2
> + acl_end[acl] = 2
> + valid_acls = {}
> + for acl in acl_end:
> + valid_acls['include.' + acl] = acl_end[acl]
> + valid_acls['exclude.' + acl] = acl_end[acl]
> + valid_acls['mark.' + acl] = acl_end[acl]
> + valid_acls['wash.' + acl] = acl_end[acl]
> + count = 0
> + for acl_data in acllist:
> + count += 1
> + exid = "%s.%u" % (exid_beg, count)
> + acl_data = acl_data.split(':', 2)
> + if len(acl_data) != valid_acls.get(acl_data[0], 0):
> + continue
> +
> + if len(acl_data) == 2:
> + acl, val = acl_data
> + self.pkgSack.addPackageExcluder(repoid, exid, acl, val)
> + else:
> + self.pkgSack.addPackageExcluder(repoid, exid, acl_data[0])
> +
> def doLock(self, lockfile = YUM_PID_FILE):
> """perform the yum locking, raise yum-based exceptions, not OSErrors"""
>
> diff --git a/yum/config.py b/yum/config.py
> index 2ae7e89..376a478 100644
> --- a/yum/config.py
> +++ b/yum/config.py
> @@ -617,6 +617,7 @@ class YumConf(StartupConf):
>
> commands = ListOption()
> exclude = ListOption()
> + aclpkgs = ListOption()
> failovermethod = Option('roundrobin')
> proxy = UrlOption(schemes=('http', 'ftp', 'https'), allow_none=True)
> proxy_username = Option()
> @@ -733,8 +734,9 @@ class RepoConf(BaseConfig):
> metalink = UrlOption()
> mediaid = Option()
> gpgkey = UrlListOption()
> - exclude = ListOption()
> + exclude = ListOption() # Should be excludepkgs, but need to migrate
> includepkgs = ListOption()
> + aclpkgs = ListOption()
>
> proxy = Inherit(YumConf.proxy)
> proxy_username = Inherit(YumConf.proxy_username)
> --
> 1.6.2.5
>
> _______________________________________________
> Yum-devel mailing list
> Yum-devel at lists.baseurl.org
> http://lists.baseurl.org/mailman/listinfo/yum-devel
>
More information about the Yum-devel
mailing list