[Yum-devel] [PATCH] Do basename checking of ssl cert. files.
seth vidal
skvidal at fedoraproject.org
Mon Apr 11 17:29:34 UTC 2011
On Mon, 2011-04-11 at 13:23 -0400, James Antill wrote:
> ---
> yum/__init__.py | 16 ++++++++++++++++
> 1 files changed, 16 insertions(+), 0 deletions(-)
>
> diff --git a/yum/__init__.py b/yum/__init__.py
> index cf4d827..1b0e5ba 100644
> --- a/yum/__init__.py
> +++ b/yum/__init__.py
> @@ -597,6 +597,22 @@ class YumBase(depsolve.Depsolve):
>
>
> if doSetup:
> + if (hasattr(urlgrabber, 'grabber') and
> + hasattr(urlgrabber.grabber, 'pycurl')):
> + # Must do basename checking, on cert. files...
> + cert_basenames = {}
> + for repo in self._repos:
> + bn = os.path.basename(repo.sslclientcert)
> + if bn not in cert_basenames:
> + cert_basenames[bn] = repo
> + continue
> + if repo.sslclientcert == cert_basenames[bn].sslclientcert:
> + # Exactly the same path is fine too
> + continue
> +
> + msg = 'sslclientcert basename shared between %s and %s'
> + raise Errors.ConfigError, msg % (repo, cert_basenames[bn])
> +
> repo_st = time.time()
> self._repos.doSetup(thisrepo)
> self.verbose_logger.debug('repo time: %0.3f' % (time.time() - repo_st))
the patch makes sense but I suspect that error msg is going to need to
be more clear b/c I'm positive no one will know what it meanss.
-sv
More information about the Yum-devel
mailing list