[Yum-devel] [PATCH] Do basename checking of ssl cert. files.

seth vidal skvidal at fedoraproject.org
Mon Apr 11 17:29:34 UTC 2011


On Mon, 2011-04-11 at 13:23 -0400, James Antill wrote:
> ---
>  yum/__init__.py |   16 ++++++++++++++++
>  1 files changed, 16 insertions(+), 0 deletions(-)
> 
> diff --git a/yum/__init__.py b/yum/__init__.py
> index cf4d827..1b0e5ba 100644
> --- a/yum/__init__.py
> +++ b/yum/__init__.py
> @@ -597,6 +597,22 @@ class YumBase(depsolve.Depsolve):
>  
> 
>          if doSetup:
> +            if (hasattr(urlgrabber, 'grabber') and
> +                hasattr(urlgrabber.grabber, 'pycurl')):
> +                # Must do basename checking, on cert. files...
> +                cert_basenames = {}
> +                for repo in self._repos:
> +                    bn = os.path.basename(repo.sslclientcert)
> +                    if bn not in cert_basenames:
> +                        cert_basenames[bn] = repo
> +                        continue
> +                    if repo.sslclientcert == cert_basenames[bn].sslclientcert:
> +                        # Exactly the same path is fine too
> +                        continue
> +
> +                    msg = 'sslclientcert basename shared between %s and %s'
> +                    raise Errors.ConfigError, msg % (repo, cert_basenames[bn])
> +
>              repo_st = time.time()        
>              self._repos.doSetup(thisrepo)
>              self.verbose_logger.debug('repo time: %0.3f' % (time.time() - repo_st))        

the patch makes sense but I suspect that error msg is going to need to
be more clear b/c I'm positive no one will know what it meanss.


-sv




More information about the Yum-devel mailing list