Tim Lauridsen wrote:
seth vidal wrote:
On Wed, 2007-08-15 at 09:10 +0200, Tim Lauridsen wrote:
seth vidal wrote:
Tim,
A while back when we were talking about 3.2.0 and beyond features you
mentioned a patch for yum from someone at ibm to use ssl_certs with
urlgrabber to auth to our repos. I don't see this applied anywhere. Do
you still have it? Would you be willing to commit it if it still works?
I still got it, but it need some changes to Urlgrabber to work, i never
got any comments on the UG patches.
Could you repost them - I'll see what I can do to get the UG maintainer
to come back to talk to us.
-sv
_______________________________________________
Yum-devel mailing list
Yum-devel@linux.duke.edu
https://lists.dulug.duke.edu/mailman/listinfo/yum-devel
Here is the patches.
[UG] :
https://lists.dulug.duke.edu/pipermail/yum-devel/2007-May/003600.html
[YUM] :
https://lists.dulug.duke.edu/pipermail/yum-devel/2007-May/003601.html
Tim
------------------------------------------------------------------------
_______________________________________________
Yum-devel mailing list
Yum-devel@linux.duke.edu
https://lists.dulug.duke.edu/mailman/listinfo/yum-devel
Here is the patches as attachments
Tim
--- urlgrabber-3.1.0/urlgrabber/grabber.py.orig 2006-12-26 13:48:26.000000000 -0500
+++ urlgrabber-3.1.0/urlgrabber/grabber.py 2006-12-26 13:49:02.000000000 -0500
@@ -809,6 +809,7 @@
self.urlparser = URLParser()
self.quote = None
self.ssl_ca_cert = None
+ self.ssl_client_cert = None
self.ssl_context = None
class URLGrabber:
@@ -1045,7 +1046,7 @@
# -------------------------------------------------------
ssl_factory = sslfactory.get_factory(self.opts.ssl_ca_cert,
- self.opts.ssl_context)
+ self.opts.ssl_client_cert, self.opts.ssl_context)
if need_keepalive_handler:
handlers.append(HTTPHandler())
--- urlgrabber-3.1.0/urlgrabber/sslfactory.py.orig 2006-12-26 13:33:48.000000000 -0500
+++ urlgrabber-3.1.0/urlgrabber/sslfactory.py 2006-12-26 14:51:13.000000000 -0500
@@ -34,21 +34,24 @@
class M2SSLFactory:
- def __init__(self, ssl_ca_cert, ssl_context):
- self.ssl_context = self._get_ssl_context(ssl_ca_cert, ssl_context)
+ def __init__(self, ssl_ca_cert, ssl_client_cert, ssl_context):
+ self.ssl_context = self._get_ssl_context(ssl_ca_cert, ssl_client_cert, ssl_context)
- def _get_ssl_context(self, ssl_ca_cert, ssl_context):
+ def _get_ssl_context(self, ssl_ca_cert, ssl_client_cert, ssl_context):
"""
- Create an ssl context using the CA cert file or ssl context.
+ Create a ssl context using the CA cert file and/or the client cert file or ssl context.
- The CA cert is used first if it was passed as an option. If not,
- then the supplied ssl context is used. If no ssl context was supplied,
+ The CA cert and client cert are used first if either or both are passed as an options.
+ If not, then the supplied ssl context is used. If no ssl context was supplied,
None is returned.
"""
- if ssl_ca_cert:
+ if ssl_ca_cert or ssl_client_cert:
context = SSL.Context()
- context.load_verify_locations(ssl_ca_cert)
- context.set_verify(SSL.verify_peer, -1)
+ if ssl_ca_cert:
+ context.load_verify_locations(ssl_ca_cert)
+ context.set_verify(SSL.verify_peer, -1)
+ if ssl_client_cert:
+ context.load_cert(ssl_client_cert)
return context
else:
return ssl_context
@@ -76,10 +79,10 @@
-def get_factory(ssl_ca_cert = None, ssl_context = None):
+def get_factory(ssl_ca_cert = None, ssl_client_cert = None, ssl_context = None):
""" Return an SSLFactory, based on if M2Crypto is available. """
if have_m2crypto:
- return M2SSLFactory(ssl_ca_cert, ssl_context)
+ return M2SSLFactory(ssl_ca_cert, ssl_client_cert, ssl_context)
else:
# Log here if someone provides the args but we don't use them.
if ssl_ca_cert or ssl_context:
--- yum-3.1.6/yum/config.py.orig 2007-04-20 05:10:46.000000000 -0400
+++ yum-3.1.6/yum/config.py 2007-04-20 05:56:16.000000000 -0400
@@ -500,6 +500,7 @@
proxy = UrlOption(schemes=('http', 'ftp', 'https'), allow_none=True)
proxy_username = Option()
proxy_password = Option()
+ client_cert = Option()
installonlypkgs = ListOption(['kernel', 'kernel-bigmem',
'kernel-enterprise','kernel-smp', 'kernel-modules', 'kernel-debug',
'kernel-unsupported', 'kernel-source', 'kernel-devel'])
@@ -553,6 +554,7 @@
proxy_password = Inherit(YumConf.proxy_password)
retries = Inherit(YumConf.retries)
failovermethod = Inherit(YumConf.failovermethod)
+ client_cert = Inherit(YumConf.client_cert)
gpgcheck = Inherit(YumConf.gpgcheck)
keepalive = Inherit(YumConf.keepalive)
--- yum-3.1.6/yum/__init__.py.orig 2007-04-20 05:10:46.000000000 -0400
+++ yum-3.1.6/yum/__init__.py 2007-04-20 06:33:23.000000000 -0400
@@ -2025,7 +2025,7 @@
# Go get the GPG key from the given URL
try:
- rawkey = urlgrabber.urlread(keyurl, limit=9999)
+ rawkey = urlgrabber.urlread(keyurl, limit=9999, ssl_client_cert=self.conf.client_cert)
except urlgrabber.grabber.URLGrabError, e:
raise Errors.YumBaseError('GPG key retrieval failed: ' +
str(e))
--- yum-3.1.6/yum/yumRepo.py.orig 2007-04-20 05:10:46.000000000 -0400
+++ yum-3.1.6/yum/yumRepo.py 2007-04-20 09:48:19.000000000 -0400
@@ -288,9 +288,9 @@
output = '[%s]\n' % self.id
vars = ['name', 'bandwidth', 'enabled', 'enablegroups',
'gpgcheck', 'includepkgs', 'keepalive', 'proxy',
- 'proxy_password', 'proxy_username', 'exclude',
- 'retries', 'throttle', 'timeout', 'mirrorlist',
- 'cachedir', 'gpgkey', 'pkgdir', 'hdrdir']
+ 'proxy_password', 'proxy_username', 'client_cert',
+ 'exclude', 'retries', 'throttle', 'timeout',
+ 'mirrorlist', 'cachedir', 'gpgkey', 'pkgdir', 'hdrdir']
vars.sort()
for attr in vars:
output = output + '%s = %s\n' % (attr, getattr(self, attr))
@@ -368,7 +368,8 @@
interrupt_callback=self.interrupt_callback,
timeout=self.timeout,
http_headers=headers,
- reget='simple')
+ reget='simple',
+ ssl_client_cert=self.client_cert)
self.grab = mgclass(self.grabfunc, self.urls,
@@ -408,7 +409,7 @@
goodurls = []
if self.mirrorlist and not self.mirrorlistparsed:
- mirrorurls = getMirrorList(self.mirrorlist, self.proxy_dict)
+ mirrorurls = getMirrorList(self.mirrorlist, self.proxy_dict, self.client_cert)
self.mirrorlistparsed = 1
for url in mirrorurls:
url = parser.varReplace(url, self.yumvar)
@@ -761,7 +762,7 @@
self.interrupt_callback = callback
self.setupGrab()
-def getMirrorList(mirrorlist, pdict = None):
+def getMirrorList(mirrorlist, pdict = None, client_cert = None):
"""retrieve an up2date-style mirrorlist file from a url,
we also s/$ARCH/$BASEARCH/ and move along
returns a list of the urls from that file"""
@@ -780,7 +781,7 @@
url = mirrorlist
try:
- fo = urlresolver.urlopen(url, proxies=pdict)
+ fo = urlresolver.urlopen(url, proxies=pdict, ssl_client_cert=client_cert)
except urlgrabber.grabber.URLGrabError, e:
print "Could not retrieve mirrorlist %s error was\n%s" % (url, e)
fo = None
_______________________________________________
Yum-devel mailing list
Yum-devel@linux.duke.edu
https://lists.dulug.duke.edu/mailman/listinfo/yum-devel
