On 02/14/2011 07:07 PM, James Antill wrote:
On Mon, 2011-02-14 at 18:37 +0200, Panu Matilainen wrote:
Spotted while looking at something related: commit
e95f16d8342bc4dcdfde6b8858a8704bc4c1bdf8 causes yum to hold the rpmdb
open throughout the remaing package downloads after first signature
check happens. Which wont exactly help catching ctrl-c in timely manner...
Blah. We should have thought thought of that, of course it doesn't help
that C-c has been semi-broken for a while now (and it won't trigger on
rawhide due to no sig checks -- AFAIK this code is only in rawhide, or
the rawhide rebuild repos).
Perhaps the simplest bandaid would be adding an optional argument
sigCheckPkg() to automatically nuke the ts after checking and use it for
the call from within downloadPkgs(). The downside of this is that it'll
cause a bunch of rpmdb re-re-re-opens, depending on the number of repos
and their config. There's no helping that with rpm 4.4.x, but with>=
4.6.x rpm doesn't actually need the database for signature checking, it
uses an in-memory keyring which is only initially populated from the
database.
Yeh, it's probably not worth it ... no sane person has more than 10
repos. which downloaded packages have come from, so I bet it's just
noise even in 4.4.x (and this feature is unlikely to get into RHEL-5
anyway).
Another thought, given that, how bad is it to just always nuke to ts on
4.6.x+?
You certainly don't want to nuke the entire ts for each individual
signature check, as it'd result in rpmdb open+close for every single
package in the transaction. Once per-repo would be "bad enough" (if
bearable) already, especially since its technically completely unnecessary.
Basically the trick with newer rpms is to keep the actual ts, but just
call ts.closeDB() on it once the keyring is loaded. No rocket science,
I'm just trying to figure out how best fit it into the yum ecosystem.
- Panu -
_______________________________________________
Yum-devel mailing list
[email protected]
http://lists.baseurl.org/mailman/listinfo/yum-devel
