On Tue, 14 Feb 2012 16:05:56 -0500 James Antill <[email protected]> wrote:
> --- > docs/yum.conf.5 | 13 +++++++++++++ > yum/__init__.py | 12 ++++++++++++ > yum/config.py | 2 ++ > 3 files changed, 27 insertions(+), 0 deletions(-) > > diff --git a/docs/yum.conf.5 b/docs/yum.conf.5 > index 59bd779..babf66d 100644 > --- a/docs/yum.conf.5 > +++ b/docs/yum.conf.5 > @@ -376,6 +376,15 @@ Path to the SSL client key yum should use to > connect to repos/remote sites Defaults to none. > > .IP > +\fBssl_check_cert_permissions \fR > +Boolean - Whether yum should check the permissions on the paths for > the +certificates on the repository (both remote and local). If we > can't read any of +the files then yum will force skip_if_unavailable > to be true. +This is most useful for non-root processes which use yum > on repos. that have +client cert files which are readable only by > root. +Defaults to True. > + > +.IP > \fBhistory_record \fR > Boolean - should yum record history entries for transactions. This > takes some disk space, and some extra time in the transactions. But > it allows how to know a @@ -843,6 +852,10 @@ repository. > Overrides the \fBsslclientkey\fR option from the [main] section for > this repository. > > +.IP > +\fBssl_check_cert_permissions \fR > +Overrides the \fBssl_check_cert_permissions\fR option from the > [main] section +for this repository. > > .IP > \fBmetadata_expire \fR > diff --git a/yum/__init__.py b/yum/__init__.py > index 29305d2..1ffdc35 100644 > --- a/yum/__init__.py > +++ b/yum/__init__.py > @@ -491,6 +491,18 @@ class YumBase(depsolve.Depsolve): > if validate and not validate(thisrepo): > continue > > + if thisrepo.ssl_check_cert_permissions: > + for fn in (thisrepo.sslcacert, > + thisrepo.sslclientcert, > thisrepo.sslclientkey): > + if not fn: > + continue > + # If we can't read the SSL certs. we need to > skip the repo. > + # if we don't have all the data. > + if not os.access(fn, os.R_OK): > + msg="Repo %s forced skip_if_unavailable=True > due to: %s" > + self.logger.warning(msg % (thisrepo.id, fn)) > + thisrepo.skip_if_unavailable = True > + > # Got our list of repo objects, add them to the repos > # collection > try: > diff --git a/yum/config.py b/yum/config.py > index 3beac89..a683f23 100644 > --- a/yum/config.py > +++ b/yum/config.py > @@ -837,6 +837,7 @@ class YumConf(StartupConf): > sslverify = BoolOption(True) > sslclientcert = Option() > sslclientkey = Option() > + ssl_check_cert_permissions = BoolOption(True) > > history_record = BoolOption(True) > history_record_packages = ListOption(['yum', 'rpm']) > @@ -952,6 +953,7 @@ class RepoConf(BaseConfig): > sslverify = Inherit(YumConf.sslverify) > sslclientcert = Inherit(YumConf.sslclientcert) > sslclientkey = Inherit(YumConf.sslclientkey) > + ssl_check_cert_permissions = Inherit(YumConf.sslclientkey) > > skip_if_unavailable = BoolOption(False) > ACK - makes sense to me. -sv _______________________________________________ Yum-devel mailing list [email protected] http://lists.baseurl.org/mailman/listinfo/yum-devel
