[zypp-devel] [PROPOSAL] mirror list, url variables
Reference: http://lists.opensuse.org/zypp-devel/2007-06/msg00006.html In order to implement url variables, and mirror list, which I don't consideer features but semantics we have to implement to "follow" the repoinfo standard, I would like to propose a way to implement url variables and a simple way to extend them. - mirrorlist: easy, we just need to download the list in repomanager and read the urls when refreshing the source or downloading packages. - url variables: easy, we do substitution inside repomanager before downloading data. - url variables "plugins": -> provide the basc ones built-in (arch, releasever, etc) -> in zypp.conf [url-variables] foo=/somescript.sh or by convention (just drop a script in /etc/zypp/urlvars/foo ) What do you think? Duncan -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
Dňa Po 11. Jún 2007 16:31 Duncan Mac-Vicar Prett napísal:
Reference: http://lists.opensuse.org/zypp-devel/2007-06/msg00006.html
In order to implement url variables, and mirror list, which I don't consideer features but semantics we have to implement to "follow" the repoinfo standard, I would like to propose a way to implement url variables and a simple way to extend them.
- mirrorlist: easy, we just need to download the list in repomanager and read the urls when refreshing the source or downloading packages.
How will the mirrorlist handled from application POV? Will a user be able to pick it manually, or do we assume automatic (fallback) handling only?
- url variables: easy, we do substitution inside repomanager before downloading data.
- url variables "plugins": -> provide the basc ones built-in (arch, releasever, etc) -> in zypp.conf [url-variables] foo=/somescript.sh
or by convention (just drop a script in /etc/zypp/urlvars/foo )
I expect the location to be root-writeable only ;-) This might be a big security hole if done improperly. Stano -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Mon, Jun 11, 2007 at 04:46:50PM +0200, Stanislav Višňovský wrote:
Dňa Po 11. Jún 2007 16:31 Duncan Mac-Vicar Prett napísal:
- url variables "plugins": -> provide the basc ones built-in (arch, releasever, etc) -> in zypp.conf [url-variables] foo=/somescript.sh
or by convention (just drop a script in /etc/zypp/urlvars/foo )
I expect the location to be root-writeable only ;-) This might be a big security hole if done improperly.
Yes, remember that with yast2-metapackage-handler.rpm and related browser enablement, the user can cause much processing of untrusted data before being asked for confirmation. We should explicitly drop root privileges for the variable plugins, plus watch out for a DoS. -- Martin Vidner, YaST developer http://en.opensuse.org/User:Mvidner Kuracke oddeleni v restauraci je jako fekalni oddeleni v bazenu -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Mon, Jun 11, 2007 at 05:01:11PM +0200, Martin Vidner wrote:
On Mon, Jun 11, 2007 at 04:46:50PM +0200, Stanislav Vi????ovský wrote:
D??a Po 11. Jún 2007 16:31 Duncan Mac-Vicar Prett napísal:
- url variables "plugins": -> provide the basc ones built-in (arch, releasever, etc) -> in zypp.conf [url-variables] foo=/somescript.sh
or by convention (just drop a script in /etc/zypp/urlvars/foo )
I expect the location to be root-writeable only ;-) This might be a big security hole if done improperly.
Yes, remember that with yast2-metapackage-handler.rpm and related browser enablement, the user can cause much processing of untrusted data before being asked for confirmation.
We should explicitly drop root privileges for the variable plugins, plus watch out for a DoS.
Hmm. This is problematic as my system id plugin requires root privileges to do its job. Not sure exactly what you are proposing here, but it may affect me. As a point of comparison, when my plugin is run on yum as non-root, it simply doesnt fill in the variable. This is ok, as yum is always run as root to do actual package install. I dont know enough about zypp to make the same statement there. Is package install only done by root? If so, will the plugins have root permissions? -- Michael -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
On Mon, Jun 11, 2007 at 04:31:40PM +0200, Duncan Mac-Vicar Prett wrote:
Reference: http://lists.opensuse.org/zypp-devel/2007-06/msg00006.html
In order to implement url variables, and mirror list, which I don't consideer features but semantics we have to implement to "follow" the repoinfo standard, I would like to propose a way to implement url variables and a simple way to extend them.
- mirrorlist: easy, we just need to download the list in repomanager and read the urls when refreshing the source or downloading packages.
Sounds good to me. FYI, yum does automatic failover on: -- repomd checksums dont match (ex. not-fully-synced repo) -- download failure for individual RPMs That I know of.
- url variables: easy, we do substitution inside repomanager before downloading data.
- url variables "plugins": -> provide the basc ones built-in (arch, releasever, etc) -> in zypp.conf [url-variables] foo=/somescript.sh
1) I would not want to modify a global config file to add my plugin. It is ugly to do from within an RPM install script. Would rather just drop files. (proposal below) 2) Need an API definition for how the script will tell zypp which variables it wants to define. (no ideas here)
or by convention (just drop a script in /etc/zypp/urlvars/foo )
1) Scripts in /etc/ are not good. 2) Would need a way to disable them... How about: plugins wherever (/usr/lib/zypp-plugins/) config files per-plugin in /etc/zypp.plugins.d/. Each plugin has a: [main] enable={0|1} this is parsed by yum, not the plugin. Then the plugin can use the rest of the file for its needs. -- Michael -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org
participants (4)
-
Duncan Mac-Vicar Prett
-
Martin Vidner
-
Michael E Brown
-
Stanislav Visnovsky