From 184fe8dd1be9da20e06adfb8e6037bf442bd2ef4 Mon Sep 17 00:00:00 2001 From: Ed Bartosh Date: Wed, 14 Dec 2011 17:01:19 +0200 Subject: [PATCH] Implemented repository option --ssl_verify --- README.rst | 3 ++- distfiles/mic.conf | 1 + mic/imager/baseimager.py | 7 ++++-- mic/kickstart/__init__.py | 7 +++++- mic/kickstart/custom_commands/moblinrepo.py | 8 ++++++- mic/utils/misc.py | 2 ++ plugins/backend/yumpkgmgr.py | 34 ++++++++++++++++++++--------- plugins/backend/zypppkgmgr.py | 7 +++++- tests/mic_cases/base/test.conf | 1 + 9 files changed, 54 insertions(+), 16 deletions(-) diff --git a/README.rst b/README.rst index c5cfc31..86563d6 100644 --- a/README.rst +++ b/README.rst @@ -160,7 +160,8 @@ The blow is the content of one sample file: :: ; proxy = http://proxy.yourcompany.com:8080/ ; no_proxy = localhost,127.0.0.0/8,.yourcompany.com - + ; ssl_verify = no + [convert] ; settings for convert subcommand diff --git a/distfiles/mic.conf b/distfiles/mic.conf index fc20dfb..4957be9 100644 --- a/distfiles/mic.conf +++ b/distfiles/mic.conf @@ -10,6 +10,7 @@ pkgmgr = zypp ; proxy = http://proxy.yourcompany.com:8080/ ; no_proxy = localhost,127.0.0.0/8,.yourcompany.com +; ssl_verify = no [convert] ; settings for convert subcommand diff --git a/mic/imager/baseimager.py b/mic/imager/baseimager.py index e803de1..517f473 100644 --- a/mic/imager/baseimager.py +++ b/mic/imager/baseimager.py @@ -829,9 +829,12 @@ class BaseImageCreator(object): pkg_manager.setup(yum_conf, self._instroot) for repo in kickstart.get_repos(self.ks, repo_urls): - (name, baseurl, mirrorlist, inc, exc, proxy, proxy_username, proxy_password, debuginfo, source, gpgkey, disable) = repo + (name, baseurl, mirrorlist, inc, exc, + proxy, proxy_username, proxy_password, debuginfo, + source, gpgkey, disable, ssl_verify) = repo - yr = pkg_manager.addRepository(name, baseurl, mirrorlist, proxy, proxy_username, proxy_password, inc, exc) + yr = pkg_manager.addRepository(name, baseurl, mirrorlist, proxy, + proxy_username, proxy_password, inc, exc, ssl_verify) if kickstart.exclude_docs(self.ks): rpm.addMacro("_excludedocs", "1") diff --git a/mic/kickstart/__init__.py b/mic/kickstart/__init__.py index dcc708e..146ce23 100644 --- a/mic/kickstart/__init__.py +++ b/mic/kickstart/__init__.py @@ -685,8 +685,13 @@ def get_repos(ks, repo_urls = {}): gpgkey = repo.gpgkey if hasattr(repo, "disable"): disable = repo.disable + ssl_verify = True + if hasattr(repo, "ssl_verify"): + ssl_verify = repo.ssl_verify == "yes" - repos[repo.name] = (repo.name, baseurl, mirrorlist, inc, exc, proxy, proxy_username, proxy_password, debuginfo, source, gpgkey, disable) + repos[repo.name] = (repo.name, baseurl, mirrorlist, inc, exc, + proxy, proxy_username, proxy_password, debuginfo, + source, gpgkey, disable, ssl_verify) return repos.values() diff --git a/mic/kickstart/custom_commands/moblinrepo.py b/mic/kickstart/custom_commands/moblinrepo.py index 998b0b2..9d120a4 100644 --- a/mic/kickstart/custom_commands/moblinrepo.py +++ b/mic/kickstart/custom_commands/moblinrepo.py @@ -25,7 +25,8 @@ from pykickstart.commands.repo import * class Moblin_RepoData(F8_RepoData): def __init__(self, baseurl="", mirrorlist="", name="", priority=None, includepkgs=[], excludepkgs=[], save=False, proxy=None, - proxy_username=None, proxy_password=None, debuginfo=False, source=False, gpgkey=None, disable=False): + proxy_username=None, proxy_password=None, debuginfo=False, + source=False, gpgkey=None, disable=False, ssl_verify="yes"): F8_RepoData.__init__(self, baseurl=baseurl, mirrorlist=mirrorlist, name=name, includepkgs=includepkgs, excludepkgs=excludepkgs) @@ -37,6 +38,7 @@ class Moblin_RepoData(F8_RepoData): self.disable = disable self.source = source self.gpgkey = gpgkey + self.ssl_verify = ssl_verify.lower() def _getArgsAsStr(self): retval = F8_RepoData._getArgsAsStr(self) @@ -57,6 +59,8 @@ class Moblin_RepoData(F8_RepoData): retval += " --gpgkey=%s" % self.gpgkey if self.disable: retval += " --disable" + if self.ssl_verify: + retval += " --ssl_verify=%s" % self.ssl_verify return retval @@ -93,4 +97,6 @@ class Moblin_Repo(F8_Repo): default=False) op.add_option("--gpgkey", type="string", action="store", dest="gpgkey", default=None, nargs=1) + op.add_option("--ssl_verify", type="string", action="store", dest="ssl_verify", + default="yes") return op diff --git a/mic/utils/misc.py b/mic/utils/misc.py index 49859bc..8a76014 100644 --- a/mic/utils/misc.py +++ b/mic/utils/misc.py @@ -225,6 +225,8 @@ def get_repostrs_from_ks(ks): repostr += ",source:" if hasattr(repodata, "gpgkey") and repodata.gpgkey: repostr += ",gpgkey:" + repodata.gpgkey + if hasattr(repodata, "ssl_verify") and repodata.ssl_verify: + repostr += ",ssl_verify:" + repodata.ssl_verify kickstart_repos.append(repostr[1:]) return kickstart_repos diff --git a/plugins/backend/yumpkgmgr.py b/plugins/backend/yumpkgmgr.py index 1563628..5d31d55 100644 --- a/plugins/backend/yumpkgmgr.py +++ b/plugins/backend/yumpkgmgr.py @@ -28,17 +28,28 @@ from mic.utils.errors import CreatorError from mic.imager.baseimager import BaseImageCreator class MyYumRepository(yum.yumRepo.YumRepository): - def __init__(self, repoid): - yum.yumRepo.YumRepository.__init__(self, repoid) - self.sslverify = False - - def _setupGrab(self): - self.sslverify = False - yum.yumRepo.YumRepository._setupGrab(self) def __del__(self): pass + def _getFile(self, url=None, relative=None, local=None, start=None, end=None, + copy_local=None, checkfunc=None, text=None, reget='simple', + cache=True, size=None): + + m2c_connection = None + if not self.sslverify: + import M2Crypto + m2c_connection = M2Crypto.SSL.Connection.clientPostConnectionCheck + M2Crypto.SSL.Connection.clientPostConnectionCheck = None + + rvalue = super(MyYumRepository, self)._getFile(url, relative, local, + start, end, copy_local, checkfunc, text, reget, cache, size) + + if m2c_connection and not M2Crypto.SSL.Connection.clientPostConnectionCheck: + M2Crypto.SSL.Connection.clientPostConnectionCheck = m2c_connection + + return rvalue + from mic.pluginbase import BackendPlugin class Yum(BackendPlugin, yum.YumBase): name = 'yum' @@ -96,7 +107,7 @@ class Yum(BackendPlugin, yum.YumBase): conf += "reposdir=\n" conf += "failovermethod=priority\n" conf += "http_caching=packages\n" - conf += "sslverify=0\n" + conf += "sslverify=1\n" f = file(confpath, "w+") f.write(conf) @@ -177,7 +188,9 @@ class Yum(BackendPlugin, yum.YumBase): except yum.Errors.YumBaseError, e: raise CreatorError("Unable to install: %s" % (e,)) - def addRepository(self, name, url = None, mirrorlist = None, proxy = None, proxy_username = None, proxy_password = None, inc = None, exc = None): + def addRepository(self, name, url = None, mirrorlist = None, proxy = None, + proxy_username = None, proxy_password = None, + inc = None, exc = None, ssl_verify=True): def _varSubstitute(option): # takes a variable and substitutes like yum configs do option = option.replace("$basearch", rpmUtils.arch.getBaseArch()) @@ -185,7 +198,6 @@ class Yum(BackendPlugin, yum.YumBase): return option repo = MyYumRepository(name) - repo.sslverify = False """Set proxy""" repo.proxy = proxy @@ -208,6 +220,8 @@ class Yum(BackendPlugin, yum.YumBase): if v or not hasattr(repo, k): repo.setAttribute(k, v) + repo.sslverify = ssl_verify + repo.basecachedir = self.conf.cachedir repo.base_persistdir = self.conf.persistdir repo.failovermethod = "priority" diff --git a/plugins/backend/zypppkgmgr.py b/plugins/backend/zypppkgmgr.py index 4a23fb2..52946a9 100644 --- a/plugins/backend/zypppkgmgr.py +++ b/plugins/backend/zypppkgmgr.py @@ -249,7 +249,9 @@ class Zypp(BackendPlugin): else: raise CreatorError("Unable to find pattern: %s" % (grp,)) - def addRepository(self, name, url = None, mirrorlist = None, proxy = None, proxy_username = None, proxy_password = None, inc = None, exc = None): + def addRepository(self, name, url = None, mirrorlist = None, proxy = None, + proxy_username = None, proxy_password = None, + inc = None, exc = None, ssl_verify = True): if not self.repo_manager: self.__initialize_repo_manager() @@ -259,6 +261,7 @@ class Zypp(BackendPlugin): repo.proxy = proxy repo.proxy_username = proxy_username repo.proxy_password = proxy_password + repo.ssl_verify = ssl_verify repo.baseurl.append(url) if inc: for pkg in inc: @@ -287,6 +290,8 @@ class Zypp(BackendPlugin): repo_info.setAutorefresh(repo.autorefresh) repo_info.setKeepPackages(repo.keeppackages) baseurl = zypp.Url(repo.baseurl[0]) + if not ssl_verify: + baseurl.setQueryParam("ssl_verify", "no") if proxy: (scheme, host, path, parm, query, frag) = urlparse.urlparse(proxy) proxyinfo = host.split(":") diff --git a/tests/mic_cases/base/test.conf b/tests/mic_cases/base/test.conf index 11f0d0f..64b4dec 100644 --- a/tests/mic_cases/base/test.conf +++ b/tests/mic_cases/base/test.conf @@ -11,6 +11,7 @@ arch = i586 ; proxy = http://proxy.yourcompany.com:8080/ ; no_proxy = localhost,127.0.0.0/8,.yourcompany.com +; ssl_verify = no [convert] ; settings for convert subcommand -- 2.7.4