Florian Festi wrote:
seth vidal wrote:
I don't think we want to make them locally. For verification purposes
it's a dicey proposition.
Think about this:
if we see that the sqlite file is changed - how do we know it was
changed due to index generation and not due to someone mucking with our
metadata?
While I belief it is possible to create the indexes in a sane way
locally this would require some more thought.
As I had a night of sleep it doesn't seam to be that hard. We have to make
sure that we do a real checksum check after downloading the sqlite file to
make sure the mirrors don't mess with us and to keep the (yet to forge)
signing chain closed.
After the file is written to disc we don't need to verify it over and over
again for every yum run. /var/cache/yum is root territory and if someone is
capable to mess with that he owns your system anyway.
Patch is attached although I don't know if we want it to be in F8 already.
Florian
>From 2fc8603b7e4cef3bfe1517a1b0f1815fcede563c Mon Sep 17 00:00:00 2001
From: Florian Festi <[EMAIL PROTECTED]>
Date: Thu, 23 Aug 2007 12:07:07 +0200
Subject: [PATCH] Check only internal checksum of already existing sqlitedb files to allow creating indexes locally
---
yum/yumRepo.py | 38 ++++++++++++++++++++++++++++++++++----
1 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/yum/yumRepo.py b/yum/yumRepo.py
index c45fb85..3f12def 100644
--- a/yum/yumRepo.py
+++ b/yum/yumRepo.py
@@ -32,6 +32,7 @@ import sqlitesack
from yum import config
from yum import misc
from constants import *
+from sqlutils import sqlite
import logging
import logginglevels
@@ -138,14 +139,14 @@ class YumPackageSack(packageSack.PackageSack):
else:
continue
-
+
if self._check_db_version(repo, mydbtype):
- # see if we have the uncompressed db and check it's checksum vs the openchecksum
+ # see if we have the uncompressed db and check it's internal checksum
+ # vs the checksum of the xml file
# if not download the bz2 file
# decompress it
# unlink it
-
- db_un_fn = self._check_uncompressed_db(repo, mydbtype)
+ db_un_fn = self._check_uncompressed_db_checksum(repo, mydbtype)
if not db_un_fn:
try:
db_fn = repo.retrieveMD(mydbtype)
@@ -194,6 +195,35 @@ class YumPackageSack(packageSack.PackageSack):
result = db_un_fn
return result
+
+ def _check_uncompressed_db_checksum(self, repo, mdtype):
+ """return file name of uncompressed db is good, None if not"""
+ mydbdata = repo.repoXML.getData(mdtype)
+ (r_base, remote) = mydbdata.location
+ mymddata = repo.repoXML.getData(mdtype.replace('_db', ''))
+ (cs_type, cs) = mymddata.checksum
+ fname = os.path.basename(remote)
+ bz2_fn = repo.cachedir + '/' + fname
+ db_un_fn = bz2_fn.replace('.bz2', '')
+
+ # file must exists
+ if not os.path.exists(db_un_fn):
+ return None
+
+ try:
+ # read checksum from db
+ db = sqlite.connect(db_un_fn)
+ cur = db.cursor()
+ cur.execute('SELECT * FROM db_info')
+ db_version, checksum = cur.fetchone()
+ db.close()
+ except:
+ return None
+
+ if checksum == cs:
+ return db_un_fn
+
+ return None
def _check_db_version(self, repo, mdtype):
if repo.repoXML.repoData.has_key(mdtype):
--
1.5.2.2
_______________________________________________
Yum-devel mailing list
[email protected]
https://lists.dulug.duke.edu/mailman/listinfo/yum-devel
