| |
@@ -281,7 +281,7 @@
|
| |
|
| |
def _add_yum_repo(self, name, url, mirrorlist=False, groups=True,
|
| |
cost=1000, includepkgs=None, excludepkgs=None,
|
| |
- proxy=None):
|
| |
+ proxy=None, gpgkey=None):
|
| |
"""This function adds a repo to the yum object.
|
| |
name: Name of the repo
|
| |
url: Full url to the repo
|
| |
@@ -318,6 +318,10 @@
|
| |
thisrepo.exclude = excludepkgs
|
| |
thisrepo.includepkgs = includepkgs
|
| |
thisrepo.cost = cost
|
| |
+ if gpgkey:
|
| |
+ thisrepo.gpgcheck = True
|
| |
+ thisrepo.gpgkey = yum.parser.varReplace(gpgkey,
|
| |
+ self.ayum.conf.yumvar)
|
| |
# Yum doesn't like proxy being None
|
| |
if proxy:
|
| |
thisrepo.proxy = proxy
|
| |
@@ -349,6 +353,7 @@
|
| |
yumconf.installroot = os.path.join(self.workdir, 'yumroot')
|
| |
yumconf.uid = os.geteuid()
|
| |
yumconf.cache = 0
|
| |
+ yumconf.assumeyes = True
|
| |
yumconf.failovermethod = 'priority'
|
| |
yumconf.deltarpm = 0
|
| |
yumvars = yum.config._getEnvVar()
|
| |
@@ -379,7 +384,8 @@
|
| |
cost=repo.cost,
|
| |
includepkgs=repo.includepkgs,
|
| |
excludepkgs=repo.excludepkgs,
|
| |
- proxy=repo.proxy)
|
| |
+ proxy=repo.proxy,
|
| |
+ gpgkey=repo.gpgkey)
|
| |
else:
|
| |
self._add_yum_repo(repo.name, repo.baseurl,
|
| |
mirrorlist=False,
|
| |
@@ -387,7 +393,8 @@
|
| |
cost=repo.cost,
|
| |
includepkgs=repo.includepkgs,
|
| |
excludepkgs=repo.excludepkgs,
|
| |
- proxy=repo.proxy)
|
| |
+ proxy=repo.proxy,
|
| |
+ gpgkey=repo.gpgkey)
|
| |
|
| |
self.logger.info('Getting sacks for arches %s' % self.valid_arches)
|
| |
self.ayum._getSacks(archlist=self.valid_arches)
|
| |
@@ -1096,6 +1103,20 @@
|
| |
sys.exit(1)
|
| |
|
| |
for po in polist:
|
| |
+ # before doing anything with the package, verify its signature
|
| |
+ result, errmsg = self.ayum.sigCheckPkg(po)
|
| |
+ if result == 0:
|
| |
+ # Verified ok, or verify not req'd
|
| |
+ pass
|
| |
+ elif result == 1:
|
| |
+ # keys are provided through kickstart, so treat this as consent
|
| |
+ # for importing them
|
| |
+ self.ayum.getKeyForPackage(po, lambda x, y, z: True)
|
| |
+ else:
|
| |
+ # Fatal error
|
| |
+ self.logger.error(errmsg)
|
| |
+ sys.exit(1)
|
| |
+
|
| |
basename = os.path.basename(po.relativepath)
|
| |
|
| |
local = po.localPkg()
|
| |
There is no verification that the key is accesable or readable.