Hooks into the DNF HTTP Requests #1285
Comments
|
The libdnf library has an API for setting HTTP headers. HTTP headers are repository specific and can be set before download begins (eg in the Support for changing HTTP headers during repository downloads may require changes to DNF, libdnf, librepo, libcurl. |
|
Thanks for getting back to me.
I saw those methods, which is how I figured I could add them in. However, the Alternatively there is also a way to use query parameters in the URL path [2], but would (again) require some sort of hook with access to the raw request to append query parameters to the requested URL. Is there any hook I could put in that would intercept the HTTP request (repository download) before its made and write in some query parameters? [1] https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html |
|
I am working on the same direction and facing the exact same issue. AWS Sigv4 Auth Headers change per request. In old A stupid duck-tape solution might be money-patch download_remote_payload function in DNF by reimplementing downloading function there, but it will ultimately break other plugins behavior in certain manner. |
|
Thanks for the thoughts @miaoneng - I too had been thinking of your approach mentioned.
Yeah, one could argue that a Minimum Viable Product initial release could call this out to have that kind of support added later. What plugins do you think would cause an issue? |
|
Reviving this, I would like to be able to use librepo on sigv4 repositories, not just s3. Has anything been done since those old comments ? If not, should we propose a patch/PR to add a hook ? |
|
@andrewegel did you ever got a solution working? I am facing the same issue. Or @ozbenh any chance you found something? |
|
As far as upstream is concerned I don't think there were any developments. This is a fairly complex RFE with low priority. As mentioned before it would require changes to librepo and libdnf (preferably libdnf5) at minimum. |
kontura
added
the
Triaged
Background:
My ultimate goal is to implement this yum plugin for DNF: https://github.com/seporaitis/yum-s3-iam for EL8.
TL;DR: This yum plugin "hooks" into yum's download process to add AWS Sigv4 Auth Headers:
https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html
So you can have your rhel/centos system download from a private S3 bucket as a yum repo. AWS IAM creds are either provided by the user as config values, or the plugin will query the AWS MDS API for role-based credentials (so secrets are not stored on the system).
Porting over to DNF isn't trivial, as not only has the plugin API changed, but a lot of tasks that handles repo management or download has been moved to libdnf (this project) or librepo.
My Issue:
I figured I would start at libdnf for this query before I moved it to librepo where I think the majority of my hooks would go, but this is just step one in my quest for advice. Is there any guidance libdnf contributors can provide for me to "hook" into the HTTP request code paths of the download (anything from whats deemed an "s3 repo") to add SigV4 headers to authenticate into AWS to download an RPM or repo metadata.
Preferably I can add that "hook" through a Python DNF plugin so I can implement this feature through a python plugin, and avoid touching c/c++ in these projects.
Thanks!
The text was updated successfully, but these errors were encountered: