Creative Innovative <innovative_c@xxxxxxxxx> writes: > Hi All, > > I have been using Yum for last 6 months, for basic stuff, like installing/upgrading > packages.Now I am in the process of writing a Yum plugin, so still trying to get a handle on it. > > For what I need to do, in def posttrans_hook, > 1) take the transaction object, and look at the list of packages that were installed/upgraded/removed. > 2) Check to see if each package install/package upgrade meets security criteria. > NOTE::I HAVE TO INSTALL/UPGRADE PACKAGES, BEFORE RUNNING SECURITY CRITERIA.SO THATS WHY THIS CHECK COMES IN POSTTRANS_HOOK. > 3) If any of the package does NOT meet that criteria, I need to undo > the package install/package upgrade. This is a really bad idea, you want your depsolving criteria to be based on metadata. If you have criteria that is not exposed via. any of the current metadata files, you could create another metadata DB and use that in pretrans. If you try this "update and then remove on failure" approach you'll have a bunch of problems: 1. yum/yum-updatesd/yum-cron/whatever will constantly update and then remove the package. 2. If something goes wrong before you get to your removal code, everything is already installed. 3. Even if #2 never happens, they'll be a vulnerability window where the bad packages are installed each time an update happens. 4. If you are dealing with an update and not an install, you need to do a downgrade ... this is impossible in the general case, including deps. and obsoletes ... you _will_ fail (or, to put it another way ... if you think you didn't fail, please contact us so you can implement a downgrade() method in yum core :). But if you want to ignore that advise you can look at how the post-transaction-actions plugin works. -- James Antill -- james@xxxxxxx _______________________________________________ Yum mailing list Yum@xxxxxxxxxxxxxxxxx http://lists.baseurl.org/mailman/listinfo/yum