VendorChangeManager: Configuration version 1.1 with package-based filtering and enhanced flexibility
#2579
Conversation
jrohel
force-pushed
the
vendor_change_policy1_1
branch
from
4d31693 to
41a15f3
Compare
jrohel
force-pushed
the
vendor_change_policy1_1
branch
from
41a15f3 to
ac60e63
Compare
evan-goode
left a comment
evan-goode
left a comment
There was a problem hiding this comment.
I took a look but have yet to test this. It seems quite powerful!
@Conan-Kudo @michel-slm wdyt?
Allow use packages from the command-line repo from any vendor:
We probably want this by default, will we ship this as a configuration file downstream in Fedora?
doc/dnf5.conf-vendorpolicy.5.rst
Outdated
| -------------------------- | ||
|
|
||
| The file must contain **one** of the following definition methods: | ||
| The file can use one or more of the following vendor definition methods. |
There was a problem hiding this comment.
I would rather not mix the documentation for version 1.0 and version 1.1 of the configuration file. Most users will just want to write a file in the latest version and won't care about limitations of the older spec, especially since 1.0 never made it to a stable Fedora. Could we keep the 1.0 documentation in a separate page?
There was a problem hiding this comment.
@evan-goode OK. I added commit that splits documentation to version specific files.
| void VendorChangeManager::load_vendor_change_policy(const std::filesystem::path & path) { | ||
| VendorChangePolicy policy; | ||
|
|
||
| bool is_config_version_1_0; |
There was a problem hiding this comment.
Given the above, we may not even need to support 1.0 at all. We have a new major version with 5.4.0.0 after all. I'm fine either way.
There was a problem hiding this comment.
I wanted to handle the configuration file extension properly, which is why I introduced version 1.1. Version 1.1 is backward compatible with 1.0 - meaning that if you change 1.0 to 1.1 in an old config file, it will work correctly in the new libdnf. However, I intentionally implemented checks in the new libdnf to disallow version 1.1 extensions when version 1.0 is specified. This was done so the user can be sure that if they test a version 1.0 config in the new libdnf, it will still work in older versions of libdnf that lack 1.1 support. It's simply a clean solution, though it’s a question of whether it’s strictly necessary. libdnf with version 1.0 support was released in Fedora Rawhide - but Rawhide is not a stable release.
There was a problem hiding this comment.
It has been released into openSUSE Tumbleweed though, which is a stable rolling release. So it does matter.
jrohel
force-pushed
the
vendor_change_policy1_1
branch
from
ac60e63 to
5b757bd
Compare
jrohel
force-pushed
the
vendor_change_policy1_1
branch
2 times, most recently
from
8751cc2 to
ca8eebe
Compare
evan-goode
left a comment
evan-goode
left a comment
There was a problem hiding this comment.
LGTM otherwise. I tested manually, it works as expected. The docs are thorough and therefore long, but the large set of examples makes it easy enough to understand quickly. Thanks for making separate doc pages for 1.0 and 1.1.
CI tests with rpm-software-management/ci-dnf-stack#1817 are passing locally.
- Allow "1.1" as a valid version string in configuration files. - Backward compatibility with "1.0" is maintained. - New version-specific extensions will be implemented in future commits. - Documentation updated.
Combining `equivalent_vendors` with `outgoing_vendors` or `incoming_vendors` was previously restricted to simplify configuration. However, this introduced an unnecessary rule. Since the underlying code supports this combination, the restriction is now enforced only for version "1.0" of the config file. Documentation updated.
Added a new method add_grow that allows adding an element by ID while ensuring sufficient memory capacity. The method takes an extra_capacity argument which defines the number of additional slots to allocate beyond the required minimum.
Defining only `incoming_vendors` without `outgoing_vendors` (and vice versa) was previously not supported. (`equivalent_vendors` is equivalent to defining both `incoming_vendors` and `outgoing_vendors` with the same content). However, in some cases, users want to allow a specific vendor to replace any installed vendor, or allow an installed vendor to be replaced by any other vendor. Previously, users had to define an explicit rule allowing "any" vendor. A nonexistent vendors array now implies "any vendor". Explicit rule for allowing any vendor are now required only for config version "1.0". Documentation updated. Example (any vendor can be replaced by 'My Trusted Vendor'): ```toml version = "1.0" [[outgoing_vendors]] vendor = '' comparator = 'CONTAINS' [[incoming_vendors]] vendor = 'My Trusted Vendor' ``` ```toml version = "1.1" [[incoming_vendors]] vendor = 'My Trusted Vendor' ```
It is better to catch regex errors early while parsing the config file, rather than allowing a failure to occur later during goal resolution.
Extend vendor change policy definitions to include 'outgoing_packages'
and 'incoming_packages' filter lists.
These lists restrict vendor changes only to packages that match the
specified filters. If a list is omitted from the configuration file,
no filtering is applied for that category (all packages are allowed).
Documentation updated.
Example 1: Allow installing packages from the command-line repo
from any vendor:
```
version = '1.1'
[[incoming_packages]]
filters = [
{ filter = 'cmdline_repo', value = 'true' }
]
```
Example 2: Allow installing packages from the command-line repo from any
vendor, except for packages whose names start with 'mypackage':
```
version = '1.1'
[[incoming_packages]]
filters = [
{ filter = 'name', value = 'mypackage', comparator = 'STARTSWITH' }
]
exclude = true
[[incoming_packages]]
filters = [
{ filter = 'cmdline_repo', value = 'true' }
]
```
Example 3: Allow a change from any vendor to 'My Trusted Vendor', but
only for incoming packages whose source package name is 'mypackage' and
are located in the 'myrepo' repository:
```
version = '1.1'
[[incoming_packages]]
filters = [
{ filter = 'source_name', value = 'mypackage' },
{ filter = 'repoid', value = 'myrepo' }
]
[[incoming_vendors]]
vendor = 'My Trusted Vendor'
```
Add support for filtering packages by Epoch-Version-Release components
using relational comparators (GT, GTE, LT, LTE, EXACT, NOT_EXACT).
New filters use proper RPM version comparison instead of lexical string
comparison, ensuring correct version ordering. String-based filters
(name, source_name, arch, repoid) continue to use string comparators.
Documentation updated.
Example:
This example allows a change from any vendor to "My Vendor", but
only for incoming packages whose source package name is "mypackage" and
version is greater than or equal to "2.0".
```
version = '1.1'
[[incoming_packages]]
filters = [
{ filter = 'source_name', value = 'mypackage' },
{ filter = 'version', value = '2.0', comparator = 'GTE' }
]
[[incoming_vendors]]
vendor = 'My Vendor'
```
jrohel
force-pushed
the
vendor_change_policy1_1
branch
2 times, most recently
from
3f9a247 to
b4ae68a
Compare
Split the vendor change policy documentation from a single file into three separate files for better clarity and maintainability: - dnf5.conf-vendorpolicy.5.rst - Main file with basic information about vendor change policy configuration, TOML format, supported versions (1.0 and 1.1), and configuration file locations - dnf5.conf-vendorpolicy-v1_0.5.rst - Complete documentation for version 1.0 format, including file structure, vendor mapping definitions, error conditions, and examples - dnf5.conf-vendorpolicy-v1_1.5.rst - Complete documentation for version 1.1 format, including file structure, vendor mapping definitions, package filtering, error conditions, and examples Changes also include: - Enhanced vendor mapping definition explanations with clarifications about when vendor changes are allowed and how missing lists are interpreted - Added notes about configuration files requiring at least one supported list to have effect on vendor manager behavior
Error conditions are already clear from field descriptions, making these sections unnecessarily verbose.
3 participants
This PR introduces version
1.1of the Vendor Change Manager configuration format, bringing improvements in flexibility and usability while maintaining full backward compatibility with version1.0.Closes: #2544
CI tests for new features: rpm-software-management/ci-dnf-stack#1817
Summary of changes
1. Simplified vendor array rules
Combine
equivalent_vendorswith directional arrays:1.1allows mixingequivalent_vendorswithoutgoing_vendors/incoming_vendorsfor more flexible policies (Note:equivalent_vendorsis automatically expanded to bothoutgoing_vendorsandincoming_vendors)1.0restricted this combinationIndependent vendor arrays:
outgoing_vendorsandincoming_vendorscan now be specified independently1.0required both arrays to be present or both missing2. Package-based filtering (new feature)
Added
incoming_packagesandoutgoing_packagesarrays to restrict vendor changes based on package attributesSupported package filters:
name,source_name,arch,repoid(string-based)evr,epoch,version,release(version-based with proper RPM comparison)cmdline_repo(boolean)String comparators:
EXACT,IEXACT,CONTAINS,STARTSWITH,ENDSWITH,REGEX,GLOB(and negated variants)Version comparators:
EXACT,NOT_EXACT,GT,GTE,LT,LTE(with proper RPM version ordering)Exclusion support: Rules can be marked with
exclude = truefor defining exclusion3. Backward compatibility
1.0configurations continue to work unchanged1.0restrictions remain enforced for1.0configs1.1is opt-in via the version field4. Improved validation
5. Enhanced documentation
Examples
Allow any vendor to be replaced by "My Trusted Vendor".
Allow: Mutual changes between "First Vendor" and "Second Vendor" (equivalent vendors), change from "First Vendor"/"Second Vendor" to "Third Vendor"
Allow use packages from the command-line repo from any vendor:
Allow use packages from the command-line repo from any vendor, except for packages whose names start with "mypackage":
This example allows a change from any vendor to "My Vendor", but only for incoming packages whose source package name is "mypackage" and version is greater than or equal to "2.0".