Description of problem: dnf doesn't understand include= in *.repo files Version-Release number of selected component (if applicable): dnf-0.6.5-1.fc22.noarch How reproducible: 100% Steps to Reproduce: [root@cubietruck ~]# dnf update Warning: failed loading '/etc/yum.repos.d/virtpreview.repo', skipping. [ ... ] [root@cubietruck ~]# cat /etc/yum.repos.d/virtpreview.repo include=http://fedorapeople.org/groups/virt/virt-preview/fedora-virt-preview.repo
Hi, `include` config option in DNF is the same as `includepkgs` option on yum. You're looking for `includeconf` option in DNF. Nobody has never wanted this feature in DNF. Can you try it out if it works as expected, please? If so I will document it - it could be handy to load repo options from remote URL.
> it could be handy to load repo options from remote URL. Exactly. This way I can tweak repos for a bunch of (virtual) machines in a central place. Doesn't work though: [root@cubietruck ~]# cat /etc/yum.repos.d/virtpreview.repo includeconf=http://fedorapeople.org/groups/virt/virt-preview/fedora-virt-preview.repo [root@cubietruck ~]# dnf update Traceback (most recent call last): File "/bin/dnf", line 36, in <module> main.user_main(sys.argv[1:], exit_code=True) File "/usr/lib/python2.7/site-packages/dnf/cli/main.py", line 185, in user_main errcode = main(args) File "/usr/lib/python2.7/site-packages/dnf/cli/main.py", line 84, in main return _main(base, args) File "/usr/lib/python2.7/site-packages/dnf/cli/main.py", line 115, in _main cli.configure(map(ucd, args)) File "/usr/lib/python2.7/site-packages/dnf/cli/cli.py", line 967, in configure self._configure_repos(opts) File "/usr/lib/python2.7/site-packages/dnf/cli/cli.py", line 725, in _configure_repos self.base.read_all_repos(self.repo_setopts) File "/usr/lib/python2.7/site-packages/dnf/base.py", line 279, in read_all_repos for repo in reader: File "/usr/lib/python2.7/site-packages/dnf/conf/read.py", line 48, in __iter__ for r in self._get_repos(repofn): File "/usr/lib/python2.7/site-packages/dnf/conf/read.py", line 83, in _get_repos parser.readfp(confpp_obj) File "/usr/lib/python2.7/site-packages/iniparse/compat.py", line 113, in readfp self.data._readfp(fp) File "/usr/lib/python2.7/site-packages/iniparse/ini.py", line 556, in _readfp for line in readline_iterator(fp): File "/usr/lib/python2.7/site-packages/iniparse/ini.py", line 431, in readline_iterator line = f.readline() File "/usr/lib/python2.7/site-packages/dnf/conf/parser.py", line 167, in readline self._popfile() File "/usr/lib/python2.7/site-packages/dnf/conf/parser.py", line 236, in _popfile self.name = self._incstack[-1].geturl() File "/usr/lib/python2.7/tempfile.py", line 391, in __getattr__ a = getattr(file, name) AttributeError: 'file' object has no attribute 'geturl'
> > it could be handy to load repo options from remote URL. > > Exactly. This way I can tweak repos for a bunch of (virtual) machines in a > central place. Doesn't work though: Oops, please don't include remote files, it's a big security hole. I'd even vote for removing this possibility if it ever worked. Including local files is ok.
(In reply to Michael Mráka from comment #3) > > > it could be handy to load repo options from remote URL. > > > > Exactly. This way I can tweak repos for a bunch of (virtual) machines in a > > central place. Doesn't work though: > > Oops, please don't include remote files, it's a big security hole. Remote files actually is the most useful case because I can update repo configs in a central place. Usually these point to http://spunk.home.kraxel.org/some/where/here/ (local home server here you can't access from outside). Including random files from the internet indeed isn't the best idea from a security point of view. I've only picked the virtpreview repo for the bug report because that's easier to reproduce than something on a server you don't have access to ...
What about creating an RPM package with the repository configuration and installing the package into the virtual machines (similarly to the fedora-release-rawhide package)?
(In reply to Radek Holy from comment #5) > What about creating an RPM package with the repository configuration and > installing the package into the virtual machines (similarly to the > fedora-release-rawhide package)? Works, did that in the past, but using include= is more convinient. Changes don't require rebuilding the package and installing the update everythere then. I also use include in my mock config files, so I can easily share the repo config for the buildroots too.
Yes, I see. BTW, do you really change the configuration that often? I'm just curious what might be the reason.
The conclusion from DNF team meeting is to not implement `includeconf` for remote files due to security reasons. Note there was no demand for having it there for local files so the option is still not in DNF configuration reference. Anyone, feel free to post your reasonable use cases so this option have a better chance to come to live in DNF.
*** Bug 1302445 has been marked as a duplicate of this bug. ***