Add SR blacklist where it is forbidden to download from binary cache

slapos.cfg.example

@@ -131,3 +131,8 @@ signature-certificate-list =
   Loe5mIHsjRVKvzB6SvIaFUYq/EzmHnqNdpIGkT/Mj7r/iUs61btTcGUCLsUiUeci
   Vd0Ozh79JSRpkrdI8R/NRQ2XPHAo+29TT70=
   -----END CERTIFICATE-----
+# List of URL(s) which shouldn't be installed from binary cache, separated by
+# commas. Any URL beginning by a blacklisted URL will be blacklisted as well.
+binary-cache-url-blacklist =
+  http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD
+  http://git.erp5.org/gitweb/slapos.core.git/blob_plain/refs/heads

slapos/grid/SlapObject.py

@@ -54,7 +54,8 @@ class Software(object):
       upload_cache_url=None, upload_dir_url=None, shacache_cert_file=None,
       shacache_key_file=None, shadir_cert_file=None, shadir_key_file=None,
       download_binary_cache_url=None, upload_binary_cache_url=None,
-      download_binary_dir_url=None, upload_binary_dir_url=None):
+      download_binary_dir_url=None, upload_binary_dir_url=None,
+      binary_cache_url_blacklist = []):
     """Initialisation of class parameters
     """
     self.url = url
@@ -77,14 +78,17 @@ class Software(object):
     self.upload_binary_cache_url = upload_binary_cache_url
     self.download_binary_dir_url = download_binary_dir_url
     self.upload_binary_dir_url = upload_binary_dir_url
+    self.binary_cache_url_blacklist = binary_cache_url_blacklist
 
   def install(self):
     """ Fetches binary cache if possible.
     Installs from buildout otherwise.
     """
+    self.logger.info("Installing software release %s..." % self.url)
     tarname = self.software_url_hash
     cache_dir = tempfile.mkdtemp()
     tarpath = os.path.join(cache_dir, tarname)
+    # Check if we can download from cache
     if (not os.path.exists(self.software_path)) \
       and download_network_cached(
           self.download_binary_cache_url,
@@ -92,7 +96,8 @@ class Software(object):
           self.url, self.software_root,
           self.software_url_hash,
           tarpath, self.logger,
-          self.signature_certificate_list):
+          self.signature_certificate_list,
+          self.binary_cache_url_blacklist):
         tar = tarfile.open(tarpath)
         try:
           self.logger.info("Extracting archive of cached software release...")
@@ -128,7 +133,6 @@ class Software(object):
     """ Fetches buildout configuration from the server, run buildout with
     it. If it fails, we notify the server.
     """
-    self.logger.info("Installing software release %s..." % self.url)
     root_stat_info = os.stat(self.software_root)
     os.environ = utils.getCleanEnvironment(pwd.getpwuid(root_stat_info.st_uid
       ).pw_dir)

slapos/grid/networkcache.py

@@ -49,7 +49,8 @@ def fallback_call(function):
 
 @fallback_call
 def download_network_cached(cache_url, dir_url, software_url, software_root,
-                            key, path, logger, signature_certificate_list):
+                            key, path, logger, signature_certificate_list,
+                            binary_cache_url_blacklist=None):
     """Downloads from a network cache provider
 
     return True if download succeeded.
@@ -60,6 +61,10 @@ def download_network_cached(cache_url, dir_url, software_url, software_root,
     if not(cache_url and dir_url and software_url and software_root):
         return False
 
+    for url in binary_cache_url_blacklist:
+      if software_url.startswith(url):
+        return False
+
     # In order to call nc nicely.
     if len(signature_certificate_list) == 0:
         signature_certificate_list = None

slapos/grid/slapgrid.py

@@ -234,6 +234,11 @@ def parseArgumentTupleAndReturnSlapgridObject(*argument_tuple):
   else:
     signature_certificate_list = None
 
+  # Parse cache / binary options
+  option_dict["binary-cache-url-blacklist"] = [
+      url.strip() for url in option_dict.get("binary-cache-url-blacklist", ""
+          ).split('\n') if url]
+
   # Sleep for a random time to avoid SlapOS Master being DDOSed by an army of
   # SlapOS Nodes configured with cron.
   if option_dict["now"]:
@@ -265,6 +270,8 @@ def parseArgumentTupleAndReturnSlapgridObject(*argument_tuple):
               option_dict.get('download-binary-cache-url', None),
             upload_binary_cache_url=\
               option_dict.get('upload-binary-cache-url', None),
+            binary_cache_url_blacklist=\
+                option_dict.get('binary-cache-url-blacklist', []),
             upload_cache_url=option_dict.get('upload-cache-url', None),
             download_binary_dir_url=\
               option_dict.get('download-binary-dir-url', None),
@@ -356,6 +363,7 @@ class Slapgrid(object):
                signature_certificate_list=None,
                download_binary_cache_url=None,
                upload_binary_cache_url=None,
+               binary_cache_url_blacklist=None,
                upload_cache_url=None,
                download_binary_dir_url=None,
                upload_binary_dir_url=None,
@@ -388,6 +396,7 @@ class Slapgrid(object):
     self.signature_certificate_list = signature_certificate_list
     self.download_binary_cache_url = download_binary_cache_url
     self.upload_binary_cache_url = upload_binary_cache_url
+    self.binary_cache_url_blacklist = binary_cache_url_blacklist
     self.upload_cache_url = upload_cache_url
     self.download_binary_dir_url = download_binary_dir_url
     self.upload_binary_dir_url = upload_binary_dir_url
@@ -484,6 +493,7 @@ class Slapgrid(object):
             signature_certificate_list=self.signature_certificate_list,
             download_binary_cache_url=self.download_binary_cache_url,
             upload_binary_cache_url=self.upload_binary_cache_url,
+            binary_cache_url_blacklist=self.binary_cache_url_blacklist,
             upload_cache_url=self.upload_cache_url,
             download_binary_dir_url=self.download_binary_dir_url,
             upload_binary_dir_url=self.upload_binary_dir_url,