Problem:
There are a couple of RPMs that our antivirus is flagging during the sync process so they are fail to download with a permission denied. We don’t need them so I don’t have any issue if they are not included in the downloads. I don’t have access to modify the whitelist on the AV so I’m hoping to do this on the foreman host. Is it possible to create a list of rpms that should be ignored during sync?
Unless I am very much mistaken, I think the short answer is: No, there is not currently a way to filter out packages before they are ever downloaded during sync. I recommend starting a discussion on the Pulp discourse to find out how likely such a feature is to be added in the future.
This is one feature I have been missing since I moved over from Spacewalk. There you could use + and - to include or exclude packages matching a certain file name. Very useful when you perhaps only want a few packages from a huge repo or if you know some packages from a repo that are useless for you.
I worked around the issue by moving my sync site from http:… to https:… and the encryption prevented the AV from inspecting the inbound packets so I was able to complete the sync.
Because we’re air gapped I worked with our security to group to exclude anything that might be flagged by the internal scan.
