Skip specific rpms during sync

There are a couple of RPMs that our antivirus is flagging during the sync process so they are fail to download with a permission denied. We don’t need them so I don’t have any issue if they are not included in the downloads. I don’t have access to modify the whitelist on the AV so I’m hoping to do this on the foreman host. Is it possible to create a list of rpms that should be ignored during sync?

Expected outcome:

Foreman and Proxy versions:

Foreman and Proxy plugin versions:

Distribution and version:
CentOS 8 Stream

Other relevant data:

Believe content view filter is what you are looking for.

How would that help with syncing? The problem the OP is experiencing, which we have also experienced, is AV flagging of packages during sync.

Unless I am very much mistaken, I think the short answer is: No, there is not currently a way to filter out packages before they are ever downloaded during sync. I recommend starting a discussion on the Pulp discourse to find out how likely such a feature is to be added in the future.

This is one feature I have been missing since I moved over from Spacewalk. There you could use + and - to include or exclude packages matching a certain file name. Very useful when you perhaps only want a few packages from a huge repo or if you know some packages from a repo that are useless for you.

Just a quick followup.

I worked around the issue by moving my sync site from http:… to https:… and the encryption prevented the AV from inspecting the inbound packets so I was able to complete the sync.

Because we’re air gapped I worked with our security to group to exclude anything that might be flagged by the internal scan.

Just wanted to leave a link here to the Post @jmck04 opened on the Pulp discourse as well: Skip specific RPMs during sync - Support - Pulp Community

No replies yet, but that may still change. :wink: