Support for package blacklists

This adds support for blacklisting the mirroring of certain packages.
This requires a very new bandersnatch running under python3.

Change-Id: I0de38d79947bbae10650879b0fbdc77db0131918

manifests/mirror.pp

@@ -17,11 +17,12 @@
 # Class to set up bandersnatch mirroring.
 #
 class bandersnatch::mirror (
-  $group       = 'root',
-  $hash_index  = false,
-  $mirror_root = '/srv/static/mirror',
-  $static_root = '/srv/static',
-  $user        = 'root',
+  $group             = 'root',
+  $hash_index        = false,
+  $package_blacklist = [],
+  $mirror_root       = '/srv/static/mirror',
+  $static_root       = '/srv/static',
+  $user              = 'root',
 ) {
 
   if ! defined(File[$static_root]) {

templates/bandersnatch.conf.erb

@@ -40,4 +40,13 @@ delete-packages = true
 ; generate daily access statistics that will be aggregated on the master PyPI.
 access-log-pattern = /var/log/apache2/pypi.*openstack.org_access.*
 
+<% if not @package_blacklist.empty? -%>
+; blacklist
+; List of PyPI packages not to sync - Useful if malicious packages are mirrored
+[blacklist]
+packages =
+<% @package_blacklist.each do |package| -%>
+  <%= package %>
+<% end -%>
+<% end -%>
 ; vim: set ft=cfg: