internal/rpmmd: change ignoressl to pointer

Change the `IgnoreSSL` field in `rpmmd.RepoConfig` to a pointer. This will be later used to configure the `SSLVerify` field in the yum repo stage.
2023-05-02 17:37:48 +01:00 · 2023-05-02 17:37:48 +01:00 · ce299dfa0e
commit ce299dfa0e
parent 173de3eba4
13 changed files with 89 additions and 82 deletions
--- a/cmd/gen-manifests/main.go
+++ b/cmd/gen-manifests/main.go
@ -209,7 +209,7 @@ func convertRepo(r repository) rpmmd.RepoConfig {
 		GPGKeys:        keys,
 		CheckGPG:       &r.CheckGPG,
 		CheckRepoGPG:   &r.CheckRepoGPG,
-		IgnoreSSL:      r.IgnoreSSL,
+		IgnoreSSL:      &r.IgnoreSSL,
 		MetadataExpire: r.MetadataExpire,
 		RHSM:           r.RHSM,
 		ImageTypeTags:  r.ImageTypeTags,
--- a/cmd/osbuild-pipeline/main.go
+++ b/cmd/osbuild-pipeline/main.go
@ -166,7 +166,7 @@ func main() {
 			GPGKeys:      keys,
 			CheckGPG:     &repo.CheckGPG,
 			CheckRepoGPG: common.ToPtr(false),
-			IgnoreSSL:    false,
+			IgnoreSSL:    common.ToPtr(false),
 			PackageSets:  repo.PackageSets,
 			RHSM:         repo.RHSM,
 		}
--- a/internal/blueprint/repository_customizations.go
+++ b/internal/blueprint/repository_customizations.go
@ -6,6 +6,7 @@ import (
 	"regexp"
 	"strings"

+	"github.com/osbuild/osbuild-composer/internal/common"
 	"github.com/osbuild/osbuild-composer/internal/fsnode"
 	"github.com/osbuild/osbuild-composer/internal/rpmmd"
 )
@ -21,7 +22,7 @@ type RepositoryCustomization struct {
 	Enabled      *bool    `json:"enabled,omitempty" toml:"enabled,omitempty"`
 	GPGCheck     *bool    `json:"gpgcheck,omitempty" toml:"gpgcheck,omitempty"`
 	RepoGPGCheck *bool    `json:"repo_gpgcheck,omitempty" toml:"repo_gpgcheck,omitempty"`
-	SSLVerify    bool     `json:"sslverify,omitempty" toml:"sslverify,omitempty"`
+	SSLVerify    *bool    `json:"sslverify,omitempty" toml:"sslverify,omitempty"`
 	Filename     string   `json:"filename,omitempty" toml:"filename,omitempty"`
 }

@ -126,7 +127,10 @@ func (repo RepositoryCustomization) customRepoToRepoConfig() rpmmd.RepoConfig {
 		CheckRepoGPG: repo.RepoGPGCheck,
 		Priority:     repo.Priority,
 		Enabled:      repo.Enabled,
-		IgnoreSSL:    !repo.SSLVerify,
+	}
+
+	if repo.SSLVerify != nil {
+		repoConfig.IgnoreSSL = common.ToPtr(!*repo.SSLVerify)
 	}

 	return repoConfig
--- a/internal/blueprint/repository_customizations_test.go
+++ b/internal/blueprint/repository_customizations_test.go
@ -175,14 +175,12 @@ func TestCustomRepoToRepoConfigAndGPGKeys(t *testing.T) {
 			Name: "Test no gpg keys, no filenames",
 			Repos: []RepositoryCustomization{
 				{
-					Id:        "example-1",
-					BaseURLs:  []string{"http://example-1.com"},
-					SSLVerify: true,
+					Id:       "example-1",
+					BaseURLs: []string{"http://example-1.com"},
 				},
 				{
-					Id:        "example-2",
-					BaseURLs:  []string{"http://example-2.com"},
-					SSLVerify: true,
+					Id:       "example-2",
+					BaseURLs: []string{"http://example-2.com"},
 				},
 			},
 			WantRepoConfig: map[string][]rpmmd.RepoConfig{
@ -207,16 +205,14 @@ func TestCustomRepoToRepoConfigAndGPGKeys(t *testing.T) {
 			Name: "Test no gpg keys, filenames",
 			Repos: []RepositoryCustomization{
 				{
-					Id:        "example-1",
-					BaseURLs:  []string{"http://example-1.com"},
-					SSLVerify: true,
-					Filename:  "test-1.repo",
+					Id:       "example-1",
+					BaseURLs: []string{"http://example-1.com"},
+					Filename: "test-1.repo",
 				},
 				{
-					Id:        "example-2",
-					BaseURLs:  []string{"http://example-2.com"},
-					SSLVerify: true,
-					Filename:  "test-2.repo",
+					Id:       "example-2",
+					BaseURLs: []string{"http://example-2.com"},
+					Filename: "test-2.repo",
 				},
 			},
 			WantRepoConfig: map[string][]rpmmd.RepoConfig{
@ -241,18 +237,16 @@ func TestCustomRepoToRepoConfigAndGPGKeys(t *testing.T) {
 			Name: "Test remote gpgkeys",
 			Repos: []RepositoryCustomization{
 				{
-					Id:        "example-1",
-					BaseURLs:  []string{"http://example-1.com"},
-					GPGKeys:   []string{"http://example-1.com/gpgkey"},
-					GPGCheck:  common.ToPtr(true),
-					SSLVerify: true,
+					Id:       "example-1",
+					BaseURLs: []string{"http://example-1.com"},
+					GPGKeys:  []string{"http://example-1.com/gpgkey"},
+					GPGCheck: common.ToPtr(true),
 				},
 				{
-					Id:        "example-2",
-					BaseURLs:  []string{"http://example-2.com"},
-					GPGKeys:   []string{"http://example-2.com/gpgkey"},
-					GPGCheck:  common.ToPtr(true),
-					SSLVerify: true,
+					Id:       "example-2",
+					BaseURLs: []string{"http://example-2.com"},
+					GPGKeys:  []string{"http://example-2.com/gpgkey"},
+					GPGCheck: common.ToPtr(true),
 				},
 			},
 			WantRepoConfig: map[string][]rpmmd.RepoConfig{
@ -279,18 +273,16 @@ func TestCustomRepoToRepoConfigAndGPGKeys(t *testing.T) {
 			Name: "Test inline gpgkeys",
 			Repos: []RepositoryCustomization{
 				{
-					Id:        "example-1",
-					BaseURLs:  []string{"http://example-1.com"},
-					GPGKeys:   []string{"-----BEGIN PGP PUBLIC KEY BLOCK-----fake-gpg-key-1-----END PGP PUBLIC KEY BLOCK-----\n"},
-					GPGCheck:  common.ToPtr(true),
-					SSLVerify: true,
+					Id:       "example-1",
+					BaseURLs: []string{"http://example-1.com"},
+					GPGKeys:  []string{"-----BEGIN PGP PUBLIC KEY BLOCK-----fake-gpg-key-1-----END PGP PUBLIC KEY BLOCK-----\n"},
+					GPGCheck: common.ToPtr(true),
 				},
 				{
-					Id:        "example-2",
-					BaseURLs:  []string{"http://example-2.com"},
-					GPGKeys:   []string{"-----BEGIN PGP PUBLIC KEY BLOCK-----fake-gpg-key-2-----END PGP PUBLIC KEY BLOCK-----\n"},
-					GPGCheck:  common.ToPtr(true),
-					SSLVerify: true,
+					Id:       "example-2",
+					BaseURLs: []string{"http://example-2.com"},
+					GPGKeys:  []string{"-----BEGIN PGP PUBLIC KEY BLOCK-----fake-gpg-key-2-----END PGP PUBLIC KEY BLOCK-----\n"},
+					GPGCheck: common.ToPtr(true),
 				},
 			},
 			WantRepoConfig: map[string][]rpmmd.RepoConfig{
@ -326,8 +318,7 @@ func TestCustomRepoToRepoConfigAndGPGKeys(t *testing.T) {
 						"-----BEGIN PGP PUBLIC KEY BLOCK-----fake-gpg-key-1-----END PGP PUBLIC KEY BLOCK-----\n",
 						"-----BEGIN PGP PUBLIC KEY BLOCK-----fake-gpg-key-2-----END PGP PUBLIC KEY BLOCK-----\n",
 					},
-					GPGCheck:  common.ToPtr(true),
-					SSLVerify: true,
+					GPGCheck: common.ToPtr(true),
 				},
 				{
 					Id:       "example-2",
@ -336,8 +327,7 @@ func TestCustomRepoToRepoConfigAndGPGKeys(t *testing.T) {
 						"-----BEGIN PGP PUBLIC KEY BLOCK-----fake-gpg-key-1-----END PGP PUBLIC KEY BLOCK-----\n",
 						"-----BEGIN PGP PUBLIC KEY BLOCK-----fake-gpg-key-2-----END PGP PUBLIC KEY BLOCK-----\n",
 					},
-					GPGCheck:  common.ToPtr(true),
-					SSLVerify: true,
+					GPGCheck: common.ToPtr(true),
 				},
 			},
 			WantRepoConfig: map[string][]rpmmd.RepoConfig{
--- a/internal/cloudapi/v2/handler.go
+++ b/internal/cloudapi/v2/handler.go
@ -371,7 +371,7 @@ func (h *apiHandlers) PostCompose(ctx echo.Context) error {
 			}

 			if repo.SslVerify != nil {
-				repoCustomization.SSLVerify = *repo.SslVerify
+				repoCustomization.SSLVerify = repo.SslVerify
 			}

 			if repo.Priority != nil {
@ -1441,7 +1441,7 @@ func genRepoConfig(repo Repository) (*rpmmd.RepoConfig, error) {
 		repoConfig.GPGKeys = []string{*repo.Gpgkey}
 	}
 	if repo.IgnoreSsl != nil {
-		repoConfig.IgnoreSSL = *repo.IgnoreSsl
+		repoConfig.IgnoreSSL = repo.IgnoreSsl
 	}

 	if repo.CheckGpg != nil {
@ -1451,7 +1451,7 @@ func genRepoConfig(repo Repository) (*rpmmd.RepoConfig, error) {
 		repoConfig.GPGKeys = []string{*repo.Gpgkey}
 	}
 	if repo.IgnoreSsl != nil {
-		repoConfig.IgnoreSSL = *repo.IgnoreSsl
+		repoConfig.IgnoreSSL = repo.IgnoreSsl
 	}
 	if repo.CheckRepoGpg != nil {
 		repoConfig.CheckRepoGPG = repo.CheckRepoGpg
--- a/internal/cloudapi/v2/v2_internal_test.go
+++ b/internal/cloudapi/v2/v2_internal_test.go
@ -110,7 +110,7 @@ func TestRepoConfigConversion(t *testing.T) {
 				MirrorList:     "",
 				GPGKeys:        []string{"some-kind-of-key"},
 				CheckGPG:       common.ToPtr(true),
-				IgnoreSSL:      false,
+				IgnoreSSL:      common.ToPtr(false),
 				MetadataExpire: "",
 				RHSM:           false,
 				ImageTypeTags:  nil,
@ -133,7 +133,7 @@ func TestRepoConfigConversion(t *testing.T) {
 				Metalink:       "", // since BaseURL is specified, MetaLink is not copied
 				MirrorList:     "", // since BaseURL is specified, MirrorList is not copied
 				CheckGPG:       nil,
-				IgnoreSSL:      true,
+				IgnoreSSL:      common.ToPtr(true),
 				MetadataExpire: "",
 				RHSM:           false,
 				ImageTypeTags:  nil,
@ -155,7 +155,7 @@ func TestRepoConfigConversion(t *testing.T) {
 				Metalink:       "", // since MirrorList is specified, MetaLink is not copied
 				MirrorList:     "http://example.org/mirrorlist",
 				CheckGPG:       nil,
-				IgnoreSSL:      true,
+				IgnoreSSL:      common.ToPtr(true),
 				MetadataExpire: "",
 				RHSM:           false,
 				ImageTypeTags:  nil,
@ -177,7 +177,7 @@ func TestRepoConfigConversion(t *testing.T) {
 				Metalink:       "http://example.org/metalink",
 				MirrorList:     "",
 				CheckGPG:       nil,
-				IgnoreSSL:      true,
+				IgnoreSSL:      common.ToPtr(true),
 				MetadataExpire: "",
 				RHSM:           true,
 				ImageTypeTags:  nil,
--- a/internal/dnfjson/dnfjson.go
+++ b/internal/dnfjson/dnfjson.go
@ -266,7 +266,6 @@ func (s *Solver) reposFromRPMMD(rpmRepos []rpmmd.RepoConfig) ([]repoConfig, erro
 			Metalink:       rr.Metalink,
 			MirrorList:     rr.MirrorList,
 			GPGKeys:        rr.GPGKeys,
-			IgnoreSSL:      rr.IgnoreSSL,
 			MetadataExpire: rr.MetadataExpire,
 			repoHash:       rr.Hash(),
 		}
@ -279,6 +278,10 @@ func (s *Solver) reposFromRPMMD(rpmRepos []rpmmd.RepoConfig) ([]repoConfig, erro
 			dr.CheckRepoGPG = *rr.CheckRepoGPG
 		}

+		if rr.IgnoreSSL != nil {
+			dr.IgnoreSSL = *rr.IgnoreSSL
+		}
+
 		if rr.RHSM {
 			if s.subscriptions == nil {
 				return nil, fmt.Errorf("This system does not have any valid subscriptions. Subscribe it before specifying rhsm: true in sources.")
@ -458,7 +461,9 @@ func (pkgs packageSpecs) toRPMMD(repos map[string]rpmmd.RepoConfig) []rpmmd.Pack
 		if repo.CheckGPG != nil {
 			rpmDependencies[i].CheckGPG = *repo.CheckGPG
 		}
-		rpmDependencies[i].IgnoreSSL = repo.IgnoreSSL
+		if repo.IgnoreSSL != nil {
+			rpmDependencies[i].IgnoreSSL = *repo.IgnoreSSL
+		}
 		if repo.RHSM {
 			rpmDependencies[i].Secrets = "org.osbuild.rhsm"
 		}
--- a/internal/dnfjson/dnfjson_test.go
+++ b/internal/dnfjson/dnfjson_test.go
@ -8,6 +8,7 @@ import (
 	"strings"
 	"testing"

+	"github.com/osbuild/osbuild-composer/internal/common"
 	"github.com/osbuild/osbuild-composer/internal/mocks/rpmrepo"
 	"github.com/osbuild/osbuild-composer/internal/rpmmd"
 	"github.com/stretchr/testify/assert"
@ -115,13 +116,13 @@ func TestMakeDepsolveRequest(t *testing.T) {
 					ID:       baseOS.Hash(),
 					Name:     "baseos",
 					BaseURLs: []string{"https://example.org/baseos"},
-					repoHash: "b6b5cb4aae14a9ccc5f925876857b5cbfd757713a7c60e4c287502db80d8ecae",
+					repoHash: "fdc2e5bb6cda8e113308df9396a005b81a55ec00ec29aa0a447952ad4248d803",
 				},
 				{
 					ID:       appstream.Hash(),
 					Name:     "appstream",
 					BaseURLs: []string{"https://example.org/appstream"},
-					repoHash: "de4ae5f6f8288c8e6c745cac22bf3d923d3c738cc68c4b6046acac9a5eb3b8da",
+					repoHash: "71c280f63a779a8bf53961ec2f15d51d052021de024a4e06ae499b8029701808",
 				},
 			},
 		},
@ -154,19 +155,19 @@ func TestMakeDepsolveRequest(t *testing.T) {
 					ID:       baseOS.Hash(),
 					Name:     "baseos",
 					BaseURLs: []string{"https://example.org/baseos"},
-					repoHash: "b6b5cb4aae14a9ccc5f925876857b5cbfd757713a7c60e4c287502db80d8ecae",
+					repoHash: "fdc2e5bb6cda8e113308df9396a005b81a55ec00ec29aa0a447952ad4248d803",
 				},
 				{
 					ID:       appstream.Hash(),
 					Name:     "appstream",
 					BaseURLs: []string{"https://example.org/appstream"},
-					repoHash: "de4ae5f6f8288c8e6c745cac22bf3d923d3c738cc68c4b6046acac9a5eb3b8da",
+					repoHash: "71c280f63a779a8bf53961ec2f15d51d052021de024a4e06ae499b8029701808",
 				},
 				{
 					ID:       userRepo.Hash(),
 					Name:     "user-repo",
 					BaseURLs: []string{"https://example.org/user-repo"},
-					repoHash: "127d1ae749d1b673dd8701871483ae93e82bff052ef2b9bf0b668ed1aca89f76",
+					repoHash: "ffbdcbe6fefded88354e22cc292a62f1dac41b23f83c5eb95c1cdae84257a713",
 				},
 			},
 		},
@ -199,13 +200,13 @@ func TestMakeDepsolveRequest(t *testing.T) {
 					ID:       baseOS.Hash(),
 					Name:     "baseos",
 					BaseURLs: []string{"https://example.org/baseos"},
-					repoHash: "b6b5cb4aae14a9ccc5f925876857b5cbfd757713a7c60e4c287502db80d8ecae",
+					repoHash: "fdc2e5bb6cda8e113308df9396a005b81a55ec00ec29aa0a447952ad4248d803",
 				},
 				{
 					ID:       appstream.Hash(),
 					Name:     "appstream",
 					BaseURLs: []string{"https://example.org/appstream"},
-					repoHash: "de4ae5f6f8288c8e6c745cac22bf3d923d3c738cc68c4b6046acac9a5eb3b8da",
+					repoHash: "71c280f63a779a8bf53961ec2f15d51d052021de024a4e06ae499b8029701808",
 				},
 			},
 		},
@ -246,19 +247,19 @@ func TestMakeDepsolveRequest(t *testing.T) {
 					ID:       baseOS.Hash(),
 					Name:     "baseos",
 					BaseURLs: []string{"https://example.org/baseos"},
-					repoHash: "b6b5cb4aae14a9ccc5f925876857b5cbfd757713a7c60e4c287502db80d8ecae",
+					repoHash: "fdc2e5bb6cda8e113308df9396a005b81a55ec00ec29aa0a447952ad4248d803",
 				},
 				{
 					ID:       appstream.Hash(),
 					Name:     "appstream",
 					BaseURLs: []string{"https://example.org/appstream"},
-					repoHash: "de4ae5f6f8288c8e6c745cac22bf3d923d3c738cc68c4b6046acac9a5eb3b8da",
+					repoHash: "71c280f63a779a8bf53961ec2f15d51d052021de024a4e06ae499b8029701808",
 				},
 				{
 					ID:       userRepo.Hash(),
 					Name:     "user-repo",
 					BaseURLs: []string{"https://example.org/user-repo"},
-					repoHash: "127d1ae749d1b673dd8701871483ae93e82bff052ef2b9bf0b668ed1aca89f76",
+					repoHash: "ffbdcbe6fefded88354e22cc292a62f1dac41b23f83c5eb95c1cdae84257a713",
 				},
 			},
 		},
@ -300,25 +301,25 @@ func TestMakeDepsolveRequest(t *testing.T) {
 					ID:       baseOS.Hash(),
 					Name:     "baseos",
 					BaseURLs: []string{"https://example.org/baseos"},
-					repoHash: "b6b5cb4aae14a9ccc5f925876857b5cbfd757713a7c60e4c287502db80d8ecae",
+					repoHash: "fdc2e5bb6cda8e113308df9396a005b81a55ec00ec29aa0a447952ad4248d803",
 				},
 				{
 					ID:       appstream.Hash(),
 					Name:     "appstream",
 					BaseURLs: []string{"https://example.org/appstream"},
-					repoHash: "de4ae5f6f8288c8e6c745cac22bf3d923d3c738cc68c4b6046acac9a5eb3b8da",
+					repoHash: "71c280f63a779a8bf53961ec2f15d51d052021de024a4e06ae499b8029701808",
 				},
 				{
 					ID:       userRepo.Hash(),
 					Name:     "user-repo",
 					BaseURLs: []string{"https://example.org/user-repo"},
-					repoHash: "127d1ae749d1b673dd8701871483ae93e82bff052ef2b9bf0b668ed1aca89f76",
+					repoHash: "ffbdcbe6fefded88354e22cc292a62f1dac41b23f83c5eb95c1cdae84257a713",
 				},
 				{
 					ID:       userRepo2.Hash(),
 					Name:     "user-repo-2",
 					BaseURLs: []string{"https://example.org/user-repo-2"},
-					repoHash: "ca314d924e273218585cd60d7a5ffd91574df7ddf5b0574b31cf558971466170",
+					repoHash: "67d1ea4f70638dbcd397c70c9a78a477f3f4ae0ac819a1f479bebfde700160c4",
 				},
 			},
 		},
@ -570,7 +571,7 @@ func TestRepoConfigHash(t *testing.T) {
 			Id:        "repoid-1",
 			Name:      "A test repository",
 			BaseURLs:  []string{"https://arepourl/"},
-			IgnoreSSL: false,
+			IgnoreSSL: common.ToPtr(false),
 		},
 		{
 			BaseURLs: []string{"https://adifferenturl/"},
@ -595,7 +596,7 @@ func TestRequestHash(t *testing.T) {
 		rpmmd.RepoConfig{
 			Name:      "A test repository",
 			BaseURLs:  []string{"https://arepourl/"},
-			IgnoreSSL: false,
+			IgnoreSSL: common.ToPtr(false),
 		},
 	}

--- a/internal/mocks/rpmrepo/rpmrepo.go
+++ b/internal/mocks/rpmrepo/rpmrepo.go
@ -21,7 +21,7 @@ func NewTestServer() *testRepoServer {
 		Name:      "cs9-baseos",
 		BaseURLs:  []string{server.URL},
 		CheckGPG:  common.ToPtr(false),
-		IgnoreSSL: true,
+		IgnoreSSL: common.ToPtr(true),
 		RHSM:      false,
 	}
 	return &testRepoServer{Server: server, RepoConfig: testrepo}
--- a/internal/rpmmd/repository.go
+++ b/internal/rpmmd/repository.go
@ -40,7 +40,7 @@ type RepoConfig struct {
 	CheckGPG       *bool    `json:"check_gpg,omitempty"`
 	CheckRepoGPG   *bool    `json:"check_repo_gpg,omitempty"`
 	Priority       *int     `json:"priority,omitempty"`
-	IgnoreSSL      bool     `json:"ignore_ssl,omitempty"`
+	IgnoreSSL      *bool    `json:"ignore_ssl,omitempty"`
 	MetadataExpire string   `json:"metadata_expire,omitempty"`
 	RHSM           bool     `json:"rhsm,omitempty"`
 	Enabled        *bool    `json:"enabled,omitempty"`
@ -67,7 +67,7 @@ func (r *RepoConfig) Hash() string {
 		ats(r.GPGKeys)+
 		bpts(r.CheckGPG)+
 		bpts(r.CheckRepoGPG)+
-		bts(r.IgnoreSSL)+
+		bpts(r.IgnoreSSL)+
 		r.MetadataExpire+
 		bts(r.RHSM))))
 }
--- a/internal/rpmmd/test/repository_test.go
+++ b/internal/rpmmd/test/repository_test.go
@ -222,7 +222,7 @@ func TestOldWorkerRepositoryCompatUnmarshal(t *testing.T) {
 				GPGKeys:        []string{"key1", "key2"},
 				CheckGPG:       common.ToPtr(true),
 				CheckRepoGPG:   common.ToPtr(true),
-				IgnoreSSL:      true,
+				IgnoreSSL:      common.ToPtr(true),
 				Priority:       common.ToPtr(10),
 				MetadataExpire: "test",
 				RHSM:           true,
@ -276,7 +276,7 @@ func TestOldWorkerRepositoryCompatMarshal(t *testing.T) {
 				CheckGPG:       common.ToPtr(true),
 				CheckRepoGPG:   common.ToPtr(true),
 				Priority:       common.ToPtr(10),
-				IgnoreSSL:      true,
+				IgnoreSSL:      common.ToPtr(true),
 				MetadataExpire: "test",
 				RHSM:           true,
 				Enabled:        common.ToPtr(true),
--- a/internal/store/store.go
+++ b/internal/store/store.go
@ -582,11 +582,10 @@ func (s *Store) GetAllDistroSources(distro string) map[string]SourceConfig {

 func NewSourceConfig(repo rpmmd.RepoConfig, system bool) SourceConfig {
 	sc := SourceConfig{
-		Name:     repo.Name,
-		System:   system,
-		RHSM:     repo.RHSM,
-		GPGKeys:  repo.GPGKeys,
-		CheckSSL: !repo.IgnoreSSL,
+		Name:    repo.Name,
+		System:  system,
+		RHSM:    repo.RHSM,
+		GPGKeys: repo.GPGKeys,
 	}

 	if repo.CheckGPG != nil {
@ -597,6 +596,14 @@ func NewSourceConfig(repo rpmmd.RepoConfig, system bool) SourceConfig {
 		sc.CheckRepoGPG = *repo.CheckRepoGPG
 	}

+	if repo.IgnoreSSL != nil {
+		sc.CheckSSL = !*repo.IgnoreSSL
+	} else {
+		// default should be true to maintain backwards compatibility
+		// and current behaviour
+		sc.CheckSSL = true
+	}
+
 	if len(repo.BaseURLs) != 0 {
 		sc.URL = strings.Join(repo.BaseURLs, ",")
 		sc.Type = "yum-baseurl"
@ -615,7 +622,7 @@ func (s *SourceConfig) RepoConfig(name string) rpmmd.RepoConfig {
 	var repo rpmmd.RepoConfig

 	repo.Name = name
-	repo.IgnoreSSL = !s.CheckSSL
+	repo.IgnoreSSL = common.ToPtr(!s.CheckSSL)
 	repo.CheckGPG = &s.CheckGPG
 	repo.RHSM = s.RHSM
 	repo.CheckRepoGPG = &s.CheckRepoGPG
--- a/internal/store/store_test.go
+++ b/internal/store/store_test.go
@ -452,7 +452,7 @@ func (suite *storeTest) TestNewSourceConfigWithMirrorList() {

 // Test converting a SourceConfig with GPGkeys to a RepoConfig
 func (suite *storeTest) TestRepoConfigGPGKeys() {
-	expectedRepo := rpmmd.RepoConfig{Name: "testSourceConfig", BaseURLs: []string{"testURL"}, Metalink: "", MirrorList: "", IgnoreSSL: true, MetadataExpire: "", CheckGPG: common.ToPtr(false), CheckRepoGPG: common.ToPtr(true), GPGKeys: []string{"http://path.to.gpgkeys/key.pub", "-----BEGIN PGP PUBLIC KEY BLOCK-----\nFULL GPG KEY HERE\n-----END PGP PUBLIC KEY BLOCK-----"}}
+	expectedRepo := rpmmd.RepoConfig{Name: "testSourceConfig", BaseURLs: []string{"testURL"}, Metalink: "", MirrorList: "", IgnoreSSL: common.ToPtr(true), MetadataExpire: "", CheckGPG: common.ToPtr(false), CheckRepoGPG: common.ToPtr(true), GPGKeys: []string{"http://path.to.gpgkeys/key.pub", "-----BEGIN PGP PUBLIC KEY BLOCK-----\nFULL GPG KEY HERE\n-----END PGP PUBLIC KEY BLOCK-----"}}
 	mySourceConfig := suite.mySourceConfig
 	mySourceConfig.Type = "yum-baseurl"
 	mySourceConfig.URL = "testURL"
@ -463,7 +463,7 @@ func (suite *storeTest) TestRepoConfigGPGKeys() {
 }

 func (suite *storeTest) TestRepoConfigBaseURL() {
-	expectedRepo := rpmmd.RepoConfig{Name: "testSourceConfig", BaseURLs: []string{"testURL"}, Metalink: "", MirrorList: "", IgnoreSSL: true, CheckGPG: common.ToPtr(false), CheckRepoGPG: common.ToPtr(false), MetadataExpire: ""}
+	expectedRepo := rpmmd.RepoConfig{Name: "testSourceConfig", BaseURLs: []string{"testURL"}, Metalink: "", MirrorList: "", IgnoreSSL: common.ToPtr(true), CheckGPG: common.ToPtr(false), CheckRepoGPG: common.ToPtr(false), MetadataExpire: ""}
 	suite.mySourceConfig.Type = "yum-baseurl"
 	suite.mySourceConfig.URL = "testURL"
 	actualRepo := suite.mySourceConfig.RepoConfig("testSourceConfig")
@ -471,7 +471,7 @@ func (suite *storeTest) TestRepoConfigBaseURL() {
 }

 func (suite *storeTest) TestRepoConfigMetalink() {
-	expectedRepo := rpmmd.RepoConfig{Name: "testSourceConfig", Metalink: "testURL", MirrorList: "", IgnoreSSL: true, CheckGPG: common.ToPtr(false), CheckRepoGPG: common.ToPtr(false), MetadataExpire: ""}
+	expectedRepo := rpmmd.RepoConfig{Name: "testSourceConfig", Metalink: "testURL", MirrorList: "", IgnoreSSL: common.ToPtr(true), CheckGPG: common.ToPtr(false), CheckRepoGPG: common.ToPtr(false), MetadataExpire: ""}
 	suite.mySourceConfig.Type = "yum-metalink"
 	suite.mySourceConfig.URL = "testURL"
 	actualRepo := suite.mySourceConfig.RepoConfig("testSourceConfig")
@ -479,7 +479,7 @@ func (suite *storeTest) TestRepoConfigMetalink() {
 }

 func (suite *storeTest) TestRepoConfigMirrorlist() {
-	expectedRepo := rpmmd.RepoConfig{Name: "testSourceConfig", Metalink: "", MirrorList: "testURL", IgnoreSSL: true, CheckGPG: common.ToPtr(false), CheckRepoGPG: common.ToPtr(false), MetadataExpire: ""}
+	expectedRepo := rpmmd.RepoConfig{Name: "testSourceConfig", Metalink: "", MirrorList: "testURL", IgnoreSSL: common.ToPtr(true), CheckGPG: common.ToPtr(false), CheckRepoGPG: common.ToPtr(false), MetadataExpire: ""}
 	suite.mySourceConfig.Type = "yum-mirrorlist"
 	suite.mySourceConfig.URL = "testURL"
 	actualRepo := suite.mySourceConfig.RepoConfig("testSourceConfig")