particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

osbuild-composer/koji: require authentication

Browse source 
In the same way we require authentication for the worker API, require
clients of the koji API to authenticate using SSL client certificates.

Signed-off-by: Tom Gundersen <teg@jklm.no>
This commit is contained in:
Tom Gundersen 2020-09-11 18:18:54 +01:00
parent a97aac5846
commit fdc303268f
1 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

15
cmd/osbuild-composer/main.go
View file

@ -151,13 +151,22 @@ func main() {
// Optionally run Koji API
if kojiListeners, exists := listeners["osbuild-composer-koji.socket"]; exists {
kojiServer := kojiapi.NewServer(workers, rpm, distros)
tlsConfig, err := createTLSConfig(&connectionConfig{
CACertFile: "/etc/osbuild-composer/ca-crt.pem",
ServerKeyFile: "/etc/osbuild-composer/composer-key.pem",
ServerCertFile: "/etc/osbuild-composer/composer-crt.pem",
})
if err != nil {
log.Fatalf("TLS configuration cannot be created: " + err.Error())
}
if len(kojiListeners) != 1 {
// Use Fatal to call os.Exit with non-zero return value
log.Fatal("The osbuild-composer-koji.socket unit is misconfigured. It should contain only one socket.")
}
kojiListener := kojiListeners[0]
kojiServer := kojiapi.NewServer(workers, rpm, distros)
kojiListener := tls.NewListener(kojiListeners[0], tlsConfig)
go func() {
err = kojiServer.Serve(kojiListener)