debian-forge-composer

History

Ondřej Budai 5b57814664 api/worker, koji: change CA logic for client certificates Prior this commit, /etc/osbuild-composer/ca-crt.pem certificate was used as an authority to validate client certificates. After this commit, the host's trusted certificates are used to do the validation. Ability to override this behaviour is also introduced: In osbuild-composer config file, under koji and worker sections, a new CA option is now available. If set, osbuild-composer uses it as a path to certificate used to validate client certificates instead of the default ones. With this feature, it's possible to restore the validation behaviour used before this change. Just put following lines in /etc/osbuild-composer/osbuild-composer.toml: [koji] ca = "/etc/osbuild-composer/ca-crt.pem" [worker] ca = "/etc/osbuild-composer/ca-crt.pem"	2020-09-23 11:08:21 +01:00
..
main.go	api/worker, koji: change CA logic for client certificates	2020-09-23 11:08:21 +01:00

Ondřej Budai 5b57814664 api/worker, koji: change CA logic for client certificates

Prior this commit, /etc/osbuild-composer/ca-crt.pem certificate was
used as an authority to validate client certificates.

After this commit, the host's trusted certificates are used to do
the validation. Ability to override this behaviour is also introduced:

In osbuild-composer config file, under koji and worker sections, a new CA
option is now available. If set, osbuild-composer uses it as a path
to certificate used to validate client certificates instead of the
default ones.

With this feature, it's possible to restore the validation behaviour
used before this change. Just put following lines in
/etc/osbuild-composer/osbuild-composer.toml:

[koji]
ca = "/etc/osbuild-composer/ca-crt.pem"

[worker]
ca = "/etc/osbuild-composer/ca-crt.pem"

2020-09-23 11:08:21 +01:00

main.go

api/worker, koji: change CA logic for client certificates

2020-09-23 11:08:21 +01:00