29643c2e06
Create some utility functions that will be used for implementing custom repo configuration files. This commit adds these functions: - a helper to get the filename of a custom repo, or the `<repo-id>.repo` if the filename is empty - a function to convert the custom repos to a map of `RepoConfig`. This function also creates an `fsnode.File` for each inline gpg key set in the customizations and swaps the inline key for the file path. The function returns the map of `RepoConfig` and a list of `fsnode.File` containing the inline gpg keys.
104 lines
3.4 KiB
Go
104 lines
3.4 KiB
Go
package blueprint
|
|
|
|
import (
|
|
"fmt"
|
|
"net/url"
|
|
|
|
"github.com/osbuild/osbuild-composer/internal/fsnode"
|
|
"github.com/osbuild/osbuild-composer/internal/rpmmd"
|
|
)
|
|
|
|
type RepositoryCustomization struct {
|
|
Id string `json:"id" toml:"id"`
|
|
BaseURLs []string `json:"baseurls,omitempty" toml:"baseurls,omitempty"`
|
|
GPGKeys []string `json:"gpgkeys,omitempty" toml:"gpgkeys,omitempty"`
|
|
Metalink string `json:"metalink,omitempty" toml:"metalink,omitempty"`
|
|
Mirrorlist string `json:"mirrorlist,omitempty" toml:"mirrorlist,omitempty"`
|
|
Name string `json:"name,omitempty" toml:"name,omitempty"`
|
|
Priority *int `json:"priority,omitempty" toml:"priority,omitempty"`
|
|
Enabled *bool `json:"enabled,omitempty" toml:"enabled,omitempty"`
|
|
GPGCheck *bool `json:"gpgcheck,omitempty" toml:"gpgcheck,omitempty"`
|
|
RepoGPGCheck *bool `json:"repo_gpgcheck,omitempty" toml:"repo_gpgcheck,omitempty"`
|
|
SSLVerify bool `json:"sslverify,omitempty" toml:"sslverify,omitempty"`
|
|
Filename string `json:"filename,omitempty" toml:"filename,omitempty"`
|
|
}
|
|
|
|
func validateCustomRepository(repo *RepositoryCustomization) error {
|
|
if repo.Id == "" {
|
|
return fmt.Errorf("Repository ID is required")
|
|
}
|
|
|
|
if len(repo.BaseURLs) == 0 && repo.Mirrorlist == "" && repo.Metalink == "" {
|
|
return fmt.Errorf("Repository base URL, mirrorlist or metalink is required")
|
|
}
|
|
|
|
if repo.GPGCheck != nil && *repo.GPGCheck && len(repo.GPGKeys) == 0 {
|
|
return fmt.Errorf("Repository gpg check is set to true but no gpg keys are provided")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (rc *RepositoryCustomization) getFilename() string {
|
|
if rc.Filename == "" {
|
|
return fmt.Sprintf("%s.repo", rc.Id)
|
|
}
|
|
return rc.Filename
|
|
}
|
|
|
|
func RepoCustomizationsToRepoConfigAndGPGKeyFiles(repos []RepositoryCustomization) (map[string][]rpmmd.RepoConfig, []*fsnode.File, error) {
|
|
if len(repos) == 0 {
|
|
return nil, nil, nil
|
|
}
|
|
|
|
repoMap := make(map[string][]rpmmd.RepoConfig, len(repos))
|
|
var gpgKeyFiles []*fsnode.File
|
|
for _, repo := range repos {
|
|
filename := repo.getFilename()
|
|
convertedRepo := repo.customRepoToRepoConfig()
|
|
|
|
// convert any inline gpgkeys to fsnode.File and
|
|
// replace the gpgkey with the file path
|
|
for idx, gpgkey := range repo.GPGKeys {
|
|
if _, ok := url.ParseRequestURI(gpgkey); ok != nil {
|
|
// create the file path
|
|
path := fmt.Sprintf("/etc/pki/rpm-gpg/RPM-GPG-KEY-%s-%d", repo.Id, idx)
|
|
// replace the gpgkey with the file path
|
|
convertedRepo.GPGKeys[idx] = fmt.Sprintf("file://%s", path)
|
|
// create the fsnode for the gpgkey keyFile
|
|
keyFile, err := fsnode.NewFile(path, nil, nil, nil, []byte(gpgkey))
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
gpgKeyFiles = append(gpgKeyFiles, keyFile)
|
|
}
|
|
}
|
|
|
|
repoMap[filename] = append(repoMap[filename], convertedRepo)
|
|
}
|
|
|
|
return repoMap, gpgKeyFiles, nil
|
|
}
|
|
|
|
func (repo RepositoryCustomization) customRepoToRepoConfig() rpmmd.RepoConfig {
|
|
urls := make([]string, len(repo.BaseURLs))
|
|
copy(urls, repo.BaseURLs)
|
|
|
|
keys := make([]string, len(repo.GPGKeys))
|
|
copy(keys, repo.GPGKeys)
|
|
|
|
repoConfig := rpmmd.RepoConfig{
|
|
Id: repo.Id,
|
|
BaseURLs: urls,
|
|
GPGKeys: keys,
|
|
Name: repo.Name,
|
|
Metalink: repo.Metalink,
|
|
MirrorList: repo.Mirrorlist,
|
|
CheckGPG: repo.GPGCheck,
|
|
CheckRepoGPG: repo.RepoGPGCheck,
|
|
Priority: repo.Priority,
|
|
Enabled: repo.Enabled,
|
|
IgnoreSSL: !repo.SSLVerify,
|
|
}
|
|
|
|
return repoConfig
|
|
}
|