particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

stages,sources/dnf: allow passing certificate data

Browse source 
Add support for dnf's sslcacert, sslclientcert, and sslclientkey
options. The latter two are passed as secrets (clientcert as well
because it might be a pem file that also includes the private key).

Sources run on the host, so their options may contain paths to the host
file system. Make use of that by accepting only paths in those options,
because it allows using tools to deal with certificate files.

Also make sure that the dnf source only returns options it knows about.
This commit is contained in:
Lars Karlitski 2020-01-06 23:49:14 +01:00 committed by Tom Gundersen
parent 12b5c6aaa4
commit 59ffebaff0
2 changed files with 37 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

7
stages/org.osbuild.dnf
View file

@ -165,6 +165,13 @@ def write_repofile(f, repoid, repo, keydir):
if value:
write_option(key, value)
for cert in ("sslcacert", "sslclientcert", "sslclientkey"):
if cert in repo:
path = f"{keydir}/{cert}.pem"
with open(path, "w") as certfile:
certfile.write(repo[cert])
write_option(cert, path)
if "gpgkey" in repo:
keyfile = f"{keydir}/{repoid}.asc"
with open(keyfile, "w") as key: