Support certs in fetcher

2016-04-06 22:52:48 -07:00
parent 1e1fff2e1c
commit 14f2be7e10
2 changed files with 22 additions and 1 deletions
--- a/client/fetch_and_update.sh
+++ b/client/fetch_and_update.sh
@@ -12,5 +12,16 @@ BOOT="/isodevice"
 FLAGS="$(cat /icon/config/fetcher.flags)"
 CA_CERT="/icon/config/ca.image.cert.pem"

-"${BASE}/fetcher.py" --image-dir="${IMAGES}" --ca-cert="${CA_CERT}" ${FLAGS}
+HTTPS_CLIENT_KEY="/systemid/$(hostname).www.key.pem"
+HTTPS_CLIENT_CERT="/systemid/$(hostname).www.cert.pem"
+HTTPS_CA_CERT="/icon/config/ca.www.cert.pem"
+
+if test -e "${HTTPS_CLIENT_KEY}" -a -e "${HTTPS_CLIENT_CERT}"; then
+  HTTPS_CLIENT_FLAGS="--https-client-cert=${HTTPS_CLIENT_CERT} --https-client-key=${HTTPS_CLIENT_KEY}"
+fi
+if test -e "${HTTPS_CA_CERT}"; then
+  HTTPS_CA_FLAGS="--https-ca-cert=${HTTPS_CA_CERT}"
+fi
+
+"${BASE}/fetcher.py" --image-dir="${IMAGES}" --ca-cert="${CA_CERT}" ${FLAGS} ${HTTPS_CLIENT_FLAGS} ${HTTPS_CA_FLAGS}
 "${BASE}/update_grub.py" --image-dir="${IMAGES}" --boot-dir="${BOOT}" > "${BOOT}/grub/grub.cfg.tmp" && mv "${BOOT}/grub/grub.cfg.tmp" "${BOOT}/grub/grub.cfg"
--- a/server/modules/iconograph.py
+++ b/server/modules/iconograph.py
@@ -22,6 +22,10 @@ parser.add_argument(
    dest='chroot_path',
    action='store',
    required=True)
+parser.add_argument(
+    '--https-ca-cert',
+    dest='https_ca_cert',
+    action='store')
 parser.add_argument(
    '--max-images',
    dest='max_images',
@@ -60,6 +64,12 @@ def main():
      FLAGS.ca_cert,
      os.path.join(FLAGS.chroot_path, 'icon', 'config', 'ca.image.cert.pem'))

+  if FLAGS.https_ca_cert:
+    shutil.copyfile(
+        FLAGS.https_ca_cert,
+        os.path.join(FLAGS.chroot_path, 'icon', 'config', 'ca.www.cert.pem'))
+
+
  path = os.path.join(FLAGS.chroot_path, 'icon', 'config', 'fetcher.flags')
  with open(path, 'w') as fh:
    fh.write('--base-url=%(base_url)s --max-images=%(max_images)d\n' % {