Support certs in fetcher

client/fetch_and_update.sh

@@ -12,5 +12,16 @@ BOOT="/isodevice"
 FLAGS="$(cat /icon/config/fetcher.flags)"
 CA_CERT="/icon/config/ca.image.cert.pem"
 
-"${BASE}/fetcher.py" --image-dir="${IMAGES}" --ca-cert="${CA_CERT}" ${FLAGS}
+HTTPS_CLIENT_KEY="/systemid/$(hostname).www.key.pem"
+HTTPS_CLIENT_CERT="/systemid/$(hostname).www.cert.pem"
+HTTPS_CA_CERT="/icon/config/ca.www.cert.pem"
+
+if test -e "${HTTPS_CLIENT_KEY}" -a -e "${HTTPS_CLIENT_CERT}"; then
+  HTTPS_CLIENT_FLAGS="--https-client-cert=${HTTPS_CLIENT_CERT} --https-client-key=${HTTPS_CLIENT_KEY}"
+fi
+if test -e "${HTTPS_CA_CERT}"; then
+  HTTPS_CA_FLAGS="--https-ca-cert=${HTTPS_CA_CERT}"
+fi
+
+"${BASE}/fetcher.py" --image-dir="${IMAGES}" --ca-cert="${CA_CERT}" ${FLAGS} ${HTTPS_CLIENT_FLAGS} ${HTTPS_CA_FLAGS}
 "${BASE}/update_grub.py" --image-dir="${IMAGES}" --boot-dir="${BOOT}" > "${BOOT}/grub/grub.cfg.tmp" && mv "${BOOT}/grub/grub.cfg.tmp" "${BOOT}/grub/grub.cfg"

server/modules/iconograph.py

@@ -22,6 +22,10 @@ parser.add_argument(
     dest='chroot_path',
     action='store',
     required=True)
+parser.add_argument(
+    '--https-ca-cert',
+    dest='https_ca_cert',
+    action='store')
 parser.add_argument(
     '--max-images',
     dest='max_images',
@@ -60,6 +64,12 @@ def main():
       FLAGS.ca_cert,
       os.path.join(FLAGS.chroot_path, 'icon', 'config', 'ca.image.cert.pem'))
 
+  if FLAGS.https_ca_cert:
+    shutil.copyfile(
+        FLAGS.https_ca_cert,
+        os.path.join(FLAGS.chroot_path, 'icon', 'config', 'ca.www.cert.pem'))
+
+
   path = os.path.join(FLAGS.chroot_path, 'icon', 'config', 'fetcher.flags')
   with open(path, 'w') as fh:
     fh.write('--base-url=%(base_url)s --max-images=%(max_images)d\n' % {