From 8c8e9bd530b5232414dce3f8a1fb4791e3ea9bcf Mon Sep 17 00:00:00 2001
From: Ian Gulliver <flamingcow@gmail.com>
Date: Tue, 5 Apr 2016 21:55:44 -0700
Subject: [PATCH] Untested autoimage HTTPS server/client cert support by
 copying into the image.

---
 server/modules/autoimage.py | 41 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/server/modules/autoimage.py b/server/modules/autoimage.py
index 16f3547..d37686d 100755
--- a/server/modules/autoimage.py
+++ b/server/modules/autoimage.py
@@ -28,6 +28,18 @@ parser.add_argument(
     dest='device',
     action='store',
     required=True)
+parser.add_argument(
+    '--https-ca-cert',
+    dest='https_ca_cert',
+    action='store')
+parser.add_argument(
+    '--https-client-cert',
+    dest='https_client_cert',
+    action='store')
+parser.add_argument(
+    '--https-client-key',
+    dest='https_client_key',
+    action='store')
 parser.add_argument(
     '--persistent-percent',
     dest='persistent_percent',
@@ -64,6 +76,32 @@ def main():
       FLAGS.ca_cert,
       os.path.join(FLAGS.chroot_path, 'autoimage', 'config', 'ca.cert.pem'))
 
+  image_flags = []
+
+  if FLAGS.https_ca_cert:
+    https_ca_cert_path = os.path.join('autoimage', 'config', 'https-ca.cert.pem')
+    shutil.copyfile(
+      FLAGS.https_ca_cert,
+      os.path.join(FLAGS.chroot_path, https_ca_cert_path))
+    image_flags.extend([
+        '--https-ca-cert', os.path.join('/', https_ca_cert_path),
+    ])
+
+  if FLAGS.https_client_cert and FLAGS.https_client_key:
+    https_client_cert_path = os.path.join('autoimage', 'config', 'https-client.cert.pem')
+    shutil.copyfile(
+      FLAGS.https_client_cert,
+      os.path.join(FLAGS.chroot_path, https_client_cert_path))
+    https_client_key_path = os.path.join('autoimage', 'config', 'https-client.key.pem')
+    shutil.copyfile(
+      FLAGS.https_client_key,
+      os.path.join(FLAGS.chroot_path, https_client_key_path))
+    os.chmod(os.path.join(FLAGS.chroot_path, https_client_key_path), 0o400)
+    image_flags.extend([
+        '--https-client-cert', os.path.join('/', https_client_cert_path),
+        '--https-client-key', os.path.join('/', https_client_key_path),
+    ])
+
   parsed = parse.urlparse(FLAGS.base_url)
 
   init = os.path.join(FLAGS.chroot_path, 'etc', 'init', 'autoimage.conf')
@@ -79,7 +117,7 @@ script
   chvt 7
   /autoimage/client/wait_for_service.py --host=%(host)s --service=%(service)s </dev/tty7 >/dev/tty7 2>&1
   chvt 7
-  /autoimage/imager/image.py --device=%(device)s --persistent-percent=%(persistent_percent)d --ca-cert=/autoimage/config/ca.cert.pem --base-url=%(base_url)s </dev/tty7 >/dev/tty7 2>&1
+  /autoimage/imager/image.py --device=%(device)s --persistent-percent=%(persistent_percent)d --ca-cert=/autoimage/config/ca.cert.pem --base-url=%(base_url)s %(image_flags)s </dev/tty7 >/dev/tty7 2>&1
   chvt 7
 
   echo >/dev/tty7
@@ -95,6 +133,7 @@ end script
       'device': FLAGS.device,
       'persistent_percent': FLAGS.persistent_percent,
       'base_url': FLAGS.base_url,
+      'image_flags': ' '.join(image_flags),
     })