Skip to content

Commit

Permalink
bib: load repo keys using external paths
Browse files Browse the repository at this point in the history
Since d192f85, we switched to using dnf
(osbuild-depsolve-dnf) from BIB itself, but using the base (bootc)
container root to read configurations, certificates, keys, etc.
Unfortunately, what we didn't change, is the way in which we load the
repository certs after the depsolve.

The extractTLSKeys() function currently takes a Container instance which
implements ReadFile() by `cat`ing a file from inside the running
container.  However, the paths we get from the depsolve are relative to
the BIB worktree.  Therefore, we can simply read the files directly.

Add a SimpleFileReader that implements the fileReader interface to
simply read a file from a path.  We could simplify this to not require
a reader interface at all, but let's keep the implementation in case we
ever need to switch back to the older way of depsolving from inside the
container.

Resolves COMPOSER-2408
  • Loading branch information
achilleas-k committed Nov 28, 2024
1 parent 8d1aed1 commit f7cbc65
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 1 deletion.
2 changes: 1 addition & 1 deletion bib/cmd/bootc-image-builder/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -311,7 +311,7 @@ func manifestFromCobra(cmd *cobra.Command, args []string) ([]byte, *mTLSConfig,
return nil, nil, err
}

mTLS, err := extractTLSKeys(container, repos)
mTLS, err := extractTLSKeys(SimpleFileReader{}, repos)
if err != nil {
return nil, nil, err
}
Expand Down
13 changes: 13 additions & 0 deletions bib/cmd/bootc-image-builder/mtls.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package main

import (
"fmt"
"io"
"os"
"path"

Expand All @@ -19,6 +20,18 @@ type fileReader interface {
ReadFile(string) ([]byte, error)
}

type SimpleFileReader struct{}

func (SimpleFileReader) ReadFile(path string) ([]byte, error) {
fp, err := os.Open(path)
if err != nil {
return nil, fmt.Errorf("error opening file %q: %w", path, err)
}
defer fp.Close()

return io.ReadAll(fp)
}

func extractTLSKeys(reader fileReader, repoSets map[string][]rpmmd.RepoConfig) (*mTLSConfig, error) {
var keyPath, certPath, caPath string
for _, set := range repoSets {
Expand Down

0 comments on commit f7cbc65

Please sign in to comment.