bib: load repo keys using external paths (COMPOSER-2408) #734
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Since d192f85, we switched to using dnf (osbuild-depsolve-dnf) from BIB itself, but using the base (bootc) container root to read configurations, certificates, keys, etc. Unfortunately, what we didn't change, is the way in which we load the repository certs after the depsolve.
The extractTLSKeys() function currently takes a Container instance which implements ReadFile() by
cat
ing a file from inside the running container. However, the paths we get from the depsolve are relative to the BIB worktree. Therefore, we can simply read the files directly.Add a SimpleFileReader that implements the fileReader interface to simply read a file from a path. We could simplify this to not require a reader interface at all, but let's keep the implementation in case we ever need to switch back to the older way of depsolving from inside the container.
Resolves COMPOSER-2408