Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OSTree HTTPS Changes #56

Merged
merged 1 commit into from
May 1, 2024
Merged

OSTree HTTPS Changes #56

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion internal/pkg/config/sync.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (

const (
DefaultSyncTimeout = time.Hour
DefaultSyncMaxWorkerCount = 100
DefaultSyncMaxWorkerCount = 10
)

type SyncConfig struct {
Expand Down
63 changes: 63 additions & 0 deletions internal/plugins/ostree/pkg/libostree/pull.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,3 +259,66 @@ func HTTPHeaders(headers map[string]string) Option {
)
}
}

// TLSPermissive sets the tls-permissive option to true in the pull options.
// A boolean value, defaults to false. By default, server TLS certificates will be checked against the system certificate
// store. If this variable is set, any certificate will be accepted.
func TLSPermissive() Option {
return func(builder *C.GVariantBuilder, deferFree deferredFreeFn) {
key := C.CString("tls-permissive")
deferFree(unsafe.Pointer(key))
gVariantBuilderAddVariant(
builder,
key,
C.g_variant_new_variant(C.g_variant_new_boolean(C.gboolean(1))),
)
}
}

// TLSClientCertPath sets the tls-client-cert-path option to the given value in the pull options.
// Path to file for client-side certificate, to present when making requests to this repository.
func TLSClientCertPath(path string) Option {
return func(builder *C.GVariantBuilder, deferFree deferredFreeFn) {
key := C.CString("tls-client-cert-path")
deferFree(unsafe.Pointer(key))
value := C.CString(path)
deferFree(unsafe.Pointer(value))
gVariantBuilderAddVariant(
builder,
key,
C.g_variant_new_variant(C.g_variant_new_string(value)),
)
}
}

// TLSClientKeyPath sets the tls-client-key-path option to the given value in the pull options.
// Path to file containing client-side certificate key, to present when making requests to this repository.
func TLSClientKeyPath(path string) Option {
return func(builder *C.GVariantBuilder, deferFree deferredFreeFn) {
key := C.CString("tls-client-key-path")
deferFree(unsafe.Pointer(key))
value := C.CString(path)
deferFree(unsafe.Pointer(value))
gVariantBuilderAddVariant(
builder,
key,
C.g_variant_new_variant(C.g_variant_new_string(value)),
)
}
}

// TLSCAPath sets the tls-ca-path option to the given value in the pull options.
// Path to file containing trusted anchors instead of the system CA database.
func TLSCAPath(path string) Option {
return func(builder *C.GVariantBuilder, deferFree deferredFreeFn) {
key := C.CString("tls-ca-path")
deferFree(unsafe.Pointer(key))
value := C.CString(path)
deferFree(unsafe.Pointer(value))
gVariantBuilderAddVariant(
builder,
key,
C.g_variant_new_variant(C.g_variant_new_string(value)),
)
}
}
2 changes: 1 addition & 1 deletion internal/plugins/ostree/pkg/ostreerepository/handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ func (h *Handler) Start(ctx context.Context) {
// pullConfig pulls the config file from beskar.
func (h *Handler) pullFile(ctx context.Context, filename string) error {
// TODO: Replace with appropriate puller mechanism
url := "http://" + h.Params.GetBeskarRegistryHostPort() + path.Join("/", h.Repository, "repo", filename)
url := "https://" + h.Params.GetBeskarRegistryHostPort() + path.Join("/", h.Repository, "repo", filename)
req, err := http.NewRequest(http.MethodGet, url, nil)
if err != nil {
return err
Expand Down
8 changes: 2 additions & 6 deletions internal/plugins/ostree/pkg/ostreerepository/local.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ func (h *Handler) BeginLocalRepoTransaction(ctx context.Context, tFn Transaction
}

// Add beskar as a remote so that we can pull from it
beskarServiceURL := "http://" + h.Params.GetBeskarRegistryHostPort() + path.Join("/", h.Repository, "repo")
beskarServiceURL := "https://" + h.Params.GetBeskarRegistryHostPort() + path.Join("/", h.Repository, "repo")
if err := repo.AddRemote(beskarRemoteName, beskarServiceURL, libostree.NoGPGVerify()); err != nil {
return ctl.Errf("adding remote to ostree repository %s: %s", beskarRemoteName, err)
}
Expand All @@ -104,11 +104,7 @@ func (h *Handler) BeginLocalRepoTransaction(ctx context.Context, tFn Transaction
if err := repo.Pull(
ctx,
beskarRemoteName,
h.standardPullOptions(
libostree.HTTPHeaders(map[string]string{
"Connection": "close",
}),
)...,
h.standardPullOptions()...,
); err != nil {
return ctl.Errf("pulling ostree repository from %s: %s", beskarRemoteName, err)
}
Expand Down
Loading