diff --git a/src/pins/tang/clevis-decrypt-tang b/src/pins/tang/clevis-decrypt-tang index 72393b49..550e1562 100755 --- a/src/pins/tang/clevis-decrypt-tang +++ b/src/pins/tang/clevis-decrypt-tang @@ -101,7 +101,16 @@ xfr="$(jose jwk exc -i '{"alg":"ECMR"}' -l- -r- <<< "$clt$eph")" rec_url="$url/rec/$kid" ct="Content-Type: application/jwk+json" -if ! rep="$(curl -sfg -X POST -H "$ct" --data-binary @- "$rec_url" <<< "$xfr")"; then + +# Check if netrc-file option exists +curl_net_rc_option="--netrc-file" +curl_net_rc_file="/root/.netrc" +curl --netrc-file /root/.netrc ${rec_url} || { + curl_net_rc_option="" + curl_net_rc_file="" +} + +if ! rep="$(curl "${curl_net_rc_option}" "${curl_net_rc_file}" -sfg -X POST -H "$ct" --data-binary @- "$rec_url" <<< "$xfr")"; then echo "Error communicating with server $url" >&2 exit 1 fi diff --git a/src/pins/tang/clevis-encrypt-tang b/src/pins/tang/clevis-encrypt-tang index fddb7f32..369d0993 100755 --- a/src/pins/tang/clevis-encrypt-tang +++ b/src/pins/tang/clevis-encrypt-tang @@ -75,6 +75,14 @@ if ! url="$(jose fmt -j- -Og url -u- <<< "$cfg")"; then exit 1 fi +# Check if netrc-file option exists +curl_net_rc_option="--netrc-file" +curl_net_rc_file="/root/.netrc" +curl --netrc-file /root/.netrc ${url} || { + curl_net_rc_option="" + curl_net_rc_file="" +} + thp="$(jose fmt -j- -Og thp -Su- <<< "$cfg")" || true ### Get the advertisement @@ -92,7 +100,7 @@ elif jws="$(jose fmt -j- -g adv -Su- <<< "$cfg")"; then fi thp="${thp:-any}" -elif ! jws="$(curl -sfg "$url/adv/$thp")"; then +elif ! jws="$(curl "${curl_net_rc_option}" "${curl_net_rc_file}" -sfg "$url/adv/$thp")"; then echo "Unable to fetch advertisement: '$url/adv/$thp'!" >&2 exit 1 fi