Task #912

Updated by almost 9 years ago

The importer needs to support the following additional configuration properties: 

 * KEY_SSL_CA_CERT = 'ssl_ca_cert' 
 * KEY_SSL_VALIDATION = 'ssl_validation' 
 * KEY_SSL_CLIENT_CERT = 'ssl_client_cert' 
 * KEY_SSL_CLIENT_KEY = 'ssl_client_key' 

 * KEY_GPG = 'gpg_key' 

 Values are set in the remote options on remote-add. 
 (see: man ostree.repo-config): 

        tls-client-cert-path = KEY_SSL_CLIENT_CERT 
            Path to file for client-side certificate, to present when making requests to this repository. 

        tls-client-key-path = KEY_SSL_CLIENT_KEY 
            Path to file containing client-side certificate key, to present when making requests to this repository. 

        tls-ca-path = KEY_SSL_CA_CERT 
            Path to file containing trusted anchors instead of the system CA database. 

        tls-permissive = (not KEY_SSL_VALIDATION) 
            A boolean value, defaults to false. By default, server TLS certificates will be checked against the system certificate store. If this variable is 
            set, any certificate will be accepted. 
        gpg-verify = (KEY_GPG is not None) 
            A boolean value, defaults to true. Controls whether or not OSTree will require commits to be signed by a known GPG key. For more information, see 
            the ostree(1) manual under GPG. 


 The GPG key will need to be stored as keyring files in /usr/share/ostree/trusted.gpg.d 
 When a GPG key is specifed, gpg-verify=1 must be specified in the remote options. 

 * Pulp stores the GPG keys in the DB. 
 * Find out if libostree can be handed the keys directly.    If not, let's see if libostree can be changed to support a different file location.