Support gpg-verify=false for subcloud remote ostree pull

This commit supports the developer use-case of a system controller
ostree repo configured with gpg-verify=false. In such cases, the
subcloud ostree repo instances must also be configured with
gpg-verify=false, or the ostree pull will fail.

We detect the boot parameter 'instgpg=0'. In which case we configure the
ostree repo with gpg-verify=false.  The instgpg=0 parameter is also
detected by LAT /install, which handles the LAT side of the ostree
repo configuration.

Test Plan:
PASS:
- Install subcloud with non-GPG signed ostree commits present on system
  controller. Ensure the ostree pull is successful on subcloud, with a
  successful install.
- Ensure normal subcloud installation is successful

Story: 2010611
Task: 48309

Signed-off-by: Kyle MacLeod <kyle.macleod@windriver.com>
Change-Id: I40a0823ed1fc868aa5d4fb7686f1648440664037
This commit is contained in:
Kyle MacLeod 2023-06-28 16:36:15 -04:00
parent 4f280be013
commit 0510b0c1a7

View File

@ -2162,6 +2162,11 @@ else
ilog "Configuring ostree for unverified SSL" ilog "Configuring ostree for unverified SSL"
ostree config --repo=${repo} set "remote \"${instbr}\"".tls-permissive true ostree config --repo=${repo} set "remote \"${instbr}\"".tls-permissive true
fi fi
# Check for instgpg=0 in boot arguments.
if grep -q 'instgpg=0' /proc/cmdline 2>/dev/null; then
ilog "Configuring ostree for unverified GPG (gpg-verify=false)"
ostree config --repo=${repo} set "remote \"${instbr}\"".gpg-verify false
fi
ilog "Executing: ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}" ilog "Executing: ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}"
ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr} ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}
@ -2185,6 +2190,10 @@ else
ilog "Configuring ostree for unverified SSL" ilog "Configuring ostree for unverified SSL"
ostree config --repo=${repo} set "remote \"${instbr}\"".tls-permissive true ostree config --repo=${repo} set "remote \"${instbr}\"".tls-permissive true
fi fi
if grep -q 'instgpg=0' /proc/cmdline 2>/dev/null; then
ilog "Configuring ostree for unverified GPG (gpg-verify=false)"
ostree config --repo=${repo} set "remote \"${instbr}\"".gpg-verify false
fi
ilog "Executing ostree pull from ${remote_insturl}:" ilog "Executing ostree pull from ${remote_insturl}:"
ilog "ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}" ilog "ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}"
ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr} ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}