Support gpg-verify=false for subcloud remote ostree pull
This commit supports the developer use-case of a system controller ostree repo configured with gpg-verify=false. In such cases, the subcloud ostree repo instances must also be configured with gpg-verify=false, or the ostree pull will fail. We detect the boot parameter 'instgpg=0'. In which case we configure the ostree repo with gpg-verify=false. The instgpg=0 parameter is also detected by LAT /install, which handles the LAT side of the ostree repo configuration. Test Plan: PASS: - Install subcloud with non-GPG signed ostree commits present on system controller. Ensure the ostree pull is successful on subcloud, with a successful install. - Ensure normal subcloud installation is successful Story: 2010611 Task: 48309 Signed-off-by: Kyle MacLeod <kyle.macleod@windriver.com> Change-Id: I40a0823ed1fc868aa5d4fb7686f1648440664037
This commit is contained in:
parent
4f280be013
commit
0510b0c1a7
@ -2162,6 +2162,11 @@ else
|
|||||||
ilog "Configuring ostree for unverified SSL"
|
ilog "Configuring ostree for unverified SSL"
|
||||||
ostree config --repo=${repo} set "remote \"${instbr}\"".tls-permissive true
|
ostree config --repo=${repo} set "remote \"${instbr}\"".tls-permissive true
|
||||||
fi
|
fi
|
||||||
|
# Check for instgpg=0 in boot arguments.
|
||||||
|
if grep -q 'instgpg=0' /proc/cmdline 2>/dev/null; then
|
||||||
|
ilog "Configuring ostree for unverified GPG (gpg-verify=false)"
|
||||||
|
ostree config --repo=${repo} set "remote \"${instbr}\"".gpg-verify false
|
||||||
|
fi
|
||||||
|
|
||||||
ilog "Executing: ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}"
|
ilog "Executing: ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}"
|
||||||
ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}
|
ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}
|
||||||
@ -2185,6 +2190,10 @@ else
|
|||||||
ilog "Configuring ostree for unverified SSL"
|
ilog "Configuring ostree for unverified SSL"
|
||||||
ostree config --repo=${repo} set "remote \"${instbr}\"".tls-permissive true
|
ostree config --repo=${repo} set "remote \"${instbr}\"".tls-permissive true
|
||||||
fi
|
fi
|
||||||
|
if grep -q 'instgpg=0' /proc/cmdline 2>/dev/null; then
|
||||||
|
ilog "Configuring ostree for unverified GPG (gpg-verify=false)"
|
||||||
|
ostree config --repo=${repo} set "remote \"${instbr}\"".gpg-verify false
|
||||||
|
fi
|
||||||
ilog "Executing ostree pull from ${remote_insturl}:"
|
ilog "Executing ostree pull from ${remote_insturl}:"
|
||||||
ilog "ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}"
|
ilog "ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}"
|
||||||
ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}
|
ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}
|
||||||
|
Loading…
Reference in New Issue
Block a user