launchpad-buildd

Merge ~jugmac00/launchpad-buildd:pass-mitm-cert-to-builders into launchpad-buildd:master

  1. Git
  2. lp:~jugmac00/launchpad-buildd
  3. pass-mitm-cert-to-builders
  4. Merge into master
Proposed by Jürgen Gmach
Status: Merged
Approved by: Jürgen Gmach
Approved revision: 3859e92abbcb135ff768d207fc606c81c9fe86d8
Merge reported by: Otto Co-Pilot
Merged at revision: not available
Proposed branch: ~jugmac00/launchpad-buildd:pass-mitm-cert-to-builders
Merge into: launchpad-buildd:master
Diff against target: 67 lines (+25/-2)
3 files modified
lpbuildd/snap.py (+11/-0)
lpbuildd/target/build_snap.py (+4/-0)
lpbuildd/tests/test_snap.py (+10/-2)
Reviewer Review Type Date Requested Status
Simone Pelosi Approve
Review via email: mp+464530@code.launchpad.net

Commit message

Pass ca cert to builders

To post a comment you must log in.
Revision history for this message
Simone Pelosi (pelpsi) :
review: Approve
Revision history for this message
Jürgen Gmach (jugmac00) wrote :

Thanks for the review!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/lpbuildd/snap.py b/lpbuildd/snap.py
2index c5b3205..af4d165 100644
3--- a/lpbuildd/snap.py
4+++ b/lpbuildd/snap.py
5@@ -40,6 +40,8 @@ class SnapBuildManager(BuildManagerProxyMixin, DebianBuildManager):
6 self.git_path = extra_args.get("git_path")
7 self.use_fetch_service = extra_args.get("use_fetch_service")
8 self.proxy_url = extra_args.get("proxy_url")
9+ # currently only used to transport the mitm certificate
10+ self.secrets = extra_args.get("secrets")
11 self.revocation_endpoint = extra_args.get("revocation_endpoint")
12 self.build_source_tarball = extra_args.get(
13 "build_source_tarball", False
14@@ -103,6 +105,15 @@ class SnapBuildManager(BuildManagerProxyMixin, DebianBuildManager):
15 args.extend(["--target-arch", arch])
16 if self.use_fetch_service:
17 args.append("--use_fetch_service")
18+ # XXX 2024-04-17 jugmac00: I do not think we need to add checks
19+ # whether this information is present, as otherwise the fetch
20+ # service won't work anyway
21+ args.extend(
22+ [
23+ "--fetch-service-mitm-certificate",
24+ self.secrets["fetch_service_mitm_certificate"],
25+ ]
26+ )
27 args.append(self.name)
28 self.runTargetSubProcess("buildsnap", *args)
29
30diff --git a/lpbuildd/target/build_snap.py b/lpbuildd/target/build_snap.py
31index 82470d5..f613e99 100644
32--- a/lpbuildd/target/build_snap.py
33+++ b/lpbuildd/target/build_snap.py
34@@ -108,6 +108,10 @@ class BuildSnap(
35 action="store_true",
36 help="use the fetch service instead of the builder proxy",
37 )
38+ parser.add_argument(
39+ "--fetch-service-mitm-certificate",
40+ help=("content of the ca certificate"),
41+ )
42 parser.add_argument("name", help="name of snap to build")
43
44 def install_svn_servers(self):
45diff --git a/lpbuildd/tests/test_snap.py b/lpbuildd/tests/test_snap.py
46index bb0af3a..b6cb638 100644
47--- a/lpbuildd/tests/test_snap.py
48+++ b/lpbuildd/tests/test_snap.py
49@@ -757,8 +757,16 @@ class TestSnapBuildManagerIteration(TestCase):
50 @defer.inlineCallbacks
51 def test_iterate_use_fetch_service(self):
52 # The build manager can be told to use the fetch service as its proxy.
53- args = {"use_fetch_service": True}
54- expected_options = ["--use_fetch_service"]
55+ # This requires also a ca certificate passed in via secrets.
56+ args = {
57+ "use_fetch_service": True,
58+ "secrets": {"fetch_service_mitm_certificate": "content_of_cert"},
59+ }
60+ expected_options = [
61+ "--use_fetch_service",
62+ "--fetch-service-mitm-certificate",
63+ "content_of_cert",
64+ ]
65 yield self.startBuild(args, expected_options)
66
67 @defer.inlineCallbacks

Subscribers

People subscribed via source and target branches