launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #31039
[Merge] ~jugmac00/launchpad-buildd:pass-mitm-cert-to-builders into launchpad-buildd:master
Jürgen Gmach has proposed merging ~jugmac00/launchpad-buildd:pass-mitm-cert-to-builders into launchpad-buildd:master.
Commit message:
Pass ca cert to builders
Requested reviews:
Launchpad code reviewers (launchpad-reviewers)
For more details, see:
https://code.launchpad.net/~jugmac00/launchpad-buildd/+git/launchpad-buildd/+merge/464530
--
Your team Launchpad code reviewers is requested to review the proposed merge of ~jugmac00/launchpad-buildd:pass-mitm-cert-to-builders into launchpad-buildd:master.
diff --git a/lpbuildd/snap.py b/lpbuildd/snap.py
index c5b3205..af4d165 100644
--- a/lpbuildd/snap.py
+++ b/lpbuildd/snap.py
@@ -40,6 +40,8 @@ class SnapBuildManager(BuildManagerProxyMixin, DebianBuildManager):
self.git_path = extra_args.get("git_path")
self.use_fetch_service = extra_args.get("use_fetch_service")
self.proxy_url = extra_args.get("proxy_url")
+ # currently only used to transport the mitm certificate
+ self.secrets = extra_args.get("secrets")
self.revocation_endpoint = extra_args.get("revocation_endpoint")
self.build_source_tarball = extra_args.get(
"build_source_tarball", False
@@ -103,6 +105,15 @@ class SnapBuildManager(BuildManagerProxyMixin, DebianBuildManager):
args.extend(["--target-arch", arch])
if self.use_fetch_service:
args.append("--use_fetch_service")
+ # XXX 2024-04-17 jugmac00: I do not think we need to add checks
+ # whether this information is present, as otherwise the fetch
+ # service won't work anyway
+ args.extend(
+ [
+ "--fetch-service-mitm-certificate",
+ self.secrets["fetch_service_mitm_certificate"],
+ ]
+ )
args.append(self.name)
self.runTargetSubProcess("buildsnap", *args)
diff --git a/lpbuildd/target/build_snap.py b/lpbuildd/target/build_snap.py
index 82470d5..f613e99 100644
--- a/lpbuildd/target/build_snap.py
+++ b/lpbuildd/target/build_snap.py
@@ -108,6 +108,10 @@ class BuildSnap(
action="store_true",
help="use the fetch service instead of the builder proxy",
)
+ parser.add_argument(
+ "--fetch-service-mitm-certificate",
+ help=("content of the ca certificate"),
+ )
parser.add_argument("name", help="name of snap to build")
def install_svn_servers(self):
diff --git a/lpbuildd/tests/test_snap.py b/lpbuildd/tests/test_snap.py
index bb0af3a..b6cb638 100644
--- a/lpbuildd/tests/test_snap.py
+++ b/lpbuildd/tests/test_snap.py
@@ -757,8 +757,16 @@ class TestSnapBuildManagerIteration(TestCase):
@defer.inlineCallbacks
def test_iterate_use_fetch_service(self):
# The build manager can be told to use the fetch service as its proxy.
- args = {"use_fetch_service": True}
- expected_options = ["--use_fetch_service"]
+ # This requires also a ca certificate passed in via secrets.
+ args = {
+ "use_fetch_service": True,
+ "secrets": {"fetch_service_mitm_certificate": "content_of_cert"},
+ }
+ expected_options = [
+ "--use_fetch_service",
+ "--fetch-service-mitm-certificate",
+ "content_of_cert",
+ ]
yield self.startBuild(args, expected_options)
@defer.inlineCallbacks
