add NETRC_FILE to allow passing credentials into kas home

Tools like wget and git can read credentials from $HOME/.netrc for servers that require authentication. Allow users to pass in a .netrc file into the kas home dir to support i.e. bitbake https fetching with auth. Signed-off-by: Henning Schild <henning.schild@siemens.com> [Jan: style fix in command-line.rst] Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2022-06-23 14:51:22 +02:00 · 2022-06-23 14:51:22 +02:00 · 71cf5dc17b
commit 71cf5dc17b
parent a8b69f5bd4
3 changed files with 19 additions and 2 deletions
--- a/docs/command-line.rst
+++ b/docs/command-line.rst
@ -83,9 +83,16 @@ Environment variables
 | |git_cred|               | Allows to set the git credential helper in the   |
 |                          | `.gitconfig` of the kas user.                    |
 +--------------------------+--------------------------------------------------+
+| ``NETRC_FILE``           | Path to a .netrc file which will be copied to    |
+|                          | the kas home dir as .netrc.                      |
+--------------------------+--------------------------------------------------+
 | ``CI_SERVER_HOST``       | Environment variables from gitlab CI, if set     |
 | ``CI_JOB_TOKEN``         | .netrc is configured to allow fetching from      |
-|                          | the gitlab instance.                             |
+|                          | the gitlab instance. An entry will be appended   |
+|                          | in case ``NETRC_FILE`` was given as well. Note   |
+|                          | that if the file already contains an entry for   |
+|                          | that host most tools would probably take that    |
+|                          | first one.                                       |
 +--------------------------+--------------------------------------------------+

 .. |aws_cred| replace:: ``AWS_SHARED_CREDENTIALS_FILE``
--- a/5
+++ b/5
@ -435,6 +435,11 @@ if [ -n "${GIT_CREDENTIAL_HELPER}" ] ; then
 	set -- "$@" -e GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER}"
 fi

+if [ -f "${NETRC_FILE}" ]; then
+	set -- "$@" -v "$(readlink -f "${NETRC_FILE}")":/etc/skel/.netrc:ro \
+		-e NETRC_FILE="/etc/skel/.netrc"
+fi
+
 if [ -t 1 ]; then
 	set -- "$@" -t -i
 fi
--- a/kas/libcmds.py
+++ b/kas/libcmds.py
@ -154,6 +154,7 @@ class SetupHome(Command):
        'GIT_CREDENTIAL_HELPER',
        'AWS_CONFIG_FILE',
        'AWS_SHARED_CREDENTIALS_FILE',
+        'NETRC_FILE',
    ]

    def __init__(self):
@ -167,9 +168,13 @@ class SetupHome(Command):
        return 'setup_home'

    def execute(self, ctx):
+        if os.environ.get('NETRC_FILE', False):
+            shutil.copy(os.environ['NETRC_FILE'],
+                        self.tmpdirname + "/.netrc")
        if os.environ.get('CI_SERVER_HOST', False) \
                and os.environ.get('CI_JOB_TOKEN', False):
-            with open(self.tmpdirname + '/.netrc', 'w') as fds:
+            with open(self.tmpdirname + '/.netrc', 'a') as fds:
+                fds.write('\n# appended by kas, you have gitlab CI env\n')
                fds.write('machine ' + os.environ['CI_SERVER_HOST'] + '\n'
                          'login gitlab-ci-token\n'
                          'password ' + os.environ['CI_JOB_TOKEN'] + '\n')