From 71cf5dc17bbfacc643500354891b95690e983dce Mon Sep 17 00:00:00 2001
From: Henning Schild <henning.schild@siemens.com>
Date: Thu, 23 Jun 2022 14:51:22 +0200
Subject: [PATCH] add NETRC_FILE to allow passing credentials into kas home

Tools like wget and git can read credentials from $HOME/.netrc for
servers that require authentication. Allow users to pass in a .netrc
file into the kas home dir to support i.e. bitbake https fetching with
auth.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
[Jan: style fix in command-line.rst]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 docs/command-line.rst | 9 ++++++++-
 kas-container         | 5 +++++
 kas/libcmds.py        | 7 ++++++-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/docs/command-line.rst b/docs/command-line.rst
index aea93e2..476807a 100644
--- a/docs/command-line.rst
+++ b/docs/command-line.rst
@@ -83,9 +83,16 @@ Environment variables
 | |git_cred|               | Allows to set the git credential helper in the   |
 |                          | `.gitconfig` of the kas user.                    |
 +--------------------------+--------------------------------------------------+
+| ``NETRC_FILE``           | Path to a .netrc file which will be copied to    |
+|                          | the kas home dir as .netrc.                      |
++--------------------------+--------------------------------------------------+
 | ``CI_SERVER_HOST``       | Environment variables from gitlab CI, if set     |
 | ``CI_JOB_TOKEN``         | .netrc is configured to allow fetching from      |
-|                          | the gitlab instance.                             |
+|                          | the gitlab instance. An entry will be appended   |
+|                          | in case ``NETRC_FILE`` was given as well. Note   |
+|                          | that if the file already contains an entry for   |
+|                          | that host most tools would probably take that    |
+|                          | first one.                                       |
 +--------------------------+--------------------------------------------------+
 
 .. |aws_cred| replace:: ``AWS_SHARED_CREDENTIALS_FILE``
diff --git a/kas-container b/kas-container
index 9654c9f..ea611b9 100755
--- a/kas-container
+++ b/kas-container
@@ -435,6 +435,11 @@ if [ -n "${GIT_CREDENTIAL_HELPER}" ] ; then
 	set -- "$@" -e GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER}"
 fi
 
+if [ -f "${NETRC_FILE}" ]; then
+	set -- "$@" -v "$(readlink -f "${NETRC_FILE}")":/etc/skel/.netrc:ro \
+		-e NETRC_FILE="/etc/skel/.netrc"
+fi
+
 if [ -t 1 ]; then
 	set -- "$@" -t -i
 fi
diff --git a/kas/libcmds.py b/kas/libcmds.py
index 37d7fcb..0e2132f 100644
--- a/kas/libcmds.py
+++ b/kas/libcmds.py
@@ -154,6 +154,7 @@ class SetupHome(Command):
         'GIT_CREDENTIAL_HELPER',
         'AWS_CONFIG_FILE',
         'AWS_SHARED_CREDENTIALS_FILE',
+        'NETRC_FILE',
     ]
 
     def __init__(self):
@@ -167,9 +168,13 @@ class SetupHome(Command):
         return 'setup_home'
 
     def execute(self, ctx):
+        if os.environ.get('NETRC_FILE', False):
+            shutil.copy(os.environ['NETRC_FILE'],
+                        self.tmpdirname + "/.netrc")
         if os.environ.get('CI_SERVER_HOST', False) \
                 and os.environ.get('CI_JOB_TOKEN', False):
-            with open(self.tmpdirname + '/.netrc', 'w') as fds:
+            with open(self.tmpdirname + '/.netrc', 'a') as fds:
+                fds.write('\n# appended by kas, you have gitlab CI env\n')
                 fds.write('machine ' + os.environ['CI_SERVER_HOST'] + '\n'
                           'login gitlab-ci-token\n'
                           'password ' + os.environ['CI_JOB_TOKEN'] + '\n')