SiegfriedSiegert/PTU5KAS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add NETRC_FILE to allow passing credentials into kas home

Browse Source 
Tools like wget and git can read credentials from $HOME/.netrc for
servers that require authentication. Allow users to pass in a .netrc
file into the kas home dir to support i.e. bitbake https fetching with
auth.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
[Jan: style fix in command-line.rst]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
This commit is contained in:
Henning Schild 2022-06-23 14:51:22 +02:00 committed by Jan Kiszka
parent a8b69f5bd4
commit 71cf5dc17b
3 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/command-line.rst
View File

@ -83,9 +83,16 @@ Environment variables
| |git_cred| | Allows to set the git credential helper in the | | |git_cred| | Allows to set the git credential helper in the |
| | `.gitconfig` of the kas user. | | | `.gitconfig` of the kas user. |
+--------------------------+--------------------------------------------------+ +--------------------------+--------------------------------------------------+
| ``NETRC_FILE`` | Path to a .netrc file which will be copied to |
| | the kas home dir as .netrc. |
+--------------------------+--------------------------------------------------+
| ``CI_SERVER_HOST`` | Environment variables from gitlab CI, if set | | ``CI_SERVER_HOST`` | Environment variables from gitlab CI, if set |
| ``CI_JOB_TOKEN`` | .netrc is configured to allow fetching from | | ``CI_JOB_TOKEN`` | .netrc is configured to allow fetching from |
| | the gitlab instance. | | | the gitlab instance. An entry will be appended |
| | in case ``NETRC_FILE`` was given as well. Note |
| | that if the file already contains an entry for |
| | that host most tools would probably take that |
| | first one. |
+--------------------------+--------------------------------------------------+ +--------------------------+--------------------------------------------------+
.. |aws_cred| replace:: ``AWS_SHARED_CREDENTIALS_FILE`` .. |aws_cred| replace:: ``AWS_SHARED_CREDENTIALS_FILE``

5
kas-container
View File

@ -435,6 +435,11 @@ if [ -n "${GIT_CREDENTIAL_HELPER}" ] ; then
set -- "$@" -e GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER}" set -- "$@" -e GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER}"
fi fi
if [ -f "${NETRC_FILE}" ]; then
set -- "$@" -v "$(readlink -f "${NETRC_FILE}")":/etc/skel/.netrc:ro \
-e NETRC_FILE="/etc/skel/.netrc"
fi
if [ -t 1 ]; then if [ -t 1 ]; then
set -- "$@" -t -i set -- "$@" -t -i
fi fi

7
kas/libcmds.py
View File

@ -154,6 +154,7 @@ class SetupHome(Command):
'GIT_CREDENTIAL_HELPER', 'GIT_CREDENTIAL_HELPER',
'AWS_CONFIG_FILE', 'AWS_CONFIG_FILE',
'AWS_SHARED_CREDENTIALS_FILE', 'AWS_SHARED_CREDENTIALS_FILE',
'NETRC_FILE',
] ]
def __init__(self): def __init__(self):
@ -167,9 +168,13 @@ class SetupHome(Command):
return 'setup_home' return 'setup_home'
def execute(self, ctx): def execute(self, ctx):
if os.environ.get('NETRC_FILE', False):
shutil.copy(os.environ['NETRC_FILE'],
self.tmpdirname + "/.netrc")
if os.environ.get('CI_SERVER_HOST', False) \ if os.environ.get('CI_SERVER_HOST', False) \
and os.environ.get('CI_JOB_TOKEN', False): and os.environ.get('CI_JOB_TOKEN', False):
with open(self.tmpdirname + '/.netrc', 'w') as fds: with open(self.tmpdirname + '/.netrc', 'a') as fds:
fds.write('\n# appended by kas, you have gitlab CI env\n')
fds.write('machine ' + os.environ['CI_SERVER_HOST'] + '\n' fds.write('machine ' + os.environ['CI_SERVER_HOST'] + '\n'
'login gitlab-ci-token\n' 'login gitlab-ci-token\n'
'password ' + os.environ['CI_JOB_TOKEN'] + '\n') 'password ' + os.environ['CI_JOB_TOKEN'] + '\n')