From 3f3dbe36b4adcdd7c3cef41980058331e79ce620 Mon Sep 17 00:00:00 2001 From: Scott Murray Date: Sat, 5 Aug 2023 13:27:44 -0400 Subject: [PATCH 2/2] kuksa_viss_client: Add external certificates support Tweak the definition of __certificate_dir__ in the kuksa_certificates package, and certificate location logic in the client library to allow picking up alternative certificates from /etc/kuksa-certificates or /etc/kuksa-val before falling back to the shipped defaults. The intent is to allow packagers to more straighhtforwardly use their own certificates with both the server and clients. Upstream-Status: pending Signed-off-by: Scott Murray --- kuksa-client/kuksa_client/cli_backend/__init__.py | 2 +- kuksa-client/kuksa_client/kuksa_server_certificates/__init__.py | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/kuksa-client/kuksa_client/cli_backend/__init__.py b/kuksa-client/kuksa_client/cli_backend/__init__.py index 2cfe51e..96d94f2 100644 --- a/kuksa-client/kuksa_client/cli_backend/__init__.py +++ b/kuksa-client/kuksa_client/cli_backend/__init__.py @@ -28,7 +28,7 @@ class Backend: self.insecure = config.getboolean('insecure', False) except AttributeError: self.insecure = config.get('insecure', False) - self.default_cert_path = pathlib.Path(kuksa_server_certificates.__path__[0]) + self.default_cert_path = pathlib.Path(kuksa_server_certificates.__certificate_dir__) self.cacertificate = config.get( 'cacertificate', str(self.default_cert_path / 'CA.pem')) self.certificate = config.get('certificate', str( diff --git a/kuksa-client/kuksa_client/kuksa_server_certificates/__init__.py b/kuksa-client/kuksa_client/kuksa_server_certificates/__init__.py index 22ccd3f..8323868 100644 --- a/kuksa-client/kuksa_client/kuksa_server_certificates/__init__.py +++ b/kuksa-client/kuksa_client/kuksa_server_certificates/__init__.py @@ -2,4 +2,9 @@ import os from kuksa_client._metadata import * -__certificate_dir__= os.path.dirname(os.path.realpath(__file__)) +if os.path.isdir("/etc/kuksa-certificates"): + __certificate_dir__= "/etc/kuksa-certificates" +elif os.path.isdir("/etc/kuksa-val"): + __certificate_dir__= "/etc/kuksa-val" +else: + __certificate_dir__= os.path.dirname(os.path.realpath(__file__)) -- 2.41.0