[PATCH v2] add NETRC_FILE to allow passing credentials into kas home
147 views
Skip to first unread message
Henning Schild
Jun 23, 2022, 8:51:35 AM6/23/22
to kas-...@googlegroups.com, Jan Kiszka, Jan Claussen, Claudius Heine, Henning Schild
Tools like wget and git can read credentials from $HOME/.netrc for
servers that require authentication. Allow users to pass in a .netrc
file into the kas home dir to support i.e. bitbake https fetching with
auth.
Signed-off-by: Henning Schild <henning...@siemens.com>
---
docs/command-line.rst | 9 ++++++++-
kas-container | 5 +++++
kas/libcmds.py | 7 ++++++-
3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/docs/command-line.rst b/docs/command-line.rst
index aea93e2de8be..c5f94291ffe1 100644
--- a/docs/command-line.rst
+++ b/docs/command-line.rst
@@ -83,9 +83,16 @@ Environment variables
| |git_cred| | Allows to set the git credential helper in the |
| | `.gitconfig` of the kas user. |
+--------------------------+--------------------------------------------------+
+| ``NETRC_FILE`` | Path to a .netrc file which will be copied to |
+| | the kas home dir as .netrc. |
++-----------------------------------------------------------------------------+
| ``CI_SERVER_HOST`` | Environment variables from gitlab CI, if set |
| ``CI_JOB_TOKEN`` | .netrc is configured to allow fetching from |
-| | the gitlab instance. |
+| | the gitlab instance. An entry will be appended |
+| | in case ``NETRC_FILE`` was given as well. Note |
+| | that if the file already contains an entry for |
+| | that host most tools would probably take that |
+| | first one. |
+--------------------------+--------------------------------------------------+
.. |aws_cred| replace:: ``AWS_SHARED_CREDENTIALS_FILE``
diff --git a/kas-container b/kas-container
index 9654c9fc127b..ea611b994b6b 100755
--- a/kas-container
+++ b/kas-container
@@ -435,6 +435,11 @@ if [ -n "${GIT_CREDENTIAL_HELPER}" ] ; then
set -- "$@" -e GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER}"
fi
+if [ -f "${NETRC_FILE}" ]; then
+ set -- "$@" -v "$(readlink -f "${NETRC_FILE}")":/etc/skel/.netrc:ro \
+ -e NETRC_FILE="/etc/skel/.netrc"
+fi
+
if [ -t 1 ]; then
set -- "$@" -t -i
fi
diff --git a/kas/libcmds.py b/kas/libcmds.py
index 37d7fcb9108b..0e2132fea6e2 100644
--- a/kas/libcmds.py
+++ b/kas/libcmds.py
@@ -154,6 +154,7 @@ class SetupHome(Command):
'GIT_CREDENTIAL_HELPER',
'AWS_CONFIG_FILE',
'AWS_SHARED_CREDENTIALS_FILE',
+ 'NETRC_FILE',
]
def __init__(self):
@@ -167,9 +168,13 @@ class SetupHome(Command):
return 'setup_home'
def execute(self, ctx):
+ if os.environ.get('NETRC_FILE', False):
+ shutil.copy(os.environ['NETRC_FILE'],
+ self.tmpdirname + "/.netrc")
if os.environ.get('CI_SERVER_HOST', False) \
and os.environ.get('CI_JOB_TOKEN', False):
- with open(self.tmpdirname + '/.netrc', 'w') as fds:
+ with open(self.tmpdirname + '/.netrc', 'a') as fds:
+ fds.write('\n# appended by kas, you have gitlab CI env\n')
fds.write('machine ' + os.environ['CI_SERVER_HOST'] + '\n'
'login gitlab-ci-token\n'
'password ' + os.environ['CI_JOB_TOKEN'] + '\n')
--
2.35.1
servers that require authentication. Allow users to pass in a .netrc
file into the kas home dir to support i.e. bitbake https fetching with
auth.
Signed-off-by: Henning Schild <henning...@siemens.com>
---
docs/command-line.rst | 9 ++++++++-
kas-container | 5 +++++
kas/libcmds.py | 7 ++++++-
3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/docs/command-line.rst b/docs/command-line.rst
index aea93e2de8be..c5f94291ffe1 100644
--- a/docs/command-line.rst
+++ b/docs/command-line.rst
@@ -83,9 +83,16 @@ Environment variables
| |git_cred| | Allows to set the git credential helper in the |
| | `.gitconfig` of the kas user. |
+--------------------------+--------------------------------------------------+
+| ``NETRC_FILE`` | Path to a .netrc file which will be copied to |
+| | the kas home dir as .netrc. |
++-----------------------------------------------------------------------------+
| ``CI_SERVER_HOST`` | Environment variables from gitlab CI, if set |
| ``CI_JOB_TOKEN`` | .netrc is configured to allow fetching from |
-| | the gitlab instance. |
+| | the gitlab instance. An entry will be appended |
+| | in case ``NETRC_FILE`` was given as well. Note |
+| | that if the file already contains an entry for |
+| | that host most tools would probably take that |
+| | first one. |
+--------------------------+--------------------------------------------------+
.. |aws_cred| replace:: ``AWS_SHARED_CREDENTIALS_FILE``
diff --git a/kas-container b/kas-container
index 9654c9fc127b..ea611b994b6b 100755
--- a/kas-container
+++ b/kas-container
@@ -435,6 +435,11 @@ if [ -n "${GIT_CREDENTIAL_HELPER}" ] ; then
set -- "$@" -e GIT_CREDENTIAL_HELPER="${GIT_CREDENTIAL_HELPER}"
fi
+if [ -f "${NETRC_FILE}" ]; then
+ set -- "$@" -v "$(readlink -f "${NETRC_FILE}")":/etc/skel/.netrc:ro \
+ -e NETRC_FILE="/etc/skel/.netrc"
+fi
+
if [ -t 1 ]; then
set -- "$@" -t -i
fi
diff --git a/kas/libcmds.py b/kas/libcmds.py
index 37d7fcb9108b..0e2132fea6e2 100644
--- a/kas/libcmds.py
+++ b/kas/libcmds.py
@@ -154,6 +154,7 @@ class SetupHome(Command):
'GIT_CREDENTIAL_HELPER',
'AWS_CONFIG_FILE',
'AWS_SHARED_CREDENTIALS_FILE',
+ 'NETRC_FILE',
]
def __init__(self):
@@ -167,9 +168,13 @@ class SetupHome(Command):
return 'setup_home'
def execute(self, ctx):
+ if os.environ.get('NETRC_FILE', False):
+ shutil.copy(os.environ['NETRC_FILE'],
+ self.tmpdirname + "/.netrc")
if os.environ.get('CI_SERVER_HOST', False) \
and os.environ.get('CI_JOB_TOKEN', False):
- with open(self.tmpdirname + '/.netrc', 'w') as fds:
+ with open(self.tmpdirname + '/.netrc', 'a') as fds:
+ fds.write('\n# appended by kas, you have gitlab CI env\n')
fds.write('machine ' + os.environ['CI_SERVER_HOST'] + '\n'
'login gitlab-ci-token\n'
'password ' + os.environ['CI_JOB_TOKEN'] + '\n')
--
2.35.1
Jan Kiszka
Jun 23, 2022, 12:10:37 PM6/23/22
to Henning Schild, kas-...@googlegroups.com, Jan Claussen, Claudius Heine
On 23.06.22 14:51, Henning Schild wrote:
> Tools like wget and git can read credentials from $HOME/.netrc for
> servers that require authentication. Allow users to pass in a .netrc
> file into the kas home dir to support i.e. bitbake https fetching with
> auth.
>
> Signed-off-by: Henning Schild <henning...@siemens.com>
> ---
> docs/command-line.rst | 9 ++++++++-
> kas-container | 5 +++++
> kas/libcmds.py | 7 ++++++-
> 3 files changed, 19 insertions(+), 2 deletions(-)
>
> diff --git a/docs/command-line.rst b/docs/command-line.rst
> index aea93e2de8be..c5f94291ffe1 100644
> --- a/docs/command-line.rst
> +++ b/docs/command-line.rst
> @@ -83,9 +83,16 @@ Environment variables
> | |git_cred| | Allows to set the git credential helper in the |
> | | `.gitconfig` of the kas user. |
> +--------------------------+--------------------------------------------------+
> +| ``NETRC_FILE`` | Path to a .netrc file which will be copied to |
> +| | the kas home dir as .netrc. |
> ++-----------------------------------------------------------------------------+
^^^
> Tools like wget and git can read credentials from $HOME/.netrc for
> servers that require authentication. Allow users to pass in a .netrc
> file into the kas home dir to support i.e. bitbake https fetching with
> auth.
>
> Signed-off-by: Henning Schild <henning...@siemens.com>
> ---
> docs/command-line.rst | 9 ++++++++-
> kas-container | 5 +++++
> kas/libcmds.py | 7 ++++++-
> 3 files changed, 19 insertions(+), 2 deletions(-)
>
> diff --git a/docs/command-line.rst b/docs/command-line.rst
> index aea93e2de8be..c5f94291ffe1 100644
> --- a/docs/command-line.rst
> +++ b/docs/command-line.rst
> @@ -83,9 +83,16 @@ Environment variables
> | |git_cred| | Allows to set the git credential helper in the |
> | | `.gitconfig` of the kas user. |
> +--------------------------+--------------------------------------------------+
> +| ``NETRC_FILE`` | Path to a .netrc file which will be copied to |
> +| | the kas home dir as .netrc. |
> ++-----------------------------------------------------------------------------+
This broke doc generation.
Jan
--
Siemens AG, Technology
Competence Center Embedded Linux
Reply all
Reply to author
Forward
0 new messages