On 18-11-2021 14:50, Pavel Raiskup wrote:
On Thursday, November 18, 2021 1:35:29 PM CET
patrick+buildsys(a)laimbock.com wrote:
[snip]
You wrote that your "mock needs an access to repos". So I
naturally thought
that we are talking about something like the entitlement key+cert pair (which is
quite a new thing in mock anyways, and the only chroot using that is RHEL, and
... /etc/pkg/entitlement is not a bad place). Though ....
Heh now I see your point. I was not talking about RHEL entitlements. I
totally agree that /etc/pki/entitlement/ is not a bad place for RHEL
repo entitlement certificates. It's a great place :-)
[snip]
> If on RHEL & Fedora hosts these default locations are used:
>
> CA certificates -> ca-bundle
> RHEL entitlements -> /etc/pki/entitlement/
> Public client/server certificates -> /etc/pki/tls/certs/
> Private client/server certificates -> /etc/pki/tls/private/
>
> then isn't it logical to copy that behavior into the chroot?
... if for any reason you can't or don't want to use that, it's OK - I think
patches are welcome, and I bet that the current mock support is really RHEL-only
oriented, meaning that smaller or bigger patch would be needed anyway ;)
My use case is that some (non-RHEL) repos are private and require a
client certificate to gain access. That's why I wrote the patch.
Works: Mock -> public repos like Fedora & CentOS
Works: Mock -> RHEL repos requiring an entitlement
Works: Mock + patch -> public and private repos via cert & key in
standard locations
What should be different ("smaller or bigger") about the patch? I'll be
happy to try.
Happy hacking!
Thanks :-)
Best,
Patrick