handle seed_{ca,proxy,servername}
This commit is contained in:
Mikaël Cluseau
+35
-11
@@ -1,5 +1,5 @@
|
||||
use eyre::{format_err, Result};
|
||||
use log::{info, warn};
|
||||
use log::{debug, info, warn};
|
||||
use std::path::{Path, PathBuf};
|
||||
use tokio::{
|
||||
fs,
|
||||
@@ -49,7 +49,7 @@ pub async fn bootstrap(cfg: Config) {
|
||||
.await;
|
||||
|
||||
let sys_cfg: dkl::Config = retry(async || {
|
||||
let sys_cfg_bytes = seed_config(base_dir, &bs.seed, &verifier).await?;
|
||||
let sys_cfg_bytes = seed_config(base_dir, &bs, &verifier).await?;
|
||||
Ok(serde_yaml::from_slice(&sys_cfg_bytes)?)
|
||||
})
|
||||
.await;
|
||||
@@ -130,7 +130,7 @@ impl Verifier {
|
||||
|
||||
async fn seed_config(
|
||||
base_dir: &str,
|
||||
seed_url: &Option<String>,
|
||||
bs: &dkl::bootstrap::Bootstrap,
|
||||
verifier: &Verifier,
|
||||
) -> Result<Vec<u8>> {
|
||||
let cfg_path = &format!("{base_dir}/config.yaml");
|
||||
@@ -141,13 +141,12 @@ async fn seed_config(
|
||||
|
||||
let bs_tar = "/bootstrap.tar";
|
||||
if !fs::try_exists(bs_tar).await? {
|
||||
if let Some(seed_url) = seed_url.as_ref() {
|
||||
fetch_bootstrap(seed_url, bs_tar).await?;
|
||||
} else {
|
||||
if bs.seed.is_none() {
|
||||
return Err(format_err!(
|
||||
"no {cfg_path}, no {bs_tar} and no seed, can't bootstrap"
|
||||
"no {cfg_path}, no {bs_tar} and no seed URL, can't bootstrap"
|
||||
));
|
||||
}
|
||||
fetch_bootstrap(bs, bs_tar).await?;
|
||||
}
|
||||
|
||||
try_exec("tar", &["xf", bs_tar, "-C", base_dir]).await?;
|
||||
@@ -159,15 +158,41 @@ async fn seed_config(
|
||||
verifier.verify_path(&cfg_path).await
|
||||
}
|
||||
|
||||
async fn fetch_bootstrap(seed_url: &str, output_file: &str) -> Result<()> {
|
||||
let seed_url: reqwest::Url = seed_url.parse()?;
|
||||
async fn fetch_bootstrap(bs: &dkl::bootstrap::Bootstrap, output_file: &str) -> Result<()> {
|
||||
let seed_url: reqwest::Url = (bs.seed.as_ref())
|
||||
.ok_or(format_err!("no seed URL"))?
|
||||
.parse()
|
||||
.map_err(|e| format_err!("invalid seed URL: {e}"))?;
|
||||
|
||||
info!(
|
||||
"fetching {output_file} from {}",
|
||||
seed_url.host_str().unwrap_or("<no host>")
|
||||
);
|
||||
|
||||
let resp = reqwest::get(seed_url).await?;
|
||||
let mut builder = reqwest::Client::builder();
|
||||
|
||||
if let Some(ref proxy) = bs.seed_proxy {
|
||||
debug!("using proxy {proxy}");
|
||||
let proxy = reqwest::Proxy::all(proxy) //
|
||||
.map_err(|e| format_err!("seed proxy setup failed: {e}"))?;
|
||||
builder = builder.proxy(proxy);
|
||||
}
|
||||
|
||||
if let Some(ref ca) = bs.seed_ca {
|
||||
debug!("using custom CA certificate");
|
||||
let ca = base64_decode(ca).map_err(|e| format_err!("invalid seed CA: decode: {e}"))?;
|
||||
let ca = reqwest::Certificate::from_der(&ca)
|
||||
.map_err(|e| format_err!("invalid seed CA: parse: {e}"))?;
|
||||
builder = builder.tls_certs_only([ca]);
|
||||
}
|
||||
|
||||
if let Some(ref sn) = bs.seed_servername {
|
||||
debug!("tls server name: {sn}");
|
||||
builder = builder.tls_server_name(bs.seed_servername.clone());
|
||||
}
|
||||
|
||||
let req = builder.build()?.get(seed_url);
|
||||
let resp = req.send().await?;
|
||||
|
||||
if !resp.status().is_success() {
|
||||
return Err(format_err!("HTTP request failed: {}", resp.status()));
|
||||
@@ -315,7 +340,6 @@ async fn mount_system(cfg: &dkl::Config, bs_cfg: &Config, bs_dir: &str, verifier
|
||||
if layer == "modules" && bs_cfg.modules.is_some() {
|
||||
continue; // take modules from initrd
|
||||
}
|
||||
|
||||
mounter.mount(layer).await;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user