[backend] add support for $BSConfig::certfile to configure a default …

…cert file

We already have BSConfig::keyfile if forceprojectkeys is false.
We also need a default cert to build things like kernel packages.

src/backend/BSConfig.pm.template

@@ -187,9 +187,10 @@ our $relsync_pool = {
 #our $sign = '/usr/bin/sign';
 #Extend sign call with project name as argument "--project $NAME"
 #our $sign_project = 1;
-#Global sign key 
+#Global sign key / cert
 #our $keyfile = '/srv/obs/openSUSE-Build-Service.asc';
 #our $gpg_standard_key = "/etc/obs-default-gpg.asc";
+#our $certfile = '/srv/obs/openSUSE-Build-Service.cert'
 
 # Use a special local arch for product building
 # our $localarch = "x86_64";

src/backend/bs_srcserver

@@ -5500,11 +5500,13 @@ sub getsslcert {
     my $cert = projid2sslcert($skprojid, $sk, $projid, 0, $signtype);
     return ($cert, 'Content-Type: text/plain');
   }
+  my $cert;
   if ($BSConfig::sign_project && $BSConfig::sign) {
-    my $cert = BSSrcServer::Signkey::getdefaultcert($projid, $signtype);
-    return ($cert, 'Content-Type: text/plain') if $cert;
+    $cert = BSSrcServer::Signkey::getdefaultcert($projid, $signtype);
+  } elsif ($BSConfig::certfile) {
+    $cert = readstr($BSConfig::certfile, 1);
   }
-  return ('', 'Content-Type: text/plain');
+  return ($cert || '', 'Content-Type: text/plain');
 }
 
 sub getkeyinfo {
@@ -5527,6 +5529,8 @@ sub getkeyinfo {
     } else {
       $cert = BSSrcServer::Signkey::getdefaultcert($projid, $signtype);
     }
+  } elsif ($cgi->{'withsslcert'} && !$skprojid && $BSConfig::certfile) {
+    $cert = readstr($BSConfig::certfile, 1);
   }
   if (!$pk && $BSConfig::sign_project && $BSConfig::sign) {
     $pk = BSSrcServer::Signkey::getdefaultpubkey($projid);