Pass dnf's ssl options to anaconda to enable RHEL subscription content #561
Conversation
| @@ -240,10 +240,11 @@ if __name__ == '__main__': | |||
|
|
|||
| start_queue_monitor(server.config["COMPOSER_CFG"], uid, gid) | |||
|
|
|||
| # Drop root privileges on the main process | |||
There was a problem hiding this comment.
We should just cherry-pick over the rhel8 commit dbc4d08
There was a problem hiding this comment.
Ah that's much better. Done.
|
@larskarlitski tests failing with I can't find kerberos or krb5-libs defined in the blueprints so something must be pulling that as a dependency. Not sure if we need to bump the version somewhere in the code or package is missing on the mirrors. |
I don't think these changes pull those in. The only difference is the version bump for pykickstart. By the way, that version of pykickstart hasn't been released yet. We should probably wait with merging this. |
|
Tried this out after talking to Lars last Friday, and this patch works for me. |
If a repository has `sslcacert`, `sslclientcert`, or `ssclientkey` set, pass them to anaconda through the kickstart file. This is mostly the case when using RHEL repositories that are accessed through a subscription.
We need to be root to read the certificates that give access to the package repos. Right now, the alternative seems to be changing permissions on the certs themselves, which seems less good. We're running anaconda as root anyway.
|
The pykickstart change landed in |
|
Thanks, I think we need to wait for pykickstart to hit the repos first, otherwise installing it will fail. It isn't on dl.fedoraproject.org yet. |
|
pykickstart 3.20 is in rawhide, merging this onto master. |
This makes the reposync workaround unnecessary when creating images from RHEL systems.
See individual commits for explanation.
Depends on pykickstart/pykickstart#250 and https://github.com/rhinstaller/anaconda/pull/1745/files
Before merging, let's