From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 5 Feb 2025 15:23:37 +0000 (+0000)
Subject: backend: Load SSL context from certificate files
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a6362b07922fb024ae8e9db0be9029b4da494baf;p=pbs.git

backend: Load SSL context from certificate files

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/buildservice/__init__.py b/src/buildservice/__init__.py
index ca3e5e8f..ac6e89b2 100644
--- a/src/buildservice/__init__.py
+++ b/src/buildservice/__init__.py
@@ -481,39 +481,25 @@ class Backend(object):
 
 	@property
 	def ssl_context(self):
+		"""
+			Returns a SSL context with our client certificate
+		"""
 		# Create SSL context
 		context = ssl.create_default_context()
 
 		# Fetch client certificate
-		certificate = self.settings.get("client-certificate", None)
-		key         = self.settings.get("client-key", None)
-
-		# Apply client certificate
-		if certificate and key:
-			with tempfile.NamedTemporaryFile(mode="w") as f_cert:
-				f_cert.write(certificate)
-				f_cert.flush()
+		certificate = self.config.get("ssl", "certificate")
+		key         = self.config.get("ssl", "key")
 
-				with tempfile.NamedTemporaryFile(mode="w") as f_key:
-					f_key.write(key)
-					f_key.flush()
+		# Raise an error if we don't have certificates
+		if not certificate or not key:
+			raise RuntimeError("Missing SSL configuration")
 
-					context.load_cert_chain(f_cert.name, f_key.name)
+		# Load the certificate chain
+		context.load_cert_chain(certificate, key)
 
 		return context
 
-	async def load_certificate(self, certfile, keyfile):
-		with self.db.transaction():
-			# Load certificate
-			with open(certfile) as f:
-				self.settings.set("client-certificate", f.read())
-
-			# Load key file
-			with open(keyfile) as f:
-				self.settings.set("client-key", f.read())
-
-			log.info("Updated certificates")
-
 	async def cleanup(self):
 		"""
 			Called regularly to cleanup any left-over resources
diff --git a/src/scripts/pakfire-build-service b/src/scripts/pakfire-build-service
index bb407e81..12e23d8b 100644
--- a/src/scripts/pakfire-build-service
+++ b/src/scripts/pakfire-build-service
@@ -24,9 +24,6 @@ class Cli(object):
 			# Builders
 			"builders:autoscale"  : self.backend.builders.autoscale,
 
-			# Certificates
-			"load-certificate"    : self.backend.load_certificate,
-
 			# Cleanup
 			"cleanup"             : self.backend.cleanup,