[Patchew-devel] [PATCH 3/5] deploy: allow specifying CA path instead of fingerprint

Paolo Bonzini pbonzini at redhat.com
Tue Mar 13 17:45:43 UTC 2018 

The Arch wiki suggests that GMail changes its fingerprint occasionally;
allow using a CA database (likely the system database, which is the
default) instead of manually passing the fingerprint.

Signed-off-by: Paolo Bonzini <pbonzini at redhat.com>
---
 scripts/patchew-importer                       | 7 ++++++-
 scripts/playbooks/deploy-importers.yml         | 4 ++++
 scripts/playbooks/templates/importer-config.j2 | 2 ++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/scripts/patchew-importer b/scripts/patchew-importer
index 5e80fb5..d9de74f 100755
--- a/scripts/patchew-importer
+++ b/scripts/patchew-importer
@@ -48,12 +48,17 @@ remotehost = $IMAP_SERVER
 remoteuser = $IMAP_USER
 remotepass = $IMAP_PASS
 ssl= yes
-cert_fingerprint = $IMAP_CERT_FINGERPRINT
 folderfilter = lambda foldername: foldername in [
     $(for x in $IMAP_FOLDERS; do printf "'$x',"; done)
     ]
 EOF
 
+if test -n "$IMAP_CERT_FINGERPRINT"; then
+  echo "cert_fingerprint = $IMAP_CERT_FINGERPRINT" >>$offlineimap_rc
+elif test -n "$SSL_CACERT_PATH"; then
+  echo "sslcacertfile = $SSL_CACERT_PATH" >> $offlineimap_rc
+fi
+
 IMPORTED_DIR=$BASEDIR/imported
 mkdir -p $IMPORTED_DIR
 
diff --git a/scripts/playbooks/deploy-importers.yml b/scripts/playbooks/deploy-importers.yml
index 61e6057..8d362ee 100644
--- a/scripts/playbooks/deploy-importers.yml
+++ b/scripts/playbooks/deploy-importers.yml
@@ -28,6 +28,10 @@
       prompt: "IMAP cert fingerprint"
       default: ""
       private: no
+    - name: "ssl_cacert_path"
+      prompt: "Path to SSL certificate authorities bundle"
+      default: "/etc/pki/tls/certs/ca-bundle.crt"
+      private: no
     - name: "imap_folders"
       prompt: "IMAP folders to look for patches"
       default: "INBOX"
diff --git a/scripts/playbooks/templates/importer-config.j2 b/scripts/playbooks/templates/importer-config.j2
index 20fd2b8..b6bc844 100644
--- a/scripts/playbooks/templates/importer-config.j2
+++ b/scripts/playbooks/templates/importer-config.j2
@@ -8,3 +8,5 @@ IMAP_PASS={{ imap_pass }}
 IMAP_CERT_FINGERPRINT={{ imap_cert_fingerprint }}
 IMAP_FOLDERS={{ imap_folders }}
 IMAP_DELETE_AFTER_IMPORT={{ imap_delete_after_import }}
+
+SSL_CACERT_PATH={{ ssl_cacert_path }}
-- 
2.14.3

More information about the Patchew-devel mailing list