Skip to content

bib: fix anaconda-iso mTLS key extraction #404

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ondrejbudai merged 1 commit into from
Dec 12, 2025
Merged

bib: fix anaconda-iso mTLS key extraction #404

ondrejbudai merged 1 commit into from
Dec 12, 2025

Conversation

@mvo5
Copy link
Contributor

@mvo5 mvo5 commented Dec 11, 2025

There was a (subtle) bug in the ibcli version of the mTLS key exaction. It was happening too late, i.e. when the bootc container was already unmounted.

This commit moves the extraction into the Depsolve function which is run while the container is mounted which means we can extract the mTLS config.

Note that this was not discovered earlier because we lack and end-to-end test for RHEL based bootc images :(

The test is in #403 - I ran it locally and it works but I wanted to get this fix in ASAP as it blocks osbuild/bootc-image-builder#1157

@mvo5
bib: fix anaconda-iso mTLS key extraction
499eb74 
There was a (subtle) bug in the ibcli version of the mTLS
key exaction. It was happening too late, i.e. when the
bootc container was already unmounted.

This commit moves the extraction into the `Depsolve`
function which is run while the container is mounted
which means we can extract the mTLS config.

Note that this was not discovered earlier because we
lack and end-to-end test for RHEL based bootc images :(
@mvo5 mvo5 requested a review from a team as a code owner December 11, 2025 16:32
@mvo5 mvo5 requested review from bcl, croissanne and thozza and removed request for a team December 11, 2025 16:32
@mvo5 mvo5 mentioned this pull request Dec 11, 2025
Open
bcl
bcl approved these changes Dec 12, 2025
View reviewed changes
Copy link
Contributor

@bcl bcl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

ondrejbudai
ondrejbudai approved these changes Dec 12, 2025
View reviewed changes
Copy link
Member

@ondrejbudai ondrejbudai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@ondrejbudai ondrejbudai added this pull request to the merge queue Dec 12, 2025
Merged via the queue into osbuild:main with commit 8732341 Dec 12, 2025
39 checks passed
@mvo5 mvo5 mentioned this pull request Dec 12, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ondrejbudai ondrejbudai ondrejbudai approved these changes

@bcl bcl bcl approved these changes

@thozza thozza Awaiting requested review from thozza thozza is a code owner automatically assigned from osbuild/osbuild-reviewers

@croissanne croissanne Awaiting requested review from croissanne croissanne is a code owner automatically assigned from osbuild/osbuild-reviewers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mvo5 @ondrejbudai @bcl