Skip to content

Commit 7db574b

Browse files
VictoremepuntoVictoremepunto
authored
retrieve CA certificate from URL (#370)
1 parent 764bcb5 commit 7db574b

File tree

1 file changed

+6
-32
lines changed

1 file changed

+6
-32
lines changed

bonfire/utils.py

Lines changed: 6 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@
1010
import subprocess
1111
import tempfile
1212
import time
13+
from urllib.request import urlretrieve
14+
1315
from distutils.version import StrictVersion
1416
from pathlib import Path
1517
from urllib.parse import urlparse
@@ -63,33 +65,7 @@ def get_config_path():
6365

6466
GIT_SHA_RE = re.compile(r"[a-f0-9]{40}")
6567

66-
GL_CA_CERT = """
67-
-----BEGIN CERTIFICATE-----
68-
MIIENDCCAxygAwIBAgIJANunI0D662cnMA0GCSqGSIb3DQEBCwUAMIGlMQswCQYD
69-
VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp
70-
Z2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xEzARBgNVBAsMClJlZCBIYXQgSVQx
71-
GzAZBgNVBAMMElJlZCBIYXQgSVQgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSaW5m
72-
b3NlY0ByZWRoYXQuY29tMCAXDTE1MDcwNjE3MzgxMVoYDzIwNTUwNjI2MTczODEx
73-
WjCBpTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD
74-
VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApS
75-
ZWQgSGF0IElUMRswGQYDVQQDDBJSZWQgSGF0IElUIFJvb3QgQ0ExITAfBgkqhkiG
76-
9w0BCQEWEmluZm9zZWNAcmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
77-
ADCCAQoCggEBALQt9OJQh6GC5LT1g80qNh0u50BQ4sZ/yZ8aETxt+5lnPVX6MHKz
78-
bfwI6nO1aMG6j9bSw+6UUyPBHP796+FT/pTS+K0wsDV7c9XvHoxJBJJU38cdLkI2
79-
c/i7lDqTfTcfLL2nyUBd2fQDk1B0fxrskhGIIZ3ifP1Ps4ltTkv8hRSob3VtNqSo
80-
GxkKfvD2PKjTPxDPWYyruy9irLZioMffi3i/gCut0ZWtAyO3MVH5qWF/enKwgPES
81-
X9po+TdCvRB/RUObBaM761EcrLSM1GqHNueSfqnho3AjLQ6dBnPWlo638Zm1VebK
82-
BELyhkLWMSFkKwDmne0jQ02Y4g075vCKvCsCAwEAAaNjMGEwHQYDVR0OBBYEFH7R
83-
4yC+UehIIPeuL8Zqw3PzbgcZMB8GA1UdIwQYMBaAFH7R4yC+UehIIPeuL8Zqw3Pz
84-
bgcZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
85-
CwUAA4IBAQBDNvD2Vm9sA5A9AlOJR8+en5Xz9hXcxJB5phxcZQ8jFoG04Vshvd0e
86-
LEnUrMcfFgIZ4njMKTQCM4ZFUPAieyLx4f52HuDopp3e5JyIMfW+KFcNIpKwCsak
87-
oSoKtIUOsUJK7qBVZxcrIyeQV2qcYOeZhtS5wBqIwOAhFwlCET7Ze58QHmS48slj
88-
S9K0JAcps2xdnGu0fkzhSQxY8GPQNFTlr6rYld5+ID/hHeS76gq0YG3q6RLWRkHf
89-
4eTkRjivAlExrFzKcljC4axKQlnOvVAzz+Gm32U0xPBF4ByePVxCJUHw1TsyTmel
90-
RxNEp7yHoXcwn+fXna+t5JWh1gxUZty3
91-
-----END CERTIFICATE-----
92-
"""
68+
GL_CA_CERT_URL = "https://certs.corp.redhat.com/certs/2022-IT-Root-CA.pem"
9369

9470
_RATE_LIMIT_ERR_MSG = (
9571
"rate limited by GitHub, set GITHUB_TOKEN env var and/or use GITHUB_API_URL "
@@ -231,12 +207,10 @@ def fetch(self):
231207
@cached_property
232208
def _gl_certfile(self):
233209
with tempfile.NamedTemporaryFile(delete=False) as fp:
234-
cert_fname = fp.name
235-
fp.write(GL_CA_CERT.encode("ascii"))
236-
237-
atexit.register(os.unlink, cert_fname)
210+
urlretrieve(GL_CA_CERT_URL, fp.name)
238211

239-
return cert_fname
212+
atexit.register(os.unlink, fp.name)
213+
return fp.name
240214

241215
@cached_property
242216
def _gh_auth_headers(self):

0 commit comments

Comments
 (0)