mirror of
https://github.com/flatpak/flatpak.git
synced 2026-01-20 21:58:11 -05:00
c75ba1c7e1
Docker and podman can be configured to use mutual TLS authentication to the registry by dropping files into system-wide and user directories. Implement this in a largely compatible way. (Because of the limitations of our underlying libraries, we can't support multiple certificates within the same host config, but I don't expect anybody actually needs that.) The certs.d handling is extended so that certificates are separately looked up when downloading the look-aside index. This is mostly to simplify our tests, so we can use one web server for both - in actual operation, we expect the indexes to be unauthenticated. Also for testing purposes, FLATPAK_CONTAINER_CERTS_D is supported to override the standard search path. Co-authored-by: Sebastian Wick <sebastian.wick@redhat.com>