From cc56a5b5c93b2b4768ee94fed1f15083a6776a12 Mon Sep 17 00:00:00 2001
From: "Brian C. Lane" <bcl@redhat.com>
Date: Wed, 8 Mar 2017 13:27:22 -0800
Subject: [PATCH] Add --noverifyssl to lorax (#1430483)

Previously lorax had no way to use repos with self-signed certificates.
This adds the --noverifyssl cmdline option which will ignore certificate
errors.

Resolves: rhbz#1430483
---
 src/pylorax/cmdline.py | 2 ++
 src/sbin/lorax         | 8 ++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/pylorax/cmdline.py b/src/pylorax/cmdline.py
index 45991b71..40527a9f 100644
--- a/src/pylorax/cmdline.py
+++ b/src/pylorax/cmdline.py
@@ -110,6 +110,8 @@ def lorax_parser():
                           metavar="[repo]", help="Names of repos to disable")
     optional.add_argument("--rootfs-size", type=int, default=2,
                           help="Size of root filesystem in GiB. Defaults to 2.")
+    optional.add_argument("--noverifyssl", action="store_true", default=False,
+                          help="Do not verify SSL certificates")
 
     # add the show version option
     parser.add_argument("-V", help="show program's version number and exit",
diff --git a/src/sbin/lorax b/src/sbin/lorax
index 9791a27a..8a7814b3 100755
--- a/src/sbin/lorax
+++ b/src/sbin/lorax
@@ -89,7 +89,7 @@ def main():
     dnfbase = get_dnf_base_object(installtree, opts.source, opts.mirrorlist, opts.repos,
                                   opts.enablerepos, opts.disablerepos,
                                   dnftempdir, opts.proxy, opts.version, opts.cachedir,
-                                  os.path.dirname(opts.logfile))
+                                  os.path.dirname(opts.logfile), not opts.noverifyssl)
 
     if dnfbase is None:
         print("error: unable to create the dnf base object", file=sys.stderr)
@@ -136,7 +136,7 @@ def main():
 def get_dnf_base_object(installroot, sources, mirrorlists=None, repos=None,
                         enablerepos=None, disablerepos=None,
                         tempdir="/var/tmp", proxy=None, releasever="21",
-                        cachedir=None, logdir=None):
+                        cachedir=None, logdir=None, sslverify=True):
     """ Create a dnf Base object and setup the repositories and installroot
 
         :param string installroot: Full path to the installroot
@@ -148,6 +148,7 @@ def get_dnf_base_object(installroot, sources, mirrorlists=None, repos=None,
         :param string proxy: http proxy to use when fetching packages
         :param string releasever: Release version to pass to dnf
         :param string cachedir: Directory to use for caching packages
+        :param bool noverifyssl: Set to True to ignore the CA of ssl certs. eg. use self-signed ssl for https repos.
 
         If tempdir is not set /var/tmp is used.
         If cachedir is None a dnf.cache directory is created inside tmpdir
@@ -195,6 +196,9 @@ def get_dnf_base_object(installroot, sources, mirrorlists=None, repos=None,
     if proxy:
         conf.proxy = proxy
 
+    if sslverify == False:
+        conf.sslverify = False
+
     # Add .repo files
     if repos:
         reposdir = os.path.join(tempdir, "dnf.repos")