Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Handling access to authenticated remote repositories

  1. Using mutual TLS
  2. Using basic authentication
  3. Using cookies

There is no default concept of an “ostree server”; ostree expects to talk to a generic webserver, so any tool and technique applicable for generic HTTP can also apply to fetching content via OSTree’s builtin HTTP client.

Using mutual TLS

The tls-client-cert-path and tls-client-key-path expose the underlying HTTP code for mutual TLS.

Each device can be provisioned with a secret key which grants it access to the webserver.

Using basic authentication

The client supports HTTP basic authentication, but this has well-known management drawbacks.

Using cookies

Since this pull request ostree supports adding cookies to a remote configuration. This can be used with e.g. Amazon CloudFront.