From b4e9ddf98996cebc2bf07ecc6a70cd2da640f304 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 1 May 2023 08:23:37 -0700
Subject: [PATCH] pkgs: install correct git-hook certs

Install the 'git-hooks' cert for use with git commits and package
uploads on pkgs. Before this we were... just not installing those
anymore and they had expired.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/git/hooks/tasks/main.yml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/roles/git/hooks/tasks/main.yml b/roles/git/hooks/tasks/main.yml
index de59c5a2d7..517a4a5cf4 100644
--- a/roles/git/hooks/tasks/main.yml
+++ b/roles/git/hooks/tasks/main.yml
@@ -59,6 +59,33 @@
   - fedora-messaging
   when: inventory_hostname.startswith('batcave')
 
+- name: install the rabbitmq certificates for pkgs/dist-git
+  copy: src={{ item.src }}
+      dest=/etc/pki/rabbitmq/{{ item.dest }}
+      owner={{ item.owner }} group={{ item.group}} mode={{ item.mode }}
+  with_items:
+  - src: "{{private}}/files/rabbitmq/{{ env }}/pki/issued/git-hooks{{ env_suffix }}.crt"
+    dest: git-hooks.crt
+    owner: root
+    group: packager
+    mode: "444"
+  - src: "{{private}}/files/rabbitmq/{{ env }}/pki/private/git-hooks{{ env_suffix }}.key"
+    dest: git-hooks.key
+    owner: root
+    group: packager
+    mode: "440"
+  - src: "{{private}}/files/rabbitmq/{{ env }}/pki/ca.crt"
+    dest: git-hooks.ca
+    owner: root
+    group: packager
+    mode: "444"
+  tags:
+  - git
+  - git/hooks
+  - config
+  - fedora-messaging
+  when: inventory_hostname.startswith('pkgs')
+
 - name: install the git hooks
   copy: src={{item}} dest=/usr/share/git-core/ mode=0755
   with_items: