From 63ad24fa4b86c7a2fe033f6ef809091dbf4f138c Mon Sep 17 00:00:00 2001
From: Tom Clegg <tom@curii.com>
Date: Thu, 24 Mar 2022 14:45:29 -0400
Subject: [PATCH] 18700: Enable TrustAllContent in package testinstall.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>
---
 cmd/arvados-package/install.go | 2 +-
 lib/install/init.go            | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/cmd/arvados-package/install.go b/cmd/arvados-package/install.go
index af72c2c393..b49d1e3473 100644
--- a/cmd/arvados-package/install.go
+++ b/cmd/arvados-package/install.go
@@ -119,7 +119,7 @@ eatmydata apt-get install --reinstall -y --no-install-recommends arvados-server-
 SUDO_FORCE_REMOVE=yes apt-get autoremove -y
 
 /etc/init.d/postgresql start
-arvados-server init -cluster-id x1234 -domain=$domain -login=test
+arvados-server init -cluster-id x1234 -domain=$domain -login=test -insecure
 exec arvados-server boot -listen-host=0.0.0.0 $bootargs
 `)
 	cmd.Stdout = stdout
diff --git a/lib/install/init.go b/lib/install/init.go
index db78a282f3..c88546da93 100644
--- a/lib/install/init.go
+++ b/lib/install/init.go
@@ -34,6 +34,7 @@ type initCommand struct {
 	Domain             string
 	PostgreSQLPassword string
 	Login              string
+	Insecure           bool
 }
 
 func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Reader, stdout, stderr io.Writer) int {
@@ -61,6 +62,7 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
 	flags.StringVar(&initcmd.ClusterID, "cluster-id", "", "cluster `id`, like x1234 for a dev cluster")
 	flags.StringVar(&initcmd.Domain, "domain", hostname, "cluster public DNS `name`, like x1234.arvadosapi.com")
 	flags.StringVar(&initcmd.Login, "login", "", "login `backend`: test, pam, or ''")
+	flags.BoolVar(&initcmd.Insecure, "insecure", false, "accept invalid TLS certificates and configure TrustAllContent (do not use in production!)")
 	if ok, code := cmd.ParseFlags(flags, prog, args, "", stderr); !ok {
 		return code
 	} else if *versionFlag {
@@ -151,6 +153,9 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
           "http://0.0.0.0:9007/": {}
     Collections:
       BlobSigningKey: {{printf "%q" ( .RandomHex 50 )}}
+      {{if .Insecure}}
+      TrustAllContent: true
+      {{end}}
     Containers:
       DispatchPrivateKey: {{printf "%q" .GenerateSSHPrivateKey}}
     ManagementToken: {{printf "%q" ( .RandomHex 50 )}}
@@ -161,8 +166,10 @@ func (initcmd *initCommand) RunCommand(prog string, args []string, stdin io.Read
         user: arvados
         password: {{printf "%q" .PostgreSQLPassword}}
     SystemRootToken: {{printf "%q" ( .RandomHex 50 )}}
+    {{if .Insecure}}
     TLS:
       Insecure: true
+    {{end}}
     Volumes:
       {{.ClusterID}}-nyw5e-000000000000000:
         Driver: Directory
-- 
2.30.2