diff --git a/src/pins/tang/clevis-decrypt-tang b/src/pins/tang/clevis-decrypt-tang index 72393b49..9fc8bf81 100755 --- a/src/pins/tang/clevis-decrypt-tang +++ b/src/pins/tang/clevis-decrypt-tang @@ -101,7 +101,18 @@ xfr="$(jose jwk exc -i '{"alg":"ECMR"}' -l- -r- <<< "$clt$eph")" rec_url="$url/rec/$kid" ct="Content-Type: application/jwk+json" -if ! rep="$(curl -sfg -X POST -H "$ct" --data-binary @- "$rec_url" <<< "$xfr")"; then + +# Check if netrc-file option exists +curl_net_rc_option="--netrc-file" +curl_net_rc_file="/etc/clevis/clevis_netrc.conf" +netrc="$(curl --help all | grep netrc-file)" || true +if [ -z "${netrc}" ]; +then + curl_net_rc_option="" + curl_net_rc_file="" +fi + +if ! rep="$(curl "${curl_net_rc_option}" "${curl_net_rc_file}" -sfg -X POST -H "$ct" --data-binary @- "$rec_url" <<< "$xfr")"; then echo "Error communicating with server $url" >&2 exit 1 fi diff --git a/src/pins/tang/clevis-encrypt-tang b/src/pins/tang/clevis-encrypt-tang index fddb7f32..1270a59f 100755 --- a/src/pins/tang/clevis-encrypt-tang +++ b/src/pins/tang/clevis-encrypt-tang @@ -75,6 +75,16 @@ if ! url="$(jose fmt -j- -Og url -u- <<< "$cfg")"; then exit 1 fi +# Check if netrc-file option exists +curl_net_rc_option="--netrc-file" +curl_net_rc_file="/etc/clevis/clevis_netrc.conf" +netrc="$(curl --help all | grep netrc-file)" || true +if [ -z "${netrc}" ]; +then + curl_net_rc_option="" + curl_net_rc_file="" +fi + thp="$(jose fmt -j- -Og thp -Su- <<< "$cfg")" || true ### Get the advertisement @@ -92,7 +102,7 @@ elif jws="$(jose fmt -j- -g adv -Su- <<< "$cfg")"; then fi thp="${thp:-any}" -elif ! jws="$(curl -sfg "$url/adv/$thp")"; then +elif ! jws="$(curl "${curl_net_rc_option}" "${curl_net_rc_file}" -sfg "$url/adv/$thp")"; then echo "Unable to fetch advertisement: '$url/adv/$thp'!" >&2 exit 1 fi