From 13436b75a6c07dd75758bba63fd0b1b2e9b4f654 Mon Sep 17 00:00:00 2001
From: He Weiwei <hweiwei@vmware.com>
Date: Wed, 24 Jun 2020 08:58:08 +0000
Subject: [PATCH] feat(certs): install internal tls ca from /etc/harbor/ssl dir

Closes #10222

Signed-off-by: He Weiwei <hweiwei@vmware.com>
---
 make/photon/common/install_cert.sh | 49 ++++++++++++++++++------------
 1 file changed, 29 insertions(+), 20 deletions(-)

diff --git a/make/photon/common/install_cert.sh b/make/photon/common/install_cert.sh
index c11f2abf9..a5472b0fd 100755
--- a/make/photon/common/install_cert.sh
+++ b/make/photon/common/install_cert.sh
@@ -2,30 +2,39 @@
 
 set -e
 
+if ! grep -q "Photon" /etc/lsb-release; then
+    echo "Current OS is not Photon, skip appending ca bundle"
+    exit 0
+fi
+
 if [ ! -f ~/ca-bundle.crt.original ]; then
     cp /etc/pki/tls/certs/ca-bundle.crt ~/ca-bundle.crt.original
 fi
 
 cp ~/ca-bundle.crt.original /etc/pki/tls/certs/ca-bundle.crt
 
-if [ "$(ls -A /harbor_cust_cert)" ]; then
-    if grep -q "Photon" /etc/lsb-release; then
-        echo "Appending trust CA to ca-bundle ..."
-        for z in /harbor_cust_cert/*; do
-            case ${z} in
-                *.crt | *.ca | *.ca-bundle | *.pem)
-                    if [ -d "$z" ]; then
-                        echo "$z is dirictory, skip it ..."
-                    else
-                        cat $z >> /etc/pki/tls/certs/ca-bundle.crt
-                        echo " $z Appended ..."
-                    fi
-                    ;;
-                *) echo "$z is Not ca file ..." ;;
-            esac
-        done
-        echo "CA appending is Done."
-    else
-        echo "Current OS is not Photon, skip appending ca bundle"
-    fi
+# Install /etc/harbor/ssl/{component}/ca.crt to trust CA.
+echo "Appending internal tls trust CA to ca-bundle ..."
+for caFile in `find /etc/harbor/ssl -maxdepth 2 -name ca.crt`; do
+    cat $caFile >> /etc/pki/tls/certs/ca-bundle.crt
+    echo "Internal tls trust CA $caFile appended ..."
+done
+echo "Internal tls trust CA appending is Done."
+
+if [[ -d /harbor_cust_cert && -n "$(ls -A /harbor_cust_cert)" ]]; then
+    echo "Appending trust CA to ca-bundle ..."
+    for z in /harbor_cust_cert/*; do
+        case ${z} in
+            *.crt | *.ca | *.ca-bundle | *.pem)
+                if [ -d "$z" ]; then
+                    echo "$z is dirictory, skip it ..."
+                else
+                    cat $z >> /etc/pki/tls/certs/ca-bundle.crt
+                    echo " $z Appended ..."
+                fi
+                ;;
+            *) echo "$z is Not ca file ..." ;;
+        esac
+    done
+    echo "CA appending is Done."
 fi