Merge pull request #12322 from heww/install-tls-ca

feat(certs): install internal tls ca from /etc/harbor/ssl dir
2024-09-30 22:37:43 +02:00 · 2020-06-25 21:03:35 +08:00 · 2020-06-25 21:03:35 +08:00 · 0474a2a040
commit 0474a2a040
parent ce62d05321 13436b75a6
1 changed files with 29 additions and 20 deletions
--- a/make/photon/common/install_cert.sh
+++ b/make/photon/common/install_cert.sh
@ -2,30 +2,39 @@
 set -e
 if ! grep -q "Photon" /etc/lsb-release; then
    echo "Current OS is not Photon, skip appending ca bundle"
    exit 0
 fi
 if [ ! -f ~/ca-bundle.crt.original ]; then
    cp /etc/pki/tls/certs/ca-bundle.crt ~/ca-bundle.crt.original
 fi
 cp ~/ca-bundle.crt.original /etc/pki/tls/certs/ca-bundle.crt
-if [ "$(ls -A /harbor_cust_cert)" ]; then
+# Install /etc/harbor/ssl/{component}/ca.crt to trust CA.
-    if grep -q "Photon" /etc/lsb-release; then
+echo "Appending internal tls trust CA to ca-bundle ..."
-        echo "Appending trust CA to ca-bundle ..."
+for caFile in `find /etc/harbor/ssl -maxdepth 2 -name ca.crt`; do
-        for z in /harbor_cust_cert/*; do
+    cat $caFile >> /etc/pki/tls/certs/ca-bundle.crt
-            case ${z} in
+    echo "Internal tls trust CA $caFile appended ..."
-                *.crt | *.ca | *.ca-bundle | *.pem)
+done
-                    if [ -d "$z" ]; then
+echo "Internal tls trust CA appending is Done."
-                        echo "$z is dirictory, skip it ..."
+
-                    else
+if [[ -d /harbor_cust_cert && -n "$(ls -A /harbor_cust_cert)" ]]; then
-                        cat $z >> /etc/pki/tls/certs/ca-bundle.crt
+    echo "Appending trust CA to ca-bundle ..."
-                        echo " $z Appended ..."
+    for z in /harbor_cust_cert/*; do
-                    fi
+        case ${z} in
-                    ;;
+            *.crt | *.ca | *.ca-bundle | *.pem)
-                *) echo "$z is Not ca file ..." ;;
+                if [ -d "$z" ]; then
-            esac
+                    echo "$z is dirictory, skip it ..."
-        done
+                else
-        echo "CA appending is Done."
+                    cat $z >> /etc/pki/tls/certs/ca-bundle.crt
-    else
+                    echo " $z Appended ..."
-        echo "Current OS is not Photon, skip appending ca bundle"
+                fi
-    fi
+                ;;
            *) echo "$z is Not ca file ..." ;;
        esac
    done
    echo "CA appending is Done."
 fi