feat(certs): install internal tls ca from /etc/harbor/ssl dir

Closes #10222 Signed-off-by: He Weiwei <hweiwei@vmware.com>
2024-06-25 22:35:11 +02:00 · 2020-06-24 08:58:08 +00:00 · 2020-06-24 08:58:08 +00:00 · 13436b75a6
commit 13436b75a6
parent 2da29808ab
1 changed files with 29 additions and 20 deletions
--- a/make/photon/common/install_cert.sh
+++ b/make/photon/common/install_cert.sh
@ -2,30 +2,39 @@

 set -e

+if ! grep -q "Photon" /etc/lsb-release; then
+    echo "Current OS is not Photon, skip appending ca bundle"
+    exit 0
+fi
+
 if [ ! -f ~/ca-bundle.crt.original ]; then
    cp /etc/pki/tls/certs/ca-bundle.crt ~/ca-bundle.crt.original
 fi

 cp ~/ca-bundle.crt.original /etc/pki/tls/certs/ca-bundle.crt

-if [ "$(ls -A /harbor_cust_cert)" ]; then
-    if grep -q "Photon" /etc/lsb-release; then
-        echo "Appending trust CA to ca-bundle ..."
-        for z in /harbor_cust_cert/*; do
-            case ${z} in
-                *.crt | *.ca | *.ca-bundle | *.pem)
-                    if [ -d "$z" ]; then
-                        echo "$z is dirictory, skip it ..."
-                    else
-                        cat $z >> /etc/pki/tls/certs/ca-bundle.crt
-                        echo " $z Appended ..."
-                    fi
-                    ;;
-                *) echo "$z is Not ca file ..." ;;
-            esac
-        done
-        echo "CA appending is Done."
-    else
-        echo "Current OS is not Photon, skip appending ca bundle"
-    fi
+# Install /etc/harbor/ssl/{component}/ca.crt to trust CA.
+echo "Appending internal tls trust CA to ca-bundle ..."
+for caFile in `find /etc/harbor/ssl -maxdepth 2 -name ca.crt`; do
+    cat $caFile >> /etc/pki/tls/certs/ca-bundle.crt
+    echo "Internal tls trust CA $caFile appended ..."
+done
+echo "Internal tls trust CA appending is Done."
+
+if [[ -d /harbor_cust_cert && -n "$(ls -A /harbor_cust_cert)" ]]; then
+    echo "Appending trust CA to ca-bundle ..."
+    for z in /harbor_cust_cert/*; do
+        case ${z} in
+            *.crt | *.ca | *.ca-bundle | *.pem)
+                if [ -d "$z" ]; then
+                    echo "$z is dirictory, skip it ..."
+                else
+                    cat $z >> /etc/pki/tls/certs/ca-bundle.crt
+                    echo " $z Appended ..."
+                fi
+                ;;
+            *) echo "$z is Not ca file ..." ;;
+        esac
+    done
+    echo "CA appending is Done."
 fi