All certs in /harbor_cust_certs will appended to ca_bundle

Signed-off-by: DQ <dengq@vmware.com>
2024-12-22 16:48:30 +01:00 · 2019-10-17 07:28:53 +00:00 · 2019-10-17 07:28:53 +00:00 · 2529f69fba
commit 2529f69fba
parent b0b63fdeae
1 changed files with 21 additions and 8 deletions
--- a/make/photon/common/install_cert.sh
+++ b/make/photon/common/install_cert.sh
@ -2,16 +2,29 @@

 set -e

-if [ ! -f /etc/pki/tls/certs/ca-bundle.crt.original ]; then
-    cp /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt.original
+if [ ! -f ~/ca-bundle.crt.original ]; then
+    cp /etc/pki/tls/certs/ca-bundle.crt ~/ca-bundle.crt.original
 fi

-if [ -f /harbor_cust_cert/custom-ca-bundle.crt ]; then
+cp ~/ca-bundle.crt.original /etc/pki/tls/certs/ca-bundle.crt
+
+if [ "$(ls -A /harbor_cust_cert)" ]; then
    if grep -q "Photon" /etc/lsb-release; then
-        echo "Appending custom ca bundle ..."
-        cp /etc/pki/tls/certs/ca-bundle.crt.original /etc/pki/tls/certs/ca-bundle.crt
-        cat /harbor_cust_cert/custom-ca-bundle.crt >> /etc/pki/tls/certs/ca-bundle.crt
-        echo "Done."
+        echo "Appending trust CA to ca-bundle ..."
+        for z in /harbor_cust_cert/*; do
+            case ${z} in
+                *.crt | *.ca | *.ca-bundle | *.pem)
+                    if [ -d "$z" ]; then
+                        echo "$z is dirictory, skip it ..."
+                    else
+                        cat $z >> /etc/pki/tls/certs/ca-bundle.crt
+                        echo " $z Appended ..."
+                    fi
+                    ;;
+                *) echo "$z is Not ca file ..." ;;
+            esac
+        done
+        echo "CA appending is Done."
    else
        echo "Current OS is not Photon, skip appending ca bundle"
    fi