quay/conf/init/certs_install.sh

#! /bin/bash
set -e
QUAYPATH=${QUAYPATH:-"."}
QUAYCONF=${QUAYCONF:-"$QUAYPATH/conf"}
QUAYCONFIG=${QUAYCONFIG:-"$QUAYCONF/stack"}
CERTDIR=${CERTDIR:-"$QUAYCONFIG/extra_ca_certs"}

# If we're running under kube, the previous script (02_get_kube_certs.sh) will put the certs in a different location
if [[ "$KUBERNETES_SERVICE_HOST" != "" ]];then
    CERTDIR=${KUBE_EXTRA_CA_CERTDIR:-"$QUAYPATH/conf/kube_extra_certs"}
fi

cd ${QUAYDIR:-"/quay-registry"}

# Add the custom LDAP certificate
if [ -e $QUAYCONFIG/ldap.crt ]
then
  cp $QUAYCONFIG/ldap.crt /usr/local/share/ca-certificates/ldap.crt
fi

# Add extra trusted certificates (as a directory)
if [ -d $CERTDIR ]; then
  if test "$(ls -A "$CERTDIR")"; then
      echo "Installing extra certificates found in $CERTDIR directory"
      cp $CERTDIR/* /usr/local/share/ca-certificates/
      cat $CERTDIR/* >> venv/lib/python2.7/site-packages/requests/cacert.pem
      cat $CERTDIR/* >> venv/lib/python2.7/site-packages/certifi/cacert.pem
  fi
fi

# Add extra trusted certificates (as a file)
if [ -f $CERTDIR ]; then
  echo "Installing extra certificates found in $CERTDIR file"
  csplit -z -f /usr/local/share/ca-certificates/extra-ca- $CERTDIR  '/-----BEGIN CERTIFICATE-----/' '{*}'
  cat $CERTDIR >> venv/lib/python2.7/site-packages/requests/cacert.pem
  cat $CERTDIR >> venv/lib/python2.7/site-packages/certifi/cacert.pem
fi

# Add extra trusted certificates (prefixed)
for f in $(find $QUAYCONFIG/ -maxdepth 1 -type f -name "extra_ca*")
do
 echo "Installing extra cert $f"
 cp "$f" /usr/local/share/ca-certificates/
 cat "$f" >> venv/lib/python2.7/site-packages/requests/cacert.pem
 cat "$f" >> venv/lib/python2.7/site-packages/certifi/cacert.pem
done

# Update all CA certificates.
update-ca-certificates
Fix handling of custom LDAP cert This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs Fixes #1846 2016-09-19 21:55:08 +00:00			`#! /bin/bash`
			`set -e`
Use $QUAYPATH and $QUAYDIR in conf and init files 2017-02-01 23:17:25 +00:00			`QUAYPATH=${QUAYPATH:-"."}`
Fix certs install script (again) 2018-08-23 17:33:57 +00:00			`QUAYCONF=${QUAYCONF:-"$QUAYPATH/conf"}`
Override config directory in certs install script in config app 2018-07-18 18:21:25 +00:00			`QUAYCONFIG=${QUAYCONFIG:-"$QUAYCONF/stack"}`
Fix certs install script (again) 2018-08-23 17:33:57 +00:00			`CERTDIR=${CERTDIR:-"$QUAYCONFIG/extra_ca_certs"}`
Add init script to download extra ca certs 2018-08-16 19:42:01 +00:00
			`# If we're running under kube, the previous script (02_get_kube_certs.sh) will put the certs in a different location`
			`if [[ "$KUBERNETES_SERVICE_HOST" != "" ]];then`
			`CERTDIR=${KUBE_EXTRA_CA_CERTDIR:-"$QUAYPATH/conf/kube_extra_certs"}`
			`fi`
Use $QUAYPATH and $QUAYDIR in conf and init files 2017-02-01 23:17:25 +00:00
Modify ldap validator to just check user existence Remove auth user check from updating config app config remove duplicate certs install script 2018-07-11 20:03:36 +00:00			`cd ${QUAYDIR:-"/quay-registry"}`
Fix handling of custom LDAP cert This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs Fixes #1846 2016-09-19 21:55:08 +00:00
			`# Add the custom LDAP certificate`
Change cert install script to read from config dir Temporarily breaks the config app certs install, which will be fixed later. 2018-07-18 18:01:07 +00:00			`if [ -e $QUAYCONFIG/ldap.crt ]`
Fix handling of custom LDAP cert This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs Fixes #1846 2016-09-19 21:55:08 +00:00			`then`
Change cert install script to read from config dir Temporarily breaks the config app certs install, which will be fixed later. 2018-07-18 18:01:07 +00:00			`cp $QUAYCONFIG/ldap.crt /usr/local/share/ca-certificates/ldap.crt`
Fix handling of custom LDAP cert This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs Fixes #1846 2016-09-19 21:55:08 +00:00			`fi`

Have certs_install install all custom certs for requests as well Also supports `extra_ca_certs` being a single file, which is useful for the Kubernetes configmap case Fixes https://www.pivotaltracker.com/story/show/134302623 2016-11-30 19:04:26 +00:00			`# Add extra trusted certificates (as a directory)`
Add init script to download extra ca certs 2018-08-16 19:42:01 +00:00			`if [ -d $CERTDIR ]; then`
			`if test "$(ls -A "$CERTDIR")"; then`
			`echo "Installing extra certificates found in $CERTDIR directory"`
			`cp $CERTDIR/* /usr/local/share/ca-certificates/`
			`cat $CERTDIR/* >> venv/lib/python2.7/site-packages/requests/cacert.pem`
			`cat $CERTDIR/* >> venv/lib/python2.7/site-packages/certifi/cacert.pem`
Make certs_install not fail if the extra_ca_certs dir is empty Stupid `cp` will fail if the source dir is empty 2017-01-26 20:17:18 +00:00			`fi`
Fix handling of custom LDAP cert This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs Fixes #1846 2016-09-19 21:55:08 +00:00			`fi`

Have certs_install install all custom certs for requests as well Also supports `extra_ca_certs` being a single file, which is useful for the Kubernetes configmap case Fixes https://www.pivotaltracker.com/story/show/134302623 2016-11-30 19:04:26 +00:00			`# Add extra trusted certificates (as a file)`
Add init script to download extra ca certs 2018-08-16 19:42:01 +00:00			`if [ -f $CERTDIR ]; then`
			`echo "Installing extra certificates found in $CERTDIR file"`
			`csplit -z -f /usr/local/share/ca-certificates/extra-ca- $CERTDIR '/-----BEGIN CERTIFICATE-----/' '{*}'`
			`cat $CERTDIR >> venv/lib/python2.7/site-packages/requests/cacert.pem`
			`cat $CERTDIR >> venv/lib/python2.7/site-packages/certifi/cacert.pem`
Have certs_install install all custom certs for requests as well Also supports `extra_ca_certs` being a single file, which is useful for the Kubernetes configmap case Fixes https://www.pivotaltracker.com/story/show/134302623 2016-11-30 19:04:26 +00:00			`fi`

fixes install of certs 2017-05-25 21:50:25 +00:00			`# Add extra trusted certificates (prefixed)`
Fix certs install script (again) 2018-08-23 17:33:57 +00:00			`for f in $(find $QUAYCONFIG/ -maxdepth 1 -type f -name "extra_ca*")`
Update cert install scripts to read prefixed names 2017-05-23 17:59:09 +00:00			`do`
			`echo "Installing extra cert $f"`
Add tests for providers and update install script 2017-05-23 19:43:21 +00:00			`cp "$f" /usr/local/share/ca-certificates/`
Use $QUAYPATH and $QUAYDIR in conf and init files 2017-02-01 23:17:25 +00:00			`cat "$f" >> venv/lib/python2.7/site-packages/requests/cacert.pem`
Fix the custom cert install process to install to the new certifi location, in addition to the old location Also updates our requirements around requests 2017-12-15 22:26:44 +00:00			`cat "$f" >> venv/lib/python2.7/site-packages/certifi/cacert.pem`
Update cert install scripts to read prefixed names 2017-05-23 17:59:09 +00:00			`done`

Have certs_install install all custom certs for requests as well Also supports `extra_ca_certs` being a single file, which is useful for the Kubernetes configmap case Fixes https://www.pivotaltracker.com/story/show/134302623 2016-11-30 19:04:26 +00:00			`# Update all CA certificates.`
Fix handling of custom LDAP cert This change moves the LDAP cert installation into a common script and reorganizes the startup scripts for creating and installing these certs Fixes #1846 2016-09-19 21:55:08 +00:00			`update-ca-certificates`