docker/quay
1
0
Fork 0
mirror of https://github.com/quay/quay.git synced 2026-01-26 06:21:37 +03:00
Code Activity
Files
master
quay/conf/init/certs_install.sh
Brandon Caton 7c72cdd49c init: dynamically looking up python user base (PROJQUAY-9011) (#4055) 
Add check for ubi8 to install based on python user base env variable.
2025-06-13 11:13:35 -04:00

83 lines
2.5 KiB
Bash
Executable File
Raw Permalink Blame History

#! /bin/bash
set -e
QUAYPATH=${QUAYPATH:-"."}
QUAYCONF=${QUAYCONF:-"$QUAYPATH/conf"}
QUAYCONFIG=${QUAYCONFIG:-"$QUAYCONF/stack"}
CERTDIR=${CERTDIR:-"$QUAYCONFIG/extra_ca_certs"}
SYSTEM_CERTDIR=${SYSTEM_CERTDIR:-"/etc/pki/ca-trust/source/anchors"}
if grep -q 'VERSION_ID="8' /etc/os-release; then
PYTHONUSERBASE_SITE_PACKAGE=${PYTHONUSERBASE_SITE_PACKAGE:-"$(python -m site --user-site)"}
else
PYTHONUSERBASE_SITE_PACKAGE=/opt/app-root/lib/python3.12/site-packages
fi
cd ${QUAYDIR:-"/quay-registry"}
# Add the custom LDAP certificate
if [ -e $QUAYCONFIG/ldap.crt ]; then
cp $QUAYCONFIG/ldap.crt ${SYSTEM_CERTDIR}/ldap.crt
fi
# Add extra trusted certificates (as a directory)
if [ -d $CERTDIR ]; then
if test "$(ls -A "$CERTDIR")"; then
echo "Installing extra certificates found in $CERTDIR directory"
cp $CERTDIR/* ${SYSTEM_CERTDIR}
CERT_FILES="$CERTDIR/*"
for f in $CERT_FILES
do
lastline=$(tail -c 1 $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem)
if [ "$lastline" != "" ]; then
echo >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
fi
cat $f >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
done
fi
fi
# Add extra trusted certificates (as a file)
if [ -f $CERTDIR ]; then
echo "Installing extra certificates found in $CERTDIR file"
csplit -z -f ${SYSTEM_CERTDIR}/extra-ca- $CERTDIR '/-----BEGIN CERTIFICATE-----/' '{*}'
lastline=$(tail -c 1 $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem)
if [ "$lastline" != "" ]; then
echo >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
fi
cat $CERTDIR >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
fi
# Add extra trusted certificates (prefixed)
for f in $(find -L $QUAYCONFIG/ -maxdepth 1 -type f -name "extra_ca*")
do
echo "Installing extra cert $f"
cp "$f" ${SYSTEM_CERTDIR}
lastline=$(tail -c 1 $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem)
if [ "$lastline" != "" ]; then
echo >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
fi
cat "$f" >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
done
# Update all CA certificates.
# hack for UBI9, extract it a temp location and move
# to /etc/pki after because of permission issues.
# All ubi8 specific code should be removed after UBI9 is fully supported, see PROJQUAY-9013
if grep -q 'VERSION_ID="8' /etc/os-release; then
update-ca-trust extract
else
mkdir -p /tmp/extracted
rm -rf /etc/pki/ca-trust/extracted
update-ca-trust extract -o /tmp/extracted
chmod ug+w -R /tmp/extracted
mv /tmp/extracted /etc/pki/ca-trust
fi
View Git Blame Copy Permalink