[bitnami/harbor-jobservice] Release 2.7.0-debian-11-r9 (#20174)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
2023-01-13 12:57:38 +01:00 · 2023-01-13 12:57:38 +01:00 · 1346ac0c51
parent d34cc76144
commit 1346ac0c51
3 changed files with 44 additions and 9 deletions
--- a/bitnami/harbor-jobservice/2/debian-11/Dockerfile
+++ b/bitnami/harbor-jobservice/2/debian-11/Dockerfile
@ -5,7 +5,7 @@ ARG TARGETARCH
 LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \
      org.opencontainers.image.description="Application packaged by Bitnami" \
      org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="2.7.0-debian-11-r8" \
+      org.opencontainers.image.ref.name="2.7.0-debian-11-r9" \
      org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/harbor-jobservice" \
      org.opencontainers.image.title="harbor-jobservice" \
      org.opencontainers.image.vendor="VMware, Inc." \
--- a/bitnami/harbor-jobservice/2/debian-11/rootfs/opt/bitnami/scripts/harbor-jobservice/postunpack.sh
+++ b/bitnami/harbor-jobservice/2/debian-11/rootfs/opt/bitnami/scripts/harbor-jobservice/postunpack.sh
@ -29,11 +29,5 @@ done

 ensure_dir_exists "/etc/jobservice"

-# Fix for CentOS Internal TLS
-if [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then
-    chmod g+w /etc/pki/tls/certs/ca-bundle.crt
-fi
-
-if [[ -f /etc/pki/tls/certs/ca-bundle.trust.crt ]]; then
-    chmod g+w /etc/pki/tls/certs/ca-bundle.trust.crt
-fi
+# Ensure permissions for Internal TLS
+configure_permissions_system_certs
--- a/bitnami/harbor-jobservice/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh
+++ b/bitnami/harbor-jobservice/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh
@ -38,6 +38,47 @@ get_system_cert_paths() {
    fi
 }

+########################
+# Ensure CA bundles allows users in root group install new certificate
+# Globals:
+#   OS_FLAVOUR
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+configure_permissions_system_certs() {
+    local -r owner="${1:-}"
+    # Debian
+    set_permissions_ownership "/etc/pki/tls/certs/ca-bundle.crt" "$owner"
+    # Centos/Phonton
+    set_permissions_ownership "/etc/pki/tls/certs/ca-bundle.trust.crt" "$owner"
+    set_permissions_ownership "/etc/ssl/certs/ca-certificates.crt" "$owner"
+}
+
+########################
+# Grant group write permissions to the file provided and change ownership if a the owner argument is set.
+# If the path is not a file, then do nothing.
+# Globals:
+#   OS_FLAVOUR
+# Arguments:
+#   $1 - path
+#   $2 - owner
+# Returns:
+#   None
+#########################
+set_permissions_ownership() {
+    local -r path="${1:?path is missing}"
+    local -r owner="${2:-}"
+
+    if [[ -f "$path" ]]; then
+        chmod g+w "$path"
+        if [[ -n "$owner" ]]; then
+            chown "$owner" "$path"
+        fi
+    fi
+}
+
 ########################
 # Place a given certificate in the correct location for installation
 # depending on the OS