[bitnami/harbor-notary-server] Release 2.6.2-debian-11-r10 (#16401)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

bitnami/harbor-notary-server/2/debian-11/Dockerfile

@@ -4,7 +4,7 @@ ARG TARGETARCH
 
 LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \
       org.opencontainers.image.description="Application packaged by Bitnami" \
-      org.opencontainers.image.ref.name="2.6.2-debian-11-r9" \
+      org.opencontainers.image.ref.name="2.6.2-debian-11-r10" \
       org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/harbor-notary-server" \
       org.opencontainers.image.title="harbor-notary-server" \
       org.opencontainers.image.vendor="VMware, Inc." \

bitnami/harbor-notary-server/2/debian-11/config/notary/server-config.postgres.json

@@ -1,28 +1,28 @@
 {
-	"server": {
-		"http_addr": ":4443"
-	},
-	"trust_service": {
-		"type": "remote",
-		"hostname": "notarysigner",
-		"port": "7899",
-		"tls_ca_file": "./notary-signer-ca.crt",
-		"key_algorithm": "ecdsa"
-	},
-	"logging": {
-		"level": "debug"
-	},
-	"storage": {
-		"backend": "postgres",
-		"db_url": "postgres://server:password@postgresql:5432/notaryserver?sslmode=disable"
-    },
-    "auth": {
-        "type": "token",
-        "options": {
-            "realm": "https://reg.mydomain.com/service/token",
-            "service": "harbor-notary",
-            "issuer": "harbor-token-issuer",
-            "rootcertbundle": "/etc/notary/root.crt"
-        }
+  "server": {
+    "http_addr": ":4443"
+  },
+  "trust_service": {
+    "type": "remote",
+    "hostname": "notarysigner",
+    "port": "7899",
+    "tls_ca_file": "./notary-signer-ca.crt",
+    "key_algorithm": "ecdsa"
+  },
+  "logging": {
+    "level": "debug"
+  },
+  "storage": {
+    "backend": "postgres",
+    "db_url": "postgres://server:password@postgresql:5432/notaryserver?sslmode=disable"
+  },
+  "auth": {
+    "type": "token",
+    "options": {
+      "realm": "https://reg.mydomain.com/service/token",
+      "service": "harbor-notary",
+      "issuer": "harbor-token-issuer",
+      "rootcertbundle": "/etc/notary/root.crt"
     }
+  }
 }

bitnami/harbor-notary-server/2/debian-11/config/notary/signer-config.postgres.json

@@ -1,15 +1,15 @@
 {
-	"server": {
-		"grpc_addr": ":7899",
-		"tls_cert_file": "./notary-signer.crt",
-		"tls_key_file": "./notary-signer.key"
-	},
-	"logging": {
-		"level": "debug"
-	},
-    "storage": {
-        "backend": "postgres",
-			"db_url": "postgres://signer:password@postgresql:5432/notarysigner?sslmode=disable",
-		    "default_alias": "defaultalias"
-    }
-}  
+  "server": {
+    "grpc_addr": ":7899",
+    "tls_cert_file": "./notary-signer.crt",
+    "tls_key_file": "./notary-signer.key"
+  },
+  "logging": {
+    "level": "debug"
+  },
+  "storage": {
+    "backend": "postgres",
+    "db_url": "postgres://signer:password@postgresql:5432/notarysigner?sslmode=disable",
+    "default_alias": "defaultalias"
+  }
+}

bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server-env.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+#
+# Environment configuration for harbor-notary-server
+
+# The values for all environment variables will be set in the below order of precedence
+# 1. Custom environment variables defined below after Bitnami defaults
+# 2. Constants defined in this file (environment variables with no default), i.e. BITNAMI_ROOT_DIR
+# 3. Environment variables overridden via external files using *_FILE variables (see below)
+# 4. Environment variables set externally (i.e. current Bash context/Dockerfile/userdata)
+
+# Load logging library
+# shellcheck disable=SC1090,SC1091
+. /opt/bitnami/scripts/liblog.sh
+
+export BITNAMI_ROOT_DIR="/opt/bitnami"
+export BITNAMI_VOLUME_DIR="/bitnami"
+
+# Logging configuration
+export MODULE="${MODULE:-harbor-notary-server}"
+export BITNAMI_DEBUG="${BITNAMI_DEBUG:-false}"
+
+# Paths
+export HARBOR_NOTARY_SERVER_BASE_DIR="${BITNAMI_ROOT_DIR}/harbor-notary-server"
+export PATH="${BITNAMI_ROOT_DIR}/common/bin:${PATH}"
+
+# System users
+export HARBOR_NOTARY_SERVER_DAEMON_USER="harbor"
+export HARBOR_NOTARY_SERVER_DAEMON_GROUP="harbor"
+
+# Custom environment variables may be defined below

bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/entrypoint.sh

@@ -5,7 +5,7 @@
 set -o errexit
 set -o nounset
 set -o pipefail
-#set -o xtrace
+# set -o xtrace # Uncomment this line for debugging purposes
 
 # Load libraries
 . /opt/bitnami/scripts/libbitnami.sh
@@ -13,9 +13,9 @@ set -o pipefail
 print_welcome_page
 
 if [[ "$1" = "/opt/bitnami/scripts/harbor-notary-server/run.sh" ]]; then
-    info "** Starting Harbor Notary Server setup **"
+    info "** Starting harbor-notary-server setup **"
     /opt/bitnami/scripts/harbor-notary-server/setup.sh
-    info "** Harbor Notary Server setup finished! **"
+    info "** harbor-notary-server setup finished! **"
 fi
 
 echo ""

bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/postunpack.sh

@@ -2,14 +2,26 @@
 
 # shellcheck disable=SC1091
 
+set -o errexit
+set -o nounset
+set -o pipefail
+# set -o xtrace # Uncomment this line for debugging purposes
+
 # Load libraries
 . /opt/bitnami/scripts/libfs.sh
+. /opt/bitnami/scripts/libos.sh
+. /opt/bitnami/scripts/libservice.sh
+. /opt/bitnami/scripts/libharbor.sh
 
-# Ensure a set of directories exist
+# Load environment
+. /opt/bitnami/scripts/harbor-notary-server-env.sh
+
+ensure_user_exists "$HARBOR_NOTARY_SERVER_DAEMON_USER" --group "$HARBOR_NOTARY_SERVER_DAEMON_GROUP"
+
+# Ensure a set of directories exist and the non-root user has write privileges to them
 ensure_dir_exists "/etc/notary"
-
-# Ensure the non-root user has writing permission at a set of directories
 chmod -R g+rwX "/etc/notary"
+chown -R "$HARBOR_NOTARY_SERVER_DAEMON_USER" "/etc/notary"
 
 # Fix for CentOS Internal TLS
 if [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then

bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/run.sh

@@ -5,19 +5,26 @@
 set -o errexit
 set -o nounset
 set -o pipefail
-#set -o xtrace
+# set -o xtrace # Uncomment this line for debugging purposes
 
 # Load libraries
 . /opt/bitnami/scripts/liblog.sh
+. /opt/bitnami/scripts/libos.sh
 
-readonly cmd=$(command -v notary-server)
-readonly flags=("-config=/etc/notary/server-config.postgres.json" "-logf=logfmt")
-readonly installdir=$(dirname "$(dirname "$cmd")")
+# Load harbor-notary-server environment
+. /opt/bitnami/scripts/harbor-notary-server-env.sh
 
-cd "$installdir"
+CMD="$(command -v notary-server)"
+FLAGS=("-config=/etc/notary/server-config.postgres.json" "-logf=logfmt")
 
-info "Running Harbor Notary Server migrations"
-"$installdir"/migrations/migrate.sh
+cd "$HARBOR_NOTARY_SERVER_BASE_DIR"
 
-info "** Starting Harbor Notary Server **"
-exec "$cmd" "${flags[@]}"
+info "Running harbor-notary-server migrations"
+migrations/migrate.sh
+
+info "** Starting harbor-notary-server **"
+if am_i_root; then
+    exec gosu "$HARBOR_NOTARY_SERVER_DAEMON_USER" "$CMD" "${FLAGS[@]}"
+else
+    exec "$CMD" "${FLAGS[@]}"
+fi

bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/harbor-notary-server/setup.sh

@@ -5,11 +5,15 @@
 set -o errexit
 set -o nounset
 set -o pipefail
-# set -o xtrace
+# set -o xtrace # Uncomment this line for debugging purposes
 
 # Load libraries
 . /opt/bitnami/scripts/liblog.sh
 . /opt/bitnami/scripts/libvalidations.sh
+. /opt/bitnami/scripts/libharbor.sh
+
+# Load environment
+. /opt/bitnami/scripts/harbor-notary-server-env.sh
 
 # Auxiliar Functions
 
@@ -21,7 +25,7 @@ set -o pipefail
 #   None
 #########################
 harbor_notary_server_validate() {
-    info "Validating Harbor Notary Server settings..."
+    info "Validating harbor-notary-server settings..."
 
     if [[ ! -f "/etc/notary/server-config.postgres.json" ]]; then
         error "No configuration file was detected. Please mount your configuration file at \"/etc/notary/server-config.postgres.json\""
@@ -29,5 +33,5 @@ harbor_notary_server_validate() {
     fi
 }
 
-# Ensure Harbor Notary Server settings are valid
+# Ensure harbor-notary-server settings are valid
 harbor_notary_server_validate

bitnami/harbor-notary-server/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh

@@ -0,0 +1,614 @@
+#!/bin/bash
+#
+# Bitnami Harbor library
+
+# shellcheck disable=SC1091
+
+# Load Generic Libraries
+. /opt/bitnami/scripts/liblog.sh
+. /opt/bitnami/scripts/libos.sh
+. /opt/bitnami/scripts/libservice.sh
+
+########################
+# Get the paths relevant to CA certs depending
+# on the OS
+# Globals:
+#   OS_FLAVOUR
+# Arguments:
+#   None
+# Returns:
+#   A series of paths relevant to CA certs
+#   depending on the OS.
+#########################
+get_system_cert_paths() {
+    if [[ "$OS_FLAVOUR" =~ ^(debian|ubuntu)-.*$ ]]; then
+        echo "/etc/ssl/certs/"
+    elif [[ "$OS_FLAVOUR" =~ ^(centos|photon)-.*$ ]]; then
+        echo "/etc/pki/tls/certs/"
+    else
+        # Check the existence of generic paths when OS_FLAVOR does
+        # not match
+        if [[ -d /etc/ssl/certs/ ]] ; then
+            echo "/etc/ssl/certs/"
+        elif [[ -d /etc/pki/tls/certs/ ]]; then
+            echo "/etc/pki/tls/certs/"
+        else
+            error "Could not determine relevant CA paths for this OS Flavour"
+        fi
+    fi
+}
+
+########################
+# Place a given certificate in the correct location for installation
+# depending on the OS
+# Globals:
+#   OS_FLAVOUR*
+# Arguments:
+#   $1 - certificate to be installed
+# Returns:
+#   None
+#########################
+install_cert() {
+    local -r cert="${1:?missing certificate}"
+
+    if [[ "$OS_FLAVOUR" =~ ^(debian|ubuntu)-.*$ ]]; then
+        cat "$cert" >> /etc/ssl/certs/ca-certificates.crt
+    elif [[ "$OS_FLAVOUR" =~ ^(centos|photon)-.*$ ]]; then
+        cat "$cert" >> /etc/pki/tls/certs/ca-bundle.crt
+    else
+        # Check the existence of generic ca-bundles when OS_FLAVOR does
+        # not match
+        if [[ -f /etc/ssl/certs/ca-certificates.crt ]] ; then
+            cat "$cert" >> /etc/ssl/certs/ca-certificates.crt
+        elif [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then
+            cat "$cert" >> /etc/pki/tls/certs/ca-bundle.crt
+        else
+            error "Could not install CA certificate ${cert} CA in this OS Flavour"
+        fi
+    fi
+}
+
+########################
+# Install CA certificates found under the specific paths
+# Globals:
+#   None
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+install_custom_certs() {
+    local installed=false
+
+    # Install any internalTLS CA authority certificate, found under
+    # /etc/harbor/ssl/{component}/ca.crt
+    if [[ -d /etc/harbor/ssl ]]; then
+        info "Appending internalTLS trust CA cert..."
+        while IFS= read -r -d '' caCert; do
+            install_cert "$caCert"
+            installed=true
+            debug "Internal tls trust CA $caCert copied"
+        done < <(find /etc/harbor/ssl -maxdepth 2 -name ca.crt -print0)
+        info "interalTLS CA certs appending done!"
+    fi
+
+    # Install any other custom certificate provided by the end user under the path
+    # /harbor_cust_cert
+    if [[ -d /harbor_cust_cert ]]; then
+        info "Appending custom trust CA certs ..."
+        for certFile in /harbor_cust_cert/*; do
+            case ${certFile} in
+                *.crt | *.ca | *.ca-bundle | *.pem)
+                    if [[ -d "$certFile" ]]; then
+                        debug "$certFile is a directory, skipping it"
+                    else
+                        install_cert "$certFile"
+                        installed=true
+                        debug "Custom CA cert $certFile copied"
+                    fi
+                    ;;
+                *) debug "$certFile is not a CA cert file, skipping it" ;;
+            esac
+        done
+    fi
+
+    if [[ "$installed" = true ]]; then
+        info "Custom certificates were installed in the system!"
+    else
+        info "No custom certificates were installed in the system"
+    fi
+}
+
+########################
+# Generate an .env file contents given an input string containing all envvars
+# Arguments:
+#   None
+# Returns:
+#   String
+#########################
+harbor_generate_env_file_contents() {
+    local -r envvars_string="${1:?missing envvars}"
+    echo "#!/bin/bash"
+    while IFS= read -r ENV_VAR_LINE; do
+        if [[ ! "$ENV_VAR_LINE" =~ ^[A-Z_] ]]; then
+            continue
+        fi
+        ENV_VAR_NAME="${ENV_VAR_LINE/=*}"
+        ENV_VAR_VALUE="${ENV_VAR_LINE#*=}"
+        # Use single quotes to avoid shell expansion, and escape to be parsed properly (even if it contains quotes)
+        # Escape the value, so it can be parsed as a variable even with quotes set
+        echo "export ${ENV_VAR_NAME}='${ENV_VAR_VALUE//\'/\'\\\'\'}'"
+    done <<< "$envvars_string"
+}
+
+########################
+# Print harbor-core runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_core_print_env() {
+    # The CSRF key can only be up to 32 characters long
+    HARBOR_CORE_CFG_CSRF_KEY="${HARBOR_CORE_CFG_CSRF_KEY:0:32}"
+    for var in "${!HARBOR_CORE_CFG_@}"; do
+        echo "${var/HARBOR_CORE_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-core is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_core_running() {
+    # harbor-core does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v harbor_core)" > "$HARBOR_CORE_PID_FILE"
+
+    pid="$(get_pid_from_file "$HARBOR_CORE_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-core is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_core_not_running() {
+    ! is_harbor_core_running
+}
+
+########################
+# Stop harbor-core
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_core_stop() {
+    ! is_harbor_core_running && return
+    stop_service_using_pid "$HARBOR_CORE_PID_FILE"
+}
+
+########################
+# Print harbor-jobservice runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_jobservice_print_env() {
+    for var in "${!HARBOR_JOBSERVICE_CFG_@}"; do
+        echo "${var/HARBOR_JOBSERVICE_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-jobservice is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_jobservice_running() {
+    # harbor-jobservice does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v harbor_jobservice)" > "$HARBOR_JOBSERVICE_PID_FILE"
+
+    pid="$(get_pid_from_file "$HARBOR_JOBSERVICE_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-jobservice is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_jobservice_not_running() {
+    ! is_harbor_jobservice_running
+}
+
+########################
+# Stop harbor-jobservice
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_jobservice_stop() {
+    ! is_harbor_jobservice_running && return
+    stop_service_using_pid "$HARBOR_JOBSERVICE_PID_FILE"
+}
+
+########################
+# Print harbor-notary-server runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_notary_server_print_env() {
+    if [[ -n "${HARBOR_NOTARY_SERVER_DATABASE_NAME:-}" ]]; then
+        HARBOR_NOTARY_SERVER_CFG_DB_URL="postgres://${HARBOR_NOTARY_SERVER_DATABASE_USERNAME:-}:${HARBOR_NOTARY_SERVER_DATABASE_PASSWORD:-}@${HARBOR_NOTARY_SERVER_DATABASE_HOST:-127.0.0.1}:${HARBOR_NOTARY_SERVER_DATABASE_PORT_NUMBER:-5432}/${HARBOR_NOTARY_SERVER_DATABASE_NAME}?sslmode=${HARBOR_NOTARY_SERVER_DATABASE_SSLMODE:-disable}"
+    fi
+    for var in "${!HARBOR_NOTARY_SERVER_CFG_@}"; do
+        echo "${var/HARBOR_NOTARY_SERVER_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-notary-server is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_notary_server_running() {
+    # harbor-notary-server does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v notary-server)" > "$HARBOR_NOTARY_SERVER_PID_FILE"
+
+    pid="$(get_pid_from_file "$HARBOR_NOTARY_SERVER_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-notary-server is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_notary_server_not_running() {
+    ! is_harbor_notary_server_running
+}
+
+########################
+# Stop harbor-notary-server
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_notary_server_stop() {
+    ! is_harbor_notary_server_running && return
+    stop_service_using_pid "$HARBOR_NOTARY_SERVER_PID_FILE"
+}
+
+########################
+# Print harbor-notary-signer runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_notary_signer_print_env() {
+    if [[ -n "${HARBOR_NOTARY_SIGNER_DATABASE_NAME:-}" ]]; then
+        HARBOR_NOTARY_SIGNER_CFG_DB_URL="postgres://${HARBOR_NOTARY_SIGNER_DATABASE_USERNAME:-}:${HARBOR_NOTARY_SIGNER_DATABASE_PASSWORD:-}@${HARBOR_NOTARY_SIGNER_DATABASE_HOST:-127.0.0.1}:${HARBOR_NOTARY_SIGNER_DATABASE_PORT_NUMBER:-5432}/${HARBOR_NOTARY_SIGNER_DATABASE_NAME}?sslmode=${HARBOR_NOTARY_SIGNER_DATABASE_SSLMODE:-disable}"
+    fi
+    for var in "${!HARBOR_NOTARY_SIGNER_CFG_@}"; do
+        echo "${var/HARBOR_NOTARY_SIGNER_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-notary-signer is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_notary_signer_running() {
+    # harbor-notary-signer does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v notary-signer)" > "$HARBOR_NOTARY_SIGNER_PID_FILE"
+
+    pid="$(get_pid_from_file "$HARBOR_NOTARY_SIGNER_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-notary-signer is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_notary_signer_not_running() {
+    ! is_harbor_notary_signer_running
+}
+
+########################
+# Stop harbor-notary-signer
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_notary_signer_stop() {
+    ! is_harbor_notary_signer_running && return
+    stop_service_using_pid "$HARBOR_NOTARY_SIGNER_PID_FILE"
+}
+
+########################
+# Print harbor-registry runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_registry_print_env() {
+    if [[ -n "$HARBOR_REGISTRY_USER" && -n "$HARBOR_REGISTRY_PASSWORD" ]]; then
+        HARBOR_REGISTRY_CFG_REGISTRY_HTPASSWD="$(htpasswd -nbBC10 "$HARBOR_REGISTRY_USER" "$HARBOR_REGISTRY_PASSWORD")"
+        # Update passwd file
+        echo "$HARBOR_REGISTRY_CFG_REGISTRY_HTPASSWD" >/etc/registry/passwd
+    fi
+    for var in "${!HARBOR_REGISTRY_CFG_@}"; do
+        echo "${var/HARBOR_REGISTRY_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-registry is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_registry_running() {
+    # harbor-registry does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v registry)" > "$HARBOR_REGISTRY_PID_FILE"
+
+    pid="$(get_pid_from_file "$HARBOR_REGISTRY_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-registry is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_registry_not_running() {
+    ! is_harbor_registry_running
+}
+
+########################
+# Stop harbor-registry
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_registry_stop() {
+    ! is_harbor_registry_running && return
+    stop_service_using_pid "$HARBOR_REGISTRY_PID_FILE"
+}
+
+########################
+# Print harbor-registryctl runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_registryctl_print_env() {
+    if [[ -n "$HARBOR_REGISTRYCTL_USER" && -n "$HARBOR_REGISTRYCTL_PASSWORD" ]]; then
+        HARBOR_REGISTRYCTL_CFG_REGISTRY_HTPASSWD="$(htpasswd -nbBC10 "$HARBOR_REGISTRYCTL_USER" "$HARBOR_REGISTRYCTL_PASSWORD")"
+        # Update passwd file
+        echo "$HARBOR_REGISTRYCTL_CFG_REGISTRY_HTPASSWD" >/etc/registry/passwd
+    fi
+    for var in "${!HARBOR_REGISTRYCTL_CFG_@}"; do
+        echo "${var/HARBOR_REGISTRYCTL_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-registryctl is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_registryctl_running() {
+    # harbor-registryctl does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v harbor_registryctl)" > "$HARBOR_REGISTRYCTL_PID_FILE"
+
+    pid="$(get_pid_from_file "$HARBOR_REGISTRYCTL_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-registryctl is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_registryctl_not_running() {
+    ! is_harbor_registryctl_running
+}
+
+########################
+# Stop harbor-registryctl
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_registryctl_stop() {
+    ! is_harbor_registryctl_running && return
+    stop_service_using_pid "$HARBOR_REGISTRYCTL_PID_FILE"
+    # The service may not respond properly to the default kill signal, so send a SIGKILL if it fails
+    local -r retries=5
+    local -r sleep_time=1
+    if ! retry_while "is_harbor_registryctl_not_running" "$retries" "$sleep_time"; then
+        stop_service_using_pid "$HARBOR_REGISTRYCTL_PID_FILE" SIGKILL
+    fi
+}
+
+########################
+# Print harbor-adapter-trivy runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+harbor_adapter_trivy_print_env() {
+    for var in "${!SCANNER_TRIVY_CFG_@}"; do
+        echo "${var/SCANNER_TRIVY_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if harbor-adapter-trivy is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_adapter_trivy_running() {
+    # harbor-adapter-trivy does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v scanner-trivy)" > "$SCANNER_TRIVY_PID_FILE"
+
+    pid="$(get_pid_from_file "$SCANNER_TRIVY_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if harbor-adapter-trivy is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_harbor_adapter_trivy_not_running() {
+    ! is_harbor_adapter_trivy_running
+}
+
+########################
+# Stop harbor-adapter-trivy
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+harbor_adapter_trivy_stop() {
+    ! is_harbor_adapter_trivy_running && return
+    stop_service_using_pid "$SCANNER_TRIVY_PID_FILE"
+}
+
+########################
+# Print chartmuseum runtime environment
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+chartmuseum_print_env() {
+    for var in "${!CHARTMUSEUM_CFG_@}"; do
+        echo "${var/CHARTMUSEUM_CFG_/}=${!var}"
+    done
+}
+
+########################
+# Check if chartmuseum is running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_chartmuseum_running() {
+    # chartmuseum does not create any PID file
+    # We regenerate the PID file for each time we query it to avoid getting outdated
+    pgrep -f "$(command -v chartmuseum)" > "$CHARTMUSEUM_PID_FILE"
+
+    pid="$(get_pid_from_file "$CHARTMUSEUM_PID_FILE")"
+    if [[ -n "$pid" ]]; then
+        is_service_running "$pid"
+    else
+        false
+    fi
+}
+
+########################
+# Check if chartmuseum is not running
+# Arguments:
+#   None
+# Returns:
+#   Boolean
+#########################
+is_chartmuseum_not_running() {
+    ! is_chartmuseum_running
+}
+
+########################
+# Stop chartmuseum
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+chartmuseum_stop() {
+    ! is_chartmuseum_running && return
+    stop_service_using_pid "$CHARTMUSEUM_PID_FILE"
+}