From 62284be41cdfa5ff36f3d814c8d4358e695d5e0a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 13 Jan 2023 12:58:10 +0100 Subject: [PATCH] [bitnami/harbor-registryctl] Release 2.7.0-debian-11-r9 (#20175) Signed-off-by: Bitnami Containers Signed-off-by: Bitnami Containers --- .../harbor-registryctl/2/debian-11/Dockerfile | 2 +- .../scripts/harbor-registryctl/postunpack.sh | 12 +----- .../rootfs/opt/bitnami/scripts/libharbor.sh | 41 +++++++++++++++++++ 3 files changed, 44 insertions(+), 11 deletions(-) diff --git a/bitnami/harbor-registryctl/2/debian-11/Dockerfile b/bitnami/harbor-registryctl/2/debian-11/Dockerfile index 85eaaf07709d..e01eecd814bd 100644 --- a/bitnami/harbor-registryctl/2/debian-11/Dockerfile +++ b/bitnami/harbor-registryctl/2/debian-11/Dockerfile @@ -5,7 +5,7 @@ ARG TARGETARCH LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \ org.opencontainers.image.description="Application packaged by Bitnami" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.7.0-debian-11-r8" \ + org.opencontainers.image.ref.name="2.7.0-debian-11-r9" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/harbor-registryctl" \ org.opencontainers.image.title="harbor-registryctl" \ org.opencontainers.image.vendor="VMware, Inc." \ diff --git a/bitnami/harbor-registryctl/2/debian-11/rootfs/opt/bitnami/scripts/harbor-registryctl/postunpack.sh b/bitnami/harbor-registryctl/2/debian-11/rootfs/opt/bitnami/scripts/harbor-registryctl/postunpack.sh index 8f6292d91e37..5f3f92f7ea04 100755 --- a/bitnami/harbor-registryctl/2/debian-11/rootfs/opt/bitnami/scripts/harbor-registryctl/postunpack.sh +++ b/bitnami/harbor-registryctl/2/debian-11/rootfs/opt/bitnami/scripts/harbor-registryctl/postunpack.sh @@ -30,13 +30,5 @@ done ensure_dir_exists "/etc/registry" ensure_dir_exists "/etc/registryctl" -# Fix for CentOS Internal TLS -if [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then - chmod g+w /etc/pki/tls/certs/ca-bundle.crt - chown "$HARBOR_REGISTRY_DAEMON_USER" /etc/pki/tls/certs/ca-bundle.crt -fi - -if [[ -f /etc/pki/tls/certs/ca-bundle.trust.crt ]]; then - chmod g+w /etc/pki/tls/certs/ca-bundle.trust.crt - chown "$HARBOR_REGISTRY_DAEMON_USER" /etc/pki/tls/certs/ca-bundle.trust.crt -fi +# Ensure permissions for Internal TLS +configure_permissions_system_certs "$HARBOR_REGISTRYCTL_DAEMON_USER" diff --git a/bitnami/harbor-registryctl/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh b/bitnami/harbor-registryctl/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh index 12f60ee61754..ecf190eb4a84 100644 --- a/bitnami/harbor-registryctl/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh +++ b/bitnami/harbor-registryctl/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh @@ -38,6 +38,47 @@ get_system_cert_paths() { fi } +######################## +# Ensure CA bundles allows users in root group install new certificate +# Globals: +# OS_FLAVOUR +# Arguments: +# None +# Returns: +# None +######################### +configure_permissions_system_certs() { + local -r owner="${1:-}" + # Debian + set_permissions_ownership "/etc/pki/tls/certs/ca-bundle.crt" "$owner" + # Centos/Phonton + set_permissions_ownership "/etc/pki/tls/certs/ca-bundle.trust.crt" "$owner" + set_permissions_ownership "/etc/ssl/certs/ca-certificates.crt" "$owner" +} + +######################## +# Grant group write permissions to the file provided and change ownership if a the owner argument is set. +# If the path is not a file, then do nothing. +# Globals: +# OS_FLAVOUR +# Arguments: +# $1 - path +# $2 - owner +# Returns: +# None +######################### +set_permissions_ownership() { + local -r path="${1:?path is missing}" + local -r owner="${2:-}" + + if [[ -f "$path" ]]; then + chmod g+w "$path" + if [[ -n "$owner" ]]; then + chown "$owner" "$path" + fi + fi +} + ######################## # Place a given certificate in the correct location for installation # depending on the OS