[bitnami/harbor-core] Release 2.7.0-debian-11-r9 (#20172)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

bitnami/harbor-core/2/debian-11/Dockerfile

@@ -5,7 +5,7 @@ ARG TARGETARCH
 LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \
       org.opencontainers.image.description="Application packaged by Bitnami" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="2.7.0-debian-11-r8" \
+      org.opencontainers.image.ref.name="2.7.0-debian-11-r9" \
       org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/harbor-core" \
       org.opencontainers.image.title="harbor-core" \
       org.opencontainers.image.vendor="VMware, Inc." \

bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/harbor-core/entrypoint.sh

@@ -12,7 +12,7 @@ set -o pipefail
 
 print_welcome_page
 
-if [[ "$*" = "harbor_core" ]]; then
+if [[ "$1" = "/opt/bitnami/scripts/harbor-core/run.sh" ]]; then
     info "** Starting harbor-core setup **"
     /opt/bitnami/scripts/harbor-core/setup.sh
     info "** harbor-core setup finished! **"

bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/harbor-core/postunpack.sh

@@ -27,14 +27,8 @@ for dir in "/etc/core" "/data"; do
     chown -R "$HARBOR_CORE_DAEMON_USER" "$dir"
 done
 
-# Fix for CentOS Internal TLS
-if [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then
-    chmod g+w /etc/pki/tls/certs/ca-bundle.crt
-fi
-
-if [[ -f /etc/pki/tls/certs/ca-bundle.trust.crt ]]; then
-    chmod g+w /etc/pki/tls/certs/ca-bundle.trust.crt
-fi
+# Ensure permissions for Internal TLS
+configure_permissions_system_certs
 
 # Add persisted configuration
 ln -sf "${HARBOR_CORE_VOLUME_DIR}/certificates" /etc/core/certificates

bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh

@@ -38,6 +38,47 @@ get_system_cert_paths() {
     fi
 }
 
+########################
+# Ensure CA bundles allows users in root group install new certificate
+# Globals:
+#   OS_FLAVOUR
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+configure_permissions_system_certs() {
+    local -r owner="${1:-}"
+    # Debian
+    set_permissions_ownership "/etc/pki/tls/certs/ca-bundle.crt" "$owner"
+    # Centos/Phonton
+    set_permissions_ownership "/etc/pki/tls/certs/ca-bundle.trust.crt" "$owner"
+    set_permissions_ownership "/etc/ssl/certs/ca-certificates.crt" "$owner"
+}
+
+########################
+# Grant group write permissions to the file provided and change ownership if a the owner argument is set.
+# If the path is not a file, then do nothing.
+# Globals:
+#   OS_FLAVOUR
+# Arguments:
+#   $1 - path
+#   $2 - owner
+# Returns:
+#   None
+#########################
+set_permissions_ownership() {
+    local -r path="${1:?path is missing}"
+    local -r owner="${2:-}"
+
+    if [[ -f "$path" ]]; then
+        chmod g+w "$path"
+        if [[ -n "$owner" ]]; then
+            chown "$owner" "$path"
+        fi
+    fi
+}
+
 ########################
 # Place a given certificate in the correct location for installation
 # depending on the OS