diff --git a/bitnami/harbor-core/2/debian-11/Dockerfile b/bitnami/harbor-core/2/debian-11/Dockerfile index 3230519518f6..e097c82a32a6 100644 --- a/bitnami/harbor-core/2/debian-11/Dockerfile +++ b/bitnami/harbor-core/2/debian-11/Dockerfile @@ -5,7 +5,7 @@ ARG TARGETARCH LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \ org.opencontainers.image.description="Application packaged by Bitnami" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="2.7.0-debian-11-r8" \ + org.opencontainers.image.ref.name="2.7.0-debian-11-r9" \ org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/harbor-core" \ org.opencontainers.image.title="harbor-core" \ org.opencontainers.image.vendor="VMware, Inc." \ diff --git a/bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/harbor-core/entrypoint.sh b/bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/harbor-core/entrypoint.sh index 5b166403ea87..6a98580edca1 100755 --- a/bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/harbor-core/entrypoint.sh +++ b/bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/harbor-core/entrypoint.sh @@ -12,7 +12,7 @@ set -o pipefail print_welcome_page -if [[ "$*" = "harbor_core" ]]; then +if [[ "$1" = "/opt/bitnami/scripts/harbor-core/run.sh" ]]; then info "** Starting harbor-core setup **" /opt/bitnami/scripts/harbor-core/setup.sh info "** harbor-core setup finished! **" diff --git a/bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/harbor-core/postunpack.sh b/bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/harbor-core/postunpack.sh index f94c2f2da36d..0c494e54b7bb 100755 --- a/bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/harbor-core/postunpack.sh +++ b/bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/harbor-core/postunpack.sh @@ -27,14 +27,8 @@ for dir in "/etc/core" "/data"; do chown -R "$HARBOR_CORE_DAEMON_USER" "$dir" done -# Fix for CentOS Internal TLS -if [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then - chmod g+w /etc/pki/tls/certs/ca-bundle.crt -fi - -if [[ -f /etc/pki/tls/certs/ca-bundle.trust.crt ]]; then - chmod g+w /etc/pki/tls/certs/ca-bundle.trust.crt -fi +# Ensure permissions for Internal TLS +configure_permissions_system_certs # Add persisted configuration ln -sf "${HARBOR_CORE_VOLUME_DIR}/certificates" /etc/core/certificates diff --git a/bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh b/bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh index 12f60ee61754..ecf190eb4a84 100644 --- a/bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh +++ b/bitnami/harbor-core/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh @@ -38,6 +38,47 @@ get_system_cert_paths() { fi } +######################## +# Ensure CA bundles allows users in root group install new certificate +# Globals: +# OS_FLAVOUR +# Arguments: +# None +# Returns: +# None +######################### +configure_permissions_system_certs() { + local -r owner="${1:-}" + # Debian + set_permissions_ownership "/etc/pki/tls/certs/ca-bundle.crt" "$owner" + # Centos/Phonton + set_permissions_ownership "/etc/pki/tls/certs/ca-bundle.trust.crt" "$owner" + set_permissions_ownership "/etc/ssl/certs/ca-certificates.crt" "$owner" +} + +######################## +# Grant group write permissions to the file provided and change ownership if a the owner argument is set. +# If the path is not a file, then do nothing. +# Globals: +# OS_FLAVOUR +# Arguments: +# $1 - path +# $2 - owner +# Returns: +# None +######################### +set_permissions_ownership() { + local -r path="${1:?path is missing}" + local -r owner="${2:-}" + + if [[ -f "$path" ]]; then + chmod g+w "$path" + if [[ -n "$owner" ]]; then + chown "$owner" "$path" + fi + fi +} + ######################## # Place a given certificate in the correct location for installation # depending on the OS