From f55aba8437150dbda09892715b9ac04fe3cd359a Mon Sep 17 00:00:00 2001
From: Bitnami Bot <bitnami-bot@vmware.com>
Date: Wed, 20 Mar 2024 20:46:34 +0100
Subject: [PATCH] [bitnami/ejbca] Release 8.2.0-1-debian-12-r10 (#63960)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
---
 bitnami/ejbca/8/debian-12/Dockerfile            |  4 ++--
 .../rootfs/opt/bitnami/scripts/ejbca-env.sh     |  2 ++
 .../opt/bitnami/scripts/ejbca/entrypoint.sh     |  2 ++
 .../opt/bitnami/scripts/ejbca/postunpack.sh     | 17 ++++++++++++++++-
 bitnami/ejbca/README.md                         |  2 ++
 5 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/bitnami/ejbca/8/debian-12/Dockerfile b/bitnami/ejbca/8/debian-12/Dockerfile
index 3c5fb2a0cfa6..7a8c29f775ca 100644
--- a/bitnami/ejbca/8/debian-12/Dockerfile
+++ b/bitnami/ejbca/8/debian-12/Dockerfile
@@ -8,10 +8,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
-      org.opencontainers.image.created="2024-03-20T11:45:41Z" \
+      org.opencontainers.image.created="2024-03-20T18:43:09Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="8.2.0-1-debian-12-r9" \
+      org.opencontainers.image.ref.name="8.2.0-1-debian-12-r10" \
       org.opencontainers.image.title="ejbca" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="8.2.0-1"
diff --git a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca-env.sh b/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca-env.sh
index 8e55258243d3..2709f03a9613 100644
--- a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca-env.sh
+++ b/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca-env.sh
@@ -86,6 +86,8 @@ export EJBCA_EAR_FILE="${EJBCA_BASE_DIR}/dist/ejbca.ear"
 export EJBCA_WILDFLY_BASE_DIR="${BITNAMI_ROOT_DIR}/wildfly"
 export EJBCA_WILDFLY_STANDALONE_DIR="${EJBCA_WILDFLY_BASE_DIR}/standalone"
 export EJBCA_WILDFLY_DEFAULT_STANDALONE_DIR="${EJBCA_WILDFLY_BASE_DIR}/standalone.default"
+export EJBCA_WILDFLY_DOMAIN_DIR="${EJBCA_WILDFLY_BASE_DIR}/domain"
+export EJBCA_WILDFLY_DEFAULT_DOMAIN_DIR="${EJBCA_WILDFLY_BASE_DIR}/domain.default"
 export EJBCA_WILDFLY_TMP_DIR="${EJBCA_WILDFLY_BASE_DIR}/tmp"
 export EJBCA_WILDFLY_BIN_DIR="${EJBCA_WILDFLY_BASE_DIR}/bin"
 export EJBCA_WILDFLY_CONF_DIR="${EJBCA_WILDFLY_STANDALONE_DIR}/configuration"
diff --git a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/entrypoint.sh b/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/entrypoint.sh
index 868dd4c7197a..bcf959671053 100755
--- a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/entrypoint.sh
+++ b/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/entrypoint.sh
@@ -26,6 +26,8 @@ debug "Copying files from $EJBCA_DEFAULT_CONF_DIR to $EJBCA_CONF_DIR"
 cp -nr "$EJBCA_DEFAULT_CONF_DIR"/. "$EJBCA_CONF_DIR" || true
 debug "Copying files from $EJBCA_WILDFLY_DEFAULT_STANDALONE_DIR to $EJBCA_WILDFLY_STANDALONE_DIR"
 cp -nr "$EJBCA_WILDFLY_DEFAULT_STANDALONE_DIR"/. "$EJBCA_WILDFLY_STANDALONE_DIR" || true
+debug "Copying files from $EJBCA_WILDFLY_DEFAULT_DOMAIN_DIR to $EJBCA_WILDFLY_DOMAIN_DIR"
+cp -nr "$EJBCA_WILDFLY_DEFAULT_DOMAIN_DIR"/. "$EJBCA_WILDFLY_DOMAIN_DIR" || true
 
 if [[ "$*" = *"/opt/bitnami/scripts/ejbca/run.sh"* ]]; then
     info "** Starting ejbca setup **"
diff --git a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/postunpack.sh b/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/postunpack.sh
index 3c785ab0a676..2748969a77b3 100755
--- a/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/postunpack.sh
+++ b/bitnami/ejbca/8/debian-12/rootfs/opt/bitnami/scripts/ejbca/postunpack.sh
@@ -21,10 +21,25 @@ ensure_user_exists "$EJBCA_DAEMON_USER" --group "$EJBCA_DAEMON_GROUP" --system
 
 for dir in "$EJBCA_BASE_DIR" "$EJBCA_WILDFLY_BASE_DIR"  "$EJBCA_TMP_DIR" "$EJBCA_VOLUME_DIR" \
            "$EJBCA_WILDFLY_VOLUME_DIR" "${EJBCA_WILDFLY_STANDALONE_DIR}" "${EJBCA_WILDFLY_DEFAULT_STANDALONE_DIR}" \
-           "${EJBCA_CONF_DIR}" "${EJBCA_DEFAULT_CONF_DIR}" "${EJBCA_WILDFLY_BASE_DIR}/domain" "$EJBCA_WILDFLY_TMP_DIR"; do
+           "${EJBCA_CONF_DIR}" "${EJBCA_DEFAULT_CONF_DIR}" "${EJBCA_WILDFLY_DOMAIN_DIR}" "${EJBCA_WILDFLY_DEFAULT_DOMAIN_DIR}" "${EJBCA_WILDFLY_BASE_DIR}/domain" "$EJBCA_WILDFLY_TMP_DIR"; do
     ensure_dir_exists "$dir"
     chmod -R g+rwX "$dir"
     chown -R "${EJBCA_DAEMON_USER}:root" "$dir"
 done
 
 chmod g+rw "$EJBCA_WILDFLY_STANDALONE_CONF_FILE"
+
+# Copy all initially generated configuration files and standalone to the default directory
+# (this is to avoid breaking when entrypoint is being overridden)
+cp -r "$EJBCA_CONF_DIR"/* "$EJBCA_DEFAULT_CONF_DIR"
+cp -r "$EJBCA_WILDFLY_STANDALONE_DIR"/* "$EJBCA_WILDFLY_DEFAULT_STANDALONE_DIR"
+cp -r "$EJBCA_WILDFLY_DOMAIN_DIR"/* "$EJBCA_WILDFLY_DEFAULT_DOMAIN_DIR"
+
+# In order to make the container work with non-root group we need to make
+# a set of files writable by "other", as by default are owned by wildfly:root
+chmod o+rX -R "${EJBCA_DEFAULT_CONF_DIR}"/*
+chmod o+rX -R "${EJBCA_WILDFLY_DEFAULT_STANDALONE_DIR}"/*
+chmod o+rX -R "${EJBCA_WILDFLY_DEFAULT_DOMAIN_DIR}"/*
+chmod o+r "$EJBCA_BIN_DIR"/*
+chmod o+r "$EJBCA_DATABASE_SCRIPTS_DIR"/*
+chmod o+x "$EJBCA_BIN_DIR"/*.sh
\ No newline at end of file
diff --git a/bitnami/ejbca/README.md b/bitnami/ejbca/README.md
index dabf9c487c44..ce212fbad148 100644
--- a/bitnami/ejbca/README.md
+++ b/bitnami/ejbca/README.md
@@ -193,6 +193,8 @@ You can also do this with a minor change to the [`docker-compose.yml`](https://g
 | `EJBCA_WILDFLY_BASE_DIR`                 | Wildfly base directory.                          | `${BITNAMI_ROOT_DIR}/wildfly`                                                                                                                                                                |
 | `EJBCA_WILDFLY_STANDALONE_DIR`           | Wildfly standalone directory.                    | `${EJBCA_WILDFLY_BASE_DIR}/standalone`                                                                                                                                                       |
 | `EJBCA_WILDFLY_DEFAULT_STANDALONE_DIR`   | Wildfly default standalone directory.            | `${EJBCA_WILDFLY_BASE_DIR}/standalone.default`                                                                                                                                               |
+| `EJBCA_WILDFLY_DOMAIN_DIR`               | Wildfly domain directory.                        | `${EJBCA_WILDFLY_BASE_DIR}/domain`                                                                                                                                                           |
+| `EJBCA_WILDFLY_DEFAULT_DOMAIN_DIR`       | Wildfly default domain directory.                | `${EJBCA_WILDFLY_BASE_DIR}/domain.default`                                                                                                                                                   |
 | `EJBCA_WILDFLY_TMP_DIR`                  | Wildfly temporal directory                       | `${EJBCA_WILDFLY_BASE_DIR}/tmp`                                                                                                                                                              |
 | `EJBCA_WILDFLY_BIN_DIR`                  | Wildfly bin directory                            | `${EJBCA_WILDFLY_BASE_DIR}/bin`                                                                                                                                                              |
 | `EJBCA_WILDFLY_CONF_DIR`                 | Wildfly configuration directory                  | `${EJBCA_WILDFLY_STANDALONE_DIR}/configuration`                                                                                                                                              |