Add AGC certificates to CA-certificates when WEBSITES_USE_CLOUD_CERTS…

… is set to true. (#1077) * Update dotnet * Update with conditional * Update install_ca_certs for all --------- Co-authored-by: Cooper Link <cooperlink@microsoft.com>
Azure · May 21, 2024 · 2e03bb7 · 2e03bb7
1 parent 139feb0
commit 2e03bb7
Show file tree

Hide file tree

Showing 22 changed files with 427 additions and 42 deletions.
diff --git a/host/4/bookworm/java/java21/install_ca_certificates.sh b/host/4/bookworm/java/java21/install_ca_certificates.sh
@@ -3,15 +3,33 @@
 # Source and destination directories
 source_dir="/var/ssl/root"
 destination_dir="/usr/local/share/ca-certificates"
+need_certificate_update=false
+
+if [[ "$WEBSITES_INCLUDE_CLOUD_CERTS" == "true" ]]; then
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is set to true."
+    agc_source_dir="/usr/local/azure/certs"
+    if [ "$(ls "$agc_source_dir"/*.crt 2>/dev/null)" ]; then
+      # Copy CA certificates
+      cp "$agc_source_dir"/*.crt "$destination_dir"
+      need_certificate_update=true
+    fi
+else
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is not set to true."
+fi
+
 
 # Check if the source directory has no files with the .crt extension
 if [ "$(ls "$source_dir"/*.crt 2>/dev/null)" ]; then
 
    # Copy CA certificates
    cp "$source_dir"/*.crt "$destination_dir"
 
-   # Run update-ca-certificates command to update the CA certificate store
-   update-ca-certificates
+   need_certificate_update=true
 
    echo "CA certificates copied and updated successfully."
+fi
+
+if $need_certificate_update; then
+   # Run update-ca-certificates command to update the CA certificate store
+   update-ca-certificates
 fi
diff --git a/host/4/bookworm/powershell/powershell74/install_ca_certificates.sh b/host/4/bookworm/powershell/powershell74/install_ca_certificates.sh
@@ -3,15 +3,33 @@
 # Source and destination directories
 source_dir="/var/ssl/root"
 destination_dir="/usr/local/share/ca-certificates"
+need_certificate_update=false
+
+if [[ "$WEBSITES_INCLUDE_CLOUD_CERTS" == "true" ]]; then
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is set to true."
+    agc_source_dir="/usr/local/azure/certs"
+    if [ "$(ls "$agc_source_dir"/*.crt 2>/dev/null)" ]; then
+      # Copy CA certificates
+      cp "$agc_source_dir"/*.crt "$destination_dir"
+      need_certificate_update=true
+    fi
+else
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is not set to true."
+fi
+
 
 # Check if the source directory has no files with the .crt extension
 if [ "$(ls "$source_dir"/*.crt 2>/dev/null)" ]; then
 
    # Copy CA certificates
    cp "$source_dir"/*.crt "$destination_dir"
 
-   # Run update-ca-certificates command to update the CA certificate store
-   update-ca-certificates
+   need_certificate_update=true
 
    echo "CA certificates copied and updated successfully."
+fi
+
+if $need_certificate_update; then
+   # Run update-ca-certificates command to update the CA certificate store
+   update-ca-certificates
 fi
diff --git a/host/4/bullseye/amd64/base/sharedconfig/install_ca_certificates.sh b/host/4/bullseye/amd64/base/sharedconfig/install_ca_certificates.sh
@@ -3,15 +3,33 @@
 # Source and destination directories
 source_dir="/var/ssl/root"
 destination_dir="/usr/local/share/ca-certificates"
+need_certificate_update=false
+
+if [[ "$WEBSITES_INCLUDE_CLOUD_CERTS" == "true" ]]; then
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is set to true."
+    agc_source_dir="/usr/local/azure/certs"
+    if [ "$(ls "$agc_source_dir"/*.crt 2>/dev/null)" ]; then
+      # Copy CA certificates
+      cp "$agc_source_dir"/*.crt "$destination_dir"
+      need_certificate_update=true
+    fi
+else
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is not set to true."
+fi
+
 
 # Check if the source directory has no files with the .crt extension
 if [ "$(ls "$source_dir"/*.crt 2>/dev/null)" ]; then
 
    # Copy CA certificates
    cp "$source_dir"/*.crt "$destination_dir"
 
-   # Run update-ca-certificates command to update the CA certificate store
-   update-ca-certificates
+   need_certificate_update=true
 
    echo "CA certificates copied and updated successfully."
+fi
+
+if $need_certificate_update; then
+   # Run update-ca-certificates command to update the CA certificate store
+   update-ca-certificates
 fi
diff --git a/host/4/bullseye/amd64/dotnet/dotnet-inproc/install_ca_certificates.sh b/host/4/bullseye/amd64/dotnet/dotnet-inproc/install_ca_certificates.sh
@@ -3,15 +3,33 @@
 # Source and destination directories
 source_dir="/var/ssl/root"
 destination_dir="/usr/local/share/ca-certificates"
+need_certificate_update=false
+
+if [[ "$WEBSITES_INCLUDE_CLOUD_CERTS" == "true" ]]; then
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is set to true."
+    agc_source_dir="/usr/local/azure/certs"
+    if [ "$(ls "$agc_source_dir"/*.crt 2>/dev/null)" ]; then
+      # Copy CA certificates
+      cp "$agc_source_dir"/*.crt "$destination_dir"
+      need_certificate_update=true
+    fi
+else
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is not set to true."
+fi
+
 
 # Check if the source directory has no files with the .crt extension
 if [ "$(ls "$source_dir"/*.crt 2>/dev/null)" ]; then
 
    # Copy CA certificates
    cp "$source_dir"/*.crt "$destination_dir"
 
-   # Run update-ca-certificates command to update the CA certificate store
-   update-ca-certificates
+   need_certificate_update=true
 
    echo "CA certificates copied and updated successfully."
+fi
+
+if $need_certificate_update; then
+   # Run update-ca-certificates command to update the CA certificate store
+   update-ca-certificates
 fi
diff --git a/host/4/bullseye/amd64/dotnet/dotnet-isolated/install_ca_certificates.sh b/host/4/bullseye/amd64/dotnet/dotnet-isolated/install_ca_certificates.sh
@@ -3,15 +3,33 @@
 # Source and destination directories
 source_dir="/var/ssl/root"
 destination_dir="/usr/local/share/ca-certificates"
+need_certificate_update=false
+
+if [[ "$WEBSITES_INCLUDE_CLOUD_CERTS" == "true" ]]; then
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is set to true."
+    agc_source_dir="/usr/local/azure/certs"
+    if [ "$(ls "$agc_source_dir"/*.crt 2>/dev/null)" ]; then
+      # Copy CA certificates
+      cp "$agc_source_dir"/*.crt "$destination_dir"
+      need_certificate_update=true
+    fi
+else
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is not set to true."
+fi
+
 
 # Check if the source directory has no files with the .crt extension
 if [ "$(ls "$source_dir"/*.crt 2>/dev/null)" ]; then
 
    # Copy CA certificates
    cp "$source_dir"/*.crt "$destination_dir"
 
-   # Run update-ca-certificates command to update the CA certificate store
-   update-ca-certificates
+   need_certificate_update=true
 
    echo "CA certificates copied and updated successfully."
+fi
+
+if $need_certificate_update; then
+   # Run update-ca-certificates command to update the CA certificate store
+   update-ca-certificates
 fi
diff --git a/host/4/bullseye/amd64/dotnet/dotnet7-isolated/install_ca_certificates.sh b/host/4/bullseye/amd64/dotnet/dotnet7-isolated/install_ca_certificates.sh
@@ -3,15 +3,33 @@
 # Source and destination directories
 source_dir="/var/ssl/root"
 destination_dir="/usr/local/share/ca-certificates"
+need_certificate_update=false
+
+if [[ "$WEBSITES_INCLUDE_CLOUD_CERTS" == "true" ]]; then
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is set to true."
+    agc_source_dir="/usr/local/azure/certs"
+    if [ "$(ls "$agc_source_dir"/*.crt 2>/dev/null)" ]; then
+      # Copy CA certificates
+      cp "$agc_source_dir"/*.crt "$destination_dir"
+      need_certificate_update=true
+    fi
+else
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is not set to true."
+fi
+
 
 # Check if the source directory has no files with the .crt extension
 if [ "$(ls "$source_dir"/*.crt 2>/dev/null)" ]; then
 
    # Copy CA certificates
    cp "$source_dir"/*.crt "$destination_dir"
 
-   # Run update-ca-certificates command to update the CA certificate store
-   update-ca-certificates
+   need_certificate_update=true
 
    echo "CA certificates copied and updated successfully."
+fi
+
+if $need_certificate_update; then
+   # Run update-ca-certificates command to update the CA certificate store
+   update-ca-certificates
 fi
diff --git a/host/4/bullseye/amd64/dotnet/dotnet8-isolated/install_ca_certificates.sh b/host/4/bullseye/amd64/dotnet/dotnet8-isolated/install_ca_certificates.sh
@@ -3,15 +3,33 @@
 # Source and destination directories
 source_dir="/var/ssl/root"
 destination_dir="/usr/local/share/ca-certificates"
+need_certificate_update=false
+
+if [[ "$WEBSITES_INCLUDE_CLOUD_CERTS" == "true" ]]; then
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is set to true."
+    agc_source_dir="/usr/local/azure/certs"
+    if [ "$(ls "$agc_source_dir"/*.crt 2>/dev/null)" ]; then
+      # Copy CA certificates
+      cp "$agc_source_dir"/*.crt "$destination_dir"
+      need_certificate_update=true
+    fi
+else
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is not set to true."
+fi
+
 
 # Check if the source directory has no files with the .crt extension
 if [ "$(ls "$source_dir"/*.crt 2>/dev/null)" ]; then
 
    # Copy CA certificates
    cp "$source_dir"/*.crt "$destination_dir"
 
-   # Run update-ca-certificates command to update the CA certificate store
-   update-ca-certificates
+   need_certificate_update=true
 
    echo "CA certificates copied and updated successfully."
+fi
+
+if $need_certificate_update; then
+   # Run update-ca-certificates command to update the CA certificate store
+   update-ca-certificates
 fi
diff --git a/host/4/bullseye/amd64/java/java11/install_ca_certificates.sh b/host/4/bullseye/amd64/java/java11/install_ca_certificates.sh
@@ -3,15 +3,33 @@
 # Source and destination directories
 source_dir="/var/ssl/root"
 destination_dir="/usr/local/share/ca-certificates"
+need_certificate_update=false
+
+if [[ "$WEBSITES_INCLUDE_CLOUD_CERTS" == "true" ]]; then
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is set to true."
+    agc_source_dir="/usr/local/azure/certs"
+    if [ "$(ls "$agc_source_dir"/*.crt 2>/dev/null)" ]; then
+      # Copy CA certificates
+      cp "$agc_source_dir"/*.crt "$destination_dir"
+      need_certificate_update=true
+    fi
+else
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is not set to true."
+fi
+
 
 # Check if the source directory has no files with the .crt extension
 if [ "$(ls "$source_dir"/*.crt 2>/dev/null)" ]; then
 
    # Copy CA certificates
    cp "$source_dir"/*.crt "$destination_dir"
 
-   # Run update-ca-certificates command to update the CA certificate store
-   update-ca-certificates
+   need_certificate_update=true
 
    echo "CA certificates copied and updated successfully."
+fi
+
+if $need_certificate_update; then
+   # Run update-ca-certificates command to update the CA certificate store
+   update-ca-certificates
 fi
diff --git a/host/4/bullseye/amd64/java/java17/install_ca_certificates.sh b/host/4/bullseye/amd64/java/java17/install_ca_certificates.sh
@@ -3,15 +3,33 @@
 # Source and destination directories
 source_dir="/var/ssl/root"
 destination_dir="/usr/local/share/ca-certificates"
+need_certificate_update=false
+
+if [[ "$WEBSITES_INCLUDE_CLOUD_CERTS" == "true" ]]; then
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is set to true."
+    agc_source_dir="/usr/local/azure/certs"
+    if [ "$(ls "$agc_source_dir"/*.crt 2>/dev/null)" ]; then
+      # Copy CA certificates
+      cp "$agc_source_dir"/*.crt "$destination_dir"
+      need_certificate_update=true
+    fi
+else
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is not set to true."
+fi
+
 
 # Check if the source directory has no files with the .crt extension
 if [ "$(ls "$source_dir"/*.crt 2>/dev/null)" ]; then
 
    # Copy CA certificates
    cp "$source_dir"/*.crt "$destination_dir"
 
-   # Run update-ca-certificates command to update the CA certificate store
-   update-ca-certificates
+   need_certificate_update=true
 
    echo "CA certificates copied and updated successfully."
+fi
+
+if $need_certificate_update; then
+   # Run update-ca-certificates command to update the CA certificate store
+   update-ca-certificates
 fi
diff --git a/host/4/bullseye/amd64/java/java8/install_ca_certificates.sh b/host/4/bullseye/amd64/java/java8/install_ca_certificates.sh
@@ -3,15 +3,33 @@
 # Source and destination directories
 source_dir="/var/ssl/root"
 destination_dir="/usr/local/share/ca-certificates"
+need_certificate_update=false
+
+if [[ "$WEBSITES_INCLUDE_CLOUD_CERTS" == "true" ]]; then
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is set to true."
+    agc_source_dir="/usr/local/azure/certs"
+    if [ "$(ls "$agc_source_dir"/*.crt 2>/dev/null)" ]; then
+      # Copy CA certificates
+      cp "$agc_source_dir"/*.crt "$destination_dir"
+      need_certificate_update=true
+    fi
+else
+    echo "WEBSITES_INCLUDE_CLOUD_CERTS is not set to true."
+fi
+
 
 # Check if the source directory has no files with the .crt extension
 if [ "$(ls "$source_dir"/*.crt 2>/dev/null)" ]; then
 
    # Copy CA certificates
    cp "$source_dir"/*.crt "$destination_dir"
 
-   # Run update-ca-certificates command to update the CA certificate store
-   update-ca-certificates
+   need_certificate_update=true
 
    echo "CA certificates copied and updated successfully."
+fi
+
+if $need_certificate_update; then
+   # Run update-ca-certificates command to update the CA certificate store
+   update-ca-certificates
 fi