init: ensure a newline is present before appending certs (PROJQUAY-3881…

…) (#1356) Make sure the script still works when mounting certs as a read-only fs.
quay · Jun 2, 2022 · 8786ef2 · 8786ef2
1 parent f0f31e0
commit 8786ef2
Showing 1 changed file with 38 additions and 30 deletions.
diff --git a/conf/init/certs_install.sh b/conf/init/certs_install.sh
@@ -9,50 +9,58 @@ PYTHONUSERBASE_SITE_PACKAGE=${PYTHONUSERBASE_SITE_PACKAGE:-"$(python -m site --u
 
 cd ${QUAYDIR:-"/quay-registry"}
 
-function ensure_newline() {
-    lastline=$(tail -c 1 $1)
-    if [ "$lastline" != "" ]; then
-	echo >> "$1"
-    fi
-}
-
 # Add the custom LDAP certificate
-if [ -e $QUAYCONFIG/ldap.crt ]
-then
-  cp $QUAYCONFIG/ldap.crt ${SYSTEM_CERTDIR}/ldap.crt
+if [ -e $QUAYCONFIG/ldap.crt ]; then
+    cp $QUAYCONFIG/ldap.crt ${SYSTEM_CERTDIR}/ldap.crt
 fi
 
 # Add extra trusted certificates (as a directory)
 if [ -d $CERTDIR ]; then
-  if test "$(ls -A "$CERTDIR")"; then
-      echo "Installing extra certificates found in $CERTDIR directory"
-      cp $CERTDIR/* ${SYSTEM_CERTDIR}
-
-      CERT_FILES="$CERTDIR/*"
-      for f in $CERT_FILES
-      do
-	  ensure_newline "$f"
-      done
-
-      cat $CERTDIR/* >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
-  fi
+    if test "$(ls -A "$CERTDIR")"; then
+	echo "Installing extra certificates found in $CERTDIR directory"
+	cp $CERTDIR/* ${SYSTEM_CERTDIR}
+
+	CERT_FILES="$CERTDIR/*"
+
+	for f in $CERT_FILES
+	do
+	    lastline=$(tail -c 1 $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem)
+
+	    if [ "$lastline" != "" ]; then
+		echo >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
+	    fi
+
+	    cat $CERTDIR/$f >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
+	done
+    fi
 fi
 
 # Add extra trusted certificates (as a file)
 if [ -f $CERTDIR ]; then
-  echo "Installing extra certificates found in $CERTDIR file"
-  csplit -z -f ${SYSTEM_CERTDIR}/extra-ca- $CERTDIR  '/-----BEGIN CERTIFICATE-----/' '{*}'
-  ensure_newline "$CERTDIR"
-  cat $CERTDIR >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
+    echo "Installing extra certificates found in $CERTDIR file"
+    csplit -z -f ${SYSTEM_CERTDIR}/extra-ca- $CERTDIR  '/-----BEGIN CERTIFICATE-----/' '{*}'
+
+    lastline=$(tail -c 1 $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem)
+
+    if [ "$lastline" != "" ]; then
+	echo >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
+    fi
+
+    cat $CERTDIR >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
 fi
 
 # Add extra trusted certificates (prefixed)
 for f in $(find -L $QUAYCONFIG/ -maxdepth 1 -type f -name "extra_ca*")
 do
- echo "Installing extra cert $f"
- cp "$f" ${SYSTEM_CERTDIR}
- ensure_newline "$f"
- cat "$f" >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
+    echo "Installing extra cert $f"
+    cp "$f" ${SYSTEM_CERTDIR}
+
+    lastline=$(tail -c 1 $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem)
+    if [ "$lastline" != "" ]; then
+	echo >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
+    fi
+
+    cat "$f" >> $PYTHONUSERBASE_SITE_PACKAGE/certifi/cacert.pem
 done
 
 # Update all CA certificates.