always ship the egi-trustanchors repo, script to ease CA installation

indigo-iam · Jun 28, 2024 · 038e30d · 038e30d
1 parent 2cb9b46
commit 038e30d
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -34,6 +34,8 @@ RUN yum -y install openldap openldap-clients openssl git which hostname epel-rel
       yum clean all && \
       rm -rf /var/cache/yum
 
+COPY egi-trustanchors.repo /etc/yum.repos.d/
+COPY init-certificates.sh /usr/local/bin/init-certificates.sh
 
 ENV TINI_VERSION v0.18.0
 ENV REQUESTS_CA_BUNDLE /etc/pki/tls/cert.pem

diff --git a/docker/egi-trustanchors.repo b/docker/egi-trustanchors.repo
@@ -0,0 +1,6 @@
+[EGI-trustanchors]
+name=EGI-trustanchors
+baseurl=https://repository.egi.eu/sw/production/cas/1/current/
+gpgkey=https://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3
+gpgcheck=1
+enabled=1
diff --git a/docker/init-certificates.sh b/docker/init-certificates.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e
+
+function install_igtf_ca() {
+  yum install -y ca-policy-egi-core
+  cp /etc/grid-security/certificates/*.pem /etc/pki/ca-trust/source/anchors/
+  update-ca-trust
+}
+
+if [ $UID = 0 ]; then
+  install_igtf_ca
+  exit $?
+fi
+
+sudo $0