search

rstudio / helm

Helm Resources for RStudio Products
MIT License
36 stars 28 forks source link

RSW chart CA trust is Ubuntu specific #456

Closed lachlansimpson closed 8 months ago

lachlansimpson commented 10 months ago

Hi Team,

The CA Trust action here is Ubuntu specific:

https://github.com/rstudio/helm/blob/9cfdd30f1a1aad5641b7eb04ef71ed746ae05657/charts/rstudio-workbench/prestart-launcher.bash#L41-L42

@jeffvroom has provided an example for a broader range of OSes:

PLATFORM=$(grep ^ID= /etc/os-release | sed 's/ID=//' | sed 's/\"//g')

get_ca_cert_install_dir() {
  case ${PLATFORM} in
    *centos*|*rhel*|*amazonlinux*)
       echo "/etc/pki/ca-trust/source/anchors/";;
    *ubuntu*|*debian*|bionic|xenial|focal|jammy)
       echo "/usr/local/share/ca-certificates/";;
    *opensuse* | *sles*)
       echo "/usr/share/pki/trust/anchors/";;
    *)
       echo "No ca cert install dir registered for platform: ${PLATFORM}"
      ;;
  esac
}

install_test_ca_cert() {
  echo "Installing rsTestCA.crt as a system root CA"
  case ${PLATFORM} in
    *centos*|*rhel*|*amazonlinux*)
       sudo cp /tmp/common/certs/rsTestCA.crt /etc/pki/ca-trust/source/anchors/rsTestCA.crt
       sudo update-ca-trust;;
    *ubuntu*|*debian*|bionic|xenial|focal|jammy)
       sudo cp /tmp/common/certs/rsTestCA.crt /usr/local/share/ca-certificates/rsTestCA.crt
       sudo update-ca-certificates;;
    *opensuse* | *sles*)
       sudo cp /tmp/common/certs/rsTestCA.crt /usr/share/pki/trust/anchors/rsTestCA.crt
       # SUSE bug causes update-ca-certificates to unexpectedly fail so we temporarily disable
       # exiting on errors and try it twice with debug messaging
       # Bug: https://bugzilla.suse.com/show_bug.cgi?id=1124198
       set +e
       echo "First attempt at update-ca-certificates..."
       if sudo update-ca-certificates -v; then
          set -e
          echo "Success!"
       else
          set -e
          echo "Failed! Trying again..."
          sudo update-ca-certificates -v
       fi;;
    *)
      1>&2 echo "No rule for installing CA certs on platform: ${PLATFORM}"
      return 1
      ;;
  esac
}

This comes via ticket #99320

colearendt commented 10 months ago

This is awesome! Related to #453

colearendt commented 8 months ago

Closed in #453 and related to #467