From cfacd07ea6bec8ed252f463fa7f20bd22436adaf Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 19 Jul 2024 11:09:07 +0200 Subject: [PATCH 1/3] fix: improve cert selection in 99-log-config.sh Signed-off-by: Robert Waffen --- puppetserver/docker-entrypoint.d/99-log-config.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/puppetserver/docker-entrypoint.d/99-log-config.sh b/puppetserver/docker-entrypoint.d/99-log-config.sh index cc72c47f..ee7d1c9f 100755 --- a/puppetserver/docker-entrypoint.d/99-log-config.sh +++ b/puppetserver/docker-entrypoint.d/99-log-config.sh @@ -13,7 +13,10 @@ if [ -n "${CERTNAME}" ]; then certname=${CERTNAME}.pem else echo "* CERTNAME: unset" - certname=$(cd "${SSLDIR}/certs" && ls *.pem | grep --invert-match ca.pem) + certname=$(cd "${SSLDIR}/certs" && find * -type f -name '*.pem' ! -name ca.pem -print0 | xargs -0 ls -1tr | head -n 1) + if [ -z "${certname}" ]; then + echo "WARNING: No certificates found in ${SSLDIR}/certs! Please set CERTNAME!" + fi fi echo "* PUPPETSERVER_PORT: '${PUPPETSERVER_PORT:-8140}'" @@ -29,6 +32,8 @@ if [ -f "${SSLDIR}/certs/ca.pem" ]; then openssl x509 -subject -issuer -text -noout -in "${SSLDIR}/certs/ca.pem" $altnames fi -echo "Certificate ${certname}:" -# shellcheck disable=SC2086 # $altnames shouldn't be quoted -openssl x509 -subject -issuer -text -noout -in "${SSLDIR}/certs/${certname}" $altnames +if [ -n "${certname}" ]; then + echo "Certificate ${certname}:" + # shellcheck disable=SC2086 # $altnames shouldn't be quoted + openssl x509 -subject -issuer -text -noout -in "${SSLDIR}/certs/${certname}" $altnames +fi From 7980c4d04ff973c911c51f8ddbaedd06ec4cc53f Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 19 Jul 2024 11:48:18 +0200 Subject: [PATCH 2/3] add comment Signed-off-by: Robert Waffen --- puppetserver/docker-entrypoint.d/99-log-config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppetserver/docker-entrypoint.d/99-log-config.sh b/puppetserver/docker-entrypoint.d/99-log-config.sh index ee7d1c9f..49bc9695 100755 --- a/puppetserver/docker-entrypoint.d/99-log-config.sh +++ b/puppetserver/docker-entrypoint.d/99-log-config.sh @@ -12,7 +12,7 @@ if [ -n "${CERTNAME}" ]; then echo "* CERTNAME: '${CERTNAME}'" certname=${CERTNAME}.pem else - echo "* CERTNAME: unset" + echo "* CERTNAME: unset, try to use the oldest certificate in the certs directory, because this might be the one that was used initially." certname=$(cd "${SSLDIR}/certs" && find * -type f -name '*.pem' ! -name ca.pem -print0 | xargs -0 ls -1tr | head -n 1) if [ -z "${certname}" ]; then echo "WARNING: No certificates found in ${SSLDIR}/certs! Please set CERTNAME!" From cf78be565e4971b7200da5b80b1e7ed810279a43 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 19 Jul 2024 12:49:45 +0200 Subject: [PATCH 3/3] Update puppetserver/docker-entrypoint.d/99-log-config.sh Co-authored-by: Tim Meusel --- puppetserver/docker-entrypoint.d/99-log-config.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppetserver/docker-entrypoint.d/99-log-config.sh b/puppetserver/docker-entrypoint.d/99-log-config.sh index 49bc9695..b76ae6a8 100755 --- a/puppetserver/docker-entrypoint.d/99-log-config.sh +++ b/puppetserver/docker-entrypoint.d/99-log-config.sh @@ -12,7 +12,7 @@ if [ -n "${CERTNAME}" ]; then echo "* CERTNAME: '${CERTNAME}'" certname=${CERTNAME}.pem else - echo "* CERTNAME: unset, try to use the oldest certificate in the certs directory, because this might be the one that was used initially." + echo "* CERTNAME: unset, try to use the oldest certificate in the certs directory, because this might be the one that was used initially." certname=$(cd "${SSLDIR}/certs" && find * -type f -name '*.pem' ! -name ca.pem -print0 | xargs -0 ls -1tr | head -n 1) if [ -z "${certname}" ]; then echo "WARNING: No certificates found in ${SSLDIR}/certs! Please set CERTNAME!"