From 03f785e953ae1e7d6025244ef0ebb28958c1817f Mon Sep 17 00:00:00 2001
From: Li Zhu
Date: Mon, 11 Jul 2022 13:04:13 -0400
Subject: [PATCH] Debian - Fix update ca certs command
Correct update ca certs command for Debian.
Test Plan:
Verify: Bootstrap and adding a Subcloud on Debian
Verify: Bootstrap and adding a Subcloud on Centos
Story: 2010119
Task: 45763
Signed-off-by: Li Zhu
Change-Id: I4a9d2758ce012557fad4a19b49aa9b5bfe4f1680
---
.../controllerconfig/scripts/controller_config | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/controllerconfig/controllerconfig/scripts/controller_config b/controllerconfig/controllerconfig/scripts/controller_config
index b3f7b74170..1a572cc0db 100755
--- a/controllerconfig/controllerconfig/scripts/controller_config
+++ b/controllerconfig/controllerconfig/scripts/controller_config
@@ -34,6 +34,15 @@ IMA_POLICY=/etc/ima.policy
PUPPET_CACHE=/etc/puppet/cache
PUPPET_CACHE_TMP=/etc/puppet/cache.tmp
ACTIVE_CONTROLLER_NOT_FOUND_FLAG="/var/run/.active_controller_not_found"
+CERT_DIR=/etc/pki/ca-trust/source/anchors
+
+OS_ID=$(grep '^ID=' /etc/os-release | cut -f2- -d= | sed -e 's/\"//g')
+if [ "$OS_ID" == "debian" ]
+then
+ UPDATE_CA_CMD="update-ca-certificates --localcertsdir ${CERT_DIR}"
+else
+ UPDATE_CA_CMD="update-ca-trust extract"
+fi
fatal_error()
{
@@ -404,13 +413,13 @@ start()
if [ -e $CONFIG_DIR/dc-adminep-root-ca.crt ]
then
- cp $CONFIG_DIR/dc-adminep-root-ca.crt /etc/pki/ca-trust/source/anchors/
+ cp $CONFIG_DIR/dc-adminep-root-ca.crt $CERT_DIR
if [ $? -ne 0 ]
then
fatal_error "Unable to copy $CONFIG_DIR/dc-adminep-root-ca.crt to certificates dir"
fi
# Update system trusted CA cert list with the new CA cert.
- update-ca-trust extract
+ $UPDATE_CA_CMD
if [ $? -ne 0 ]
then
fatal_error "Unable to update system trusted CA certificate list"