From bf1ddd6b47d7a1c570941ec7816f82fd327a9b75 Mon Sep 17 00:00:00 2001 From: Mirza Krak Date: Wed, 7 Aug 2019 13:02:42 +0000 Subject: [PATCH 1/3] only install servert.crt.demo if --demo-host-ip/-i is set --demo-host-ip/-i would imply that the intention is to use the demo server, otherwise we do not not want to install the demo certificate. Changelog: Title Signed-off-by: Mirza Krak (cherry picked from commit 4bd03ecc0a6a482fdd5c6f8a96e5ba5b33e90b03) --- convert-stage-4.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/convert-stage-4.sh b/convert-stage-4.sh index 5aa323e..b4bfcb6 100755 --- a/convert-stage-4.sh +++ b/convert-stage-4.sh @@ -180,17 +180,16 @@ install_files() { sudo sh -c -e "echo artifact_name=${artifact_name} > ${primary_dir}/${sysconfdir}/artifact_info"; fi - # Set demo server + # Set demo server and install demo certificate if [ -n "${demo_host_ip}" ]; then sudo sh -c -e "echo '$demo_host_ip docker.mender.io s3.docker.mender.io' >> $primary_dir/etc/hosts"; jq_inplace '.ServerURL = \"https://docker.mender.io\"' ${primary_dir}/${sysconfdir}/mender.conf + sudo install -m 0444 ${mender_dir}/server.demo.crt ${primary_dir}/${sysconfdir}/server.crt fi - # Install provided or demo certificate + # Install provided if [ -n "${server_cert}" ]; then sudo install -m 0444 ${server_cert} ${primary_dir}/${sysconfdir}/server.crt - else - sudo install -m 0444 ${mender_dir}/server.demo.crt ${primary_dir}/${sysconfdir}/server.crt fi } From 260062ea1b29f12fd1c473f62323c60babc50733 Mon Sep 17 00:00:00 2001 From: Mirza Krak Date: Wed, 7 Aug 2019 13:05:01 +0000 Subject: [PATCH 2/3] add ServerCertificate entry in mender.conf if servert.crt was installed MEN-2640 Changelog: Title Based on work from: Signed-off-by: Yevgeniy Nurseitov Signed-off-by: Mirza Krak (cherry picked from commit d5e861b052e5f510dbe5dd78db81f49af8000245) --- convert-stage-4.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/convert-stage-4.sh b/convert-stage-4.sh index b4bfcb6..da3fc49 100755 --- a/convert-stage-4.sh +++ b/convert-stage-4.sh @@ -191,6 +191,10 @@ install_files() { if [ -n "${server_cert}" ]; then sudo install -m 0444 ${server_cert} ${primary_dir}/${sysconfdir}/server.crt fi + + if [ -e "${primary_dir}/${sysconfdir}/server.crt" ]; then + jq_inplace '.ServerCertificate = \"'${primary_dir}'/'${sysconfdir}'/server.crt\"' ${primary_dir}/${sysconfdir}/mender.conf + fi } do_install_mender() { From 5339d1f23345b08560c72866a0596d56eba35fbe Mon Sep 17 00:00:00 2001 From: Mirza Krak Date: Thu, 8 Aug 2019 08:25:53 +0000 Subject: [PATCH 3/3] fix variable expansions for /etc/mender/servert.crt path Currently the code expands to the following in mender.conf: /mender-convert/output/sdimg/primary/etc/mender/server.crt ${primary_dir} should be dropped from assignment Fixes: d5e861b052e5 ("add ServerCertificate entry in mender.conf if servert.crt was installed") Changelog: None Signed-off-by: Mirza Krak (cherry picked from commit c10d2ade06e039b9063edb5c1105b9a43e773642) --- convert-stage-4.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/convert-stage-4.sh b/convert-stage-4.sh index da3fc49..c6b9031 100755 --- a/convert-stage-4.sh +++ b/convert-stage-4.sh @@ -193,7 +193,7 @@ install_files() { fi if [ -e "${primary_dir}/${sysconfdir}/server.crt" ]; then - jq_inplace '.ServerCertificate = \"'${primary_dir}'/'${sysconfdir}'/server.crt\"' ${primary_dir}/${sysconfdir}/mender.conf + jq_inplace '.ServerCertificate = \"/'${sysconfdir}'/server.crt\"' ${primary_dir}/${sysconfdir}/mender.conf fi }