Merge pull request #4 from vyaghras/adding_certificate

certs: link host certs if present
bottlerocket-os · Feb 4, 2025 · b4ece9d · b4ece9d
2 parents 3b4205b + 033f9fa
commit b4ece9d
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/bootstrap-script.sh b/bootstrap-script.sh
@@ -2,6 +2,19 @@
 
 set -xeuo pipefail
 
+declare -r HOST_CERTS="/.bottlerocket/certs"
+
+# Link host certs if present into container & run update-ca-trust
+link_host_certs() {
+  for cert in $(ls -1 "${HOST_CERTS}"); do
+    ln -s "${HOST_CERTS}/${cert}" "/etc/pki/ca-trust/source/anchors/${cert}"
+  done
+  # Update the CA trust to pickup the new certificates
+  update-ca-trust
+}
+
+[[ -d "${HOST_CERTS}" ]] && link_host_certs
+
 # Full path to the base64-encoded user data
 USER_DATA_PATH='/.bottlerocket/bootstrap-containers/current/user-data'