Merge pull request #96 from voxpupuli/90-certfile-selection-fails-if-…

…multiple-certificates-do-exist fix: improve cert selection in 99-log-config.sh
voxpupuli · Jul 19, 2024 · 09cff3e · 09cff3e
2 parents 2b0edf7 + cf78be5
commit 09cff3e
Showing 1 changed file with 10 additions and 5 deletions.
diff --git a/puppetserver/docker-entrypoint.d/99-log-config.sh b/puppetserver/docker-entrypoint.d/99-log-config.sh
@@ -12,8 +12,11 @@ if [ -n "${CERTNAME}" ]; then
   echo "* CERTNAME: '${CERTNAME}'"
   certname=${CERTNAME}.pem
 else
-  echo "* CERTNAME: unset"
-  certname=$(cd "${SSLDIR}/certs" && ls *.pem | grep --invert-match ca.pem)
+  echo "* CERTNAME: unset, try to use the oldest certificate in the certs directory, because this might be the one that was used initially."
+  certname=$(cd "${SSLDIR}/certs" && find * -type f -name '*.pem' ! -name ca.pem -print0 | xargs -0 ls -1tr | head -n 1)
+  if [ -z "${certname}" ]; then
+    echo "WARNING: No certificates found in ${SSLDIR}/certs! Please set CERTNAME!"
+  fi
 fi
 
 echo "* PUPPETSERVER_PORT: '${PUPPETSERVER_PORT:-8140}'"
@@ -29,6 +32,8 @@ if [ -f "${SSLDIR}/certs/ca.pem" ]; then
   openssl x509 -subject -issuer -text -noout -in "${SSLDIR}/certs/ca.pem" $altnames
 fi
 
-echo "Certificate ${certname}:"
-# shellcheck disable=SC2086 # $altnames shouldn't be quoted
-openssl x509 -subject -issuer -text -noout -in "${SSLDIR}/certs/${certname}" $altnames
+if [ -n "${certname}" ]; then
+  echo "Certificate ${certname}:"
+  # shellcheck disable=SC2086 # $altnames shouldn't be quoted
+  openssl x509 -subject -issuer -text -noout -in "${SSLDIR}/certs/${certname}" $altnames
+fi