From ca8e0070b14793c0f9b90380e7e43b5c294c7089 Mon Sep 17 00:00:00 2001
From: Maximilian Geberl <48486938+dergeberl@users.noreply.github.com>
Date: Mon, 12 Aug 2024 11:24:38 +0200
Subject: [PATCH] Fix CABundle for flatcar (#92)

* Add flatcar support for update-local-ca-certificates.sh

* Update unit tests for update-local-ca-certificates.sh
---
 .../components/rootcertificates/component_test.go   | 13 +++++++++++--
 .../scripts/update-local-ca-certificates.tpl.sh     | 13 +++++++++++--
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/pkg/component/extensions/operatingsystemconfig/original/components/rootcertificates/component_test.go b/pkg/component/extensions/operatingsystemconfig/original/components/rootcertificates/component_test.go
index 695a8b944a8..d2af752da27 100644
--- a/pkg/component/extensions/operatingsystemconfig/original/components/rootcertificates/component_test.go
+++ b/pkg/component/extensions/operatingsystemconfig/original/components/rootcertificates/component_test.go
@@ -92,9 +92,18 @@ if [[ -f "/etc/debian_version" ]]; then
     fi
     # localcertsdir is supported on Debian based OS only
     /usr/sbin/update-ca-certificates --fresh --localcertsdir "/var/lib/ca-certificates-local"
-else
-    /usr/sbin/update-ca-certificates --fresh
+    exit
 fi
+
+if grep -q flatcar "/etc/os-release"; then
+    # Flatcar needs the file in /etc/ssl/certs/ with .pem file extension
+    cp "/var/lib/ca-certificates-local/ROOTcerts.crt" /etc/ssl/certs/ROOTcerts.pem
+    # Flatcar do not support --fresh
+    /usr/sbin/update-ca-certificates
+    exit
+fi
+
+/usr/sbin/update-ca-certificates --fresh
 `)),
 						},
 					},
diff --git a/pkg/component/extensions/operatingsystemconfig/original/components/rootcertificates/templates/scripts/update-local-ca-certificates.tpl.sh b/pkg/component/extensions/operatingsystemconfig/original/components/rootcertificates/templates/scripts/update-local-ca-certificates.tpl.sh
index 74356e9f662..6a8546a0b91 100644
--- a/pkg/component/extensions/operatingsystemconfig/original/components/rootcertificates/templates/scripts/update-local-ca-certificates.tpl.sh
+++ b/pkg/component/extensions/operatingsystemconfig/original/components/rootcertificates/templates/scripts/update-local-ca-certificates.tpl.sh
@@ -13,6 +13,15 @@ if [[ -f "/etc/debian_version" ]]; then
     fi
     # localcertsdir is supported on Debian based OS only
     /usr/sbin/update-ca-certificates --fresh --localcertsdir "{{ .pathLocalSSLCerts }}"
-else
-    /usr/sbin/update-ca-certificates --fresh
+    exit
 fi
+
+if grep -q flatcar "/etc/os-release"; then
+    # Flatcar needs the file in /etc/ssl/certs/ with .pem file extension
+    cp "{{ .pathLocalSSLCerts }}/ROOTcerts.crt" /etc/ssl/certs/ROOTcerts.pem
+    # Flatcar do not support --fresh
+    /usr/sbin/update-ca-certificates
+    exit
+fi
+
+/usr/sbin/update-ca-certificates --fresh