From 09f66916150c7da599ae3240c4b3c08e957d85c1 Mon Sep 17 00:00:00 2001
From: Chris Hyzer <mchyzer@isc.upenn.edu>
Date: Sat, 11 Jun 2022 16:04:03 -0400
Subject: [PATCH] GRP-4104: anchor certs need to be copied to
 /etc/pki/ca-trust/source/anchors before running anchor cert command

---
 .../usr-local-bin/librarySetupFilesTomcat.sh    | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/container_files/usr-local-bin/librarySetupFilesTomcat.sh b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
index 54dabbd2..ad6d73a0 100644
--- a/container_files/usr-local-bin/librarySetupFilesTomcat.sh
+++ b/container_files/usr-local-bin/librarySetupFilesTomcat.sh
@@ -249,6 +249,15 @@ setupFilesTomcat_sslCertsAnchors() {
       if [ "$amiroot" = "root" ]; then
     
         echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) There are anchor certs in /opt/grouper/certs/anchors/ to process"
+        
+        /usr/bin/cp -v /opt/grouper/certs/anchors/* /etc/pki/ca-trust/source/anchors
+        returnCode=$?
+        echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) /usr/bin/cp -v /opt/grouper/certs/anchors/* /etc/pki/ca-trust/source/anchors , result=$returnCode"
+        if [ $returnCode != 0 ]
+        then
+          exit $returnCode
+        fi  
+        
         /bin/update-ca-trust
         returnCode=$?
         echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) /bin/update-ca-trust , result=$returnCode"
@@ -271,9 +280,9 @@ setupFilesTomcat_sslCertsClient() {
 
     if [ -n "$(ls -A /opt/grouper/certs/client/*.pem 2>/dev/null)" ]; then
 
-      chmod +w /usr/lib/jvm/java/jre/lib/security/cacerts
+      chmod u+w /usr/lib/jvm/java/jre/lib/security/cacerts
       returnCode=$?
-      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) chmod +w /usr/lib/jvm/java/jre/lib/security/cacerts , result=$returnCode"
+      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) chmod u+w /usr/lib/jvm/java/jre/lib/security/cacerts , result=$returnCode"
       if [ $returnCode != 0 ]
       then
         exit $returnCode
@@ -295,9 +304,9 @@ setupFilesTomcat_sslCertsClient() {
         
       done
 
-      chmod -w /usr/lib/jvm/java/jre/lib/security/cacerts        
+      chmod u-w /usr/lib/jvm/java/jre/lib/security/cacerts        
       returnCode=$?
-      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) chmod -w /usr/lib/jvm/java/jre/lib/security/cacerts , result=$returnCode"
+      echo "grouperContainer; INFO: (librarySetupFilesTomcat.sh-setupFilesTomcat_sslCertsAnchors) chmod u-w /usr/lib/jvm/java/jre/lib/security/cacerts , result=$returnCode"
       if [ $returnCode != 0 ]
       then
         exit $returnCode