diff --git a/daemons/start-daemon.sh b/daemons/start-daemon.sh index f4f6e25..6956224 100755 --- a/daemons/start-daemon.sh +++ b/daemons/start-daemon.sh @@ -75,10 +75,14 @@ then done fi -if [ -d /etc/grid-security/certificates ]; then +# allow operators to disable updating the system trust store +UPDATE_SYSTEM_TRUST="${UPDATE_SYSTEM_TRUST:-1}" +if [[ "$UPDATE_SYSTEM_TRUST" == "1" && -d /etc/grid-security/certificates ]]; then echo 'Adding Grid CAs to the system trust.' cp -v /etc/grid-security/certificates/*.pem /etc/pki/ca-trust/source/anchors/ update-ca-trust extract +else + echo "Skipping system trust update." fi echo "starting daemon with: $RUCIO_DAEMON $RUCIO_DAEMON_ARGS" diff --git a/server/docker-entrypoint.sh b/server/docker-entrypoint.sh index 759591c..ff8ce15 100755 --- a/server/docker-entrypoint.sh +++ b/server/docker-entrypoint.sh @@ -92,12 +92,16 @@ then done fi -if [ -d /etc/grid-security/certificates ]; then +# allow operators to disable updating the system trust store +UPDATE_SYSTEM_TRUST="${UPDATE_SYSTEM_TRUST:-1}" +if [[ "$UPDATE_SYSTEM_TRUST" == "1" && -d /etc/grid-security/certificates ]]; then echo 'Adding Grid CAs to the system trust.' cp -v /etc/grid-security/certificates/*.pem /etc/pki/ca-trust/source/anchors/ update-ca-trust extract +else + echo "Skipping system trust update." fi pkill httpd || : sleep 2 -exec httpd -D FOREGROUND \ No newline at end of file +exec httpd -D FOREGROUND diff --git a/ui/docker-entrypoint.sh b/ui/docker-entrypoint.sh index 9150085..abd5cda 100755 --- a/ui/docker-entrypoint.sh +++ b/ui/docker-entrypoint.sh @@ -82,10 +82,14 @@ then done fi -if [ -d /etc/grid-security/certificates ]; then +# allow operators to disable updating the system trust store +UPDATE_SYSTEM_TRUST="${UPDATE_SYSTEM_TRUST:-1}" +if [[ "$UPDATE_SYSTEM_TRUST" == "1" && -d /etc/grid-security/certificates ]]; then echo 'Adding Grid CAs to the system trust.' cp -v /etc/grid-security/certificates/*.pem /etc/pki/ca-trust/source/anchors/ update-ca-trust extract +else + echo "Skipping system trust update." fi