Skip to content

Commit

Permalink
(PA-6886) Add Digicert to Solaris images
Browse files Browse the repository at this point in the history
The DigiCertGlobalRootG2 is now used by Artifactory and the VMs we're using
for Solaris don't contain that cert by default.
We for sure update our images to include that, but until that is done we need
to make sure to use it.
Also, in our case the OpenSSL used on our Solaris VMs is ancient and doesn't support
openssl-rehash, so we have to create the sim link ourself.
Once we update our images this commit can be reverted.
  • Loading branch information
cthorn42 committed Aug 12, 2024
1 parent e344e9b commit 5122f7f
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 0 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@ This changelog adheres to [Keep a CHANGELOG](https://keepachangelog.com).

## [Unreleased]

### Added
- Add DigiCertGlobalRootG2 cert as part of Solaris default

## [0.52.0] - 2024-06-03
### Added
- Add Amazon 2 (ARM) platform definition to vanagon
Expand Down
34 changes: 34 additions & 0 deletions lib/vanagon/platform/defaults/solaris-11-i386.rb
Original file line number Diff line number Diff line change
@@ -1,9 +1,43 @@
platform "solaris-11-i386" do |plat|

# Source: https://www.digicert.com/kb/digicert-root-certificates.htm
# Valid until: 15/Jan/2038
# Serial #: 03:3A:F1:E6:A7:11:A9:A0:BB:28:64:B1:1D:09:FA:E5
# SHA256 Fingerprint: CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F
# https://perforce.atlassian.net/browse/RE-16540 for long term fix for this
DigiCertGlobalRootG2 = <<-STRING
-----BEGIN CERTIFICATE-----
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
-----END CERTIFICATE-----
STRING
plat.servicedir "/lib/svc/manifest"
plat.defaultdir "/lib/svc/method"
plat.servicetype "smf"

plat.vmpooler_template "solaris-11-x86_64"
plat.provision_with "echo '#{DigiCertGlobalRootG2}'>> /etc/openssl/certs/DigiCertGlobalRootG2.pem"
plat.provision_with 'chmod a+r /etc/openssl/certs/DigiCertGlobalRootG2.pem'
plat.provision_with 'ln -s /etc/openssl/certs/DigiCertGlobalRootG2.pem /etc/openssl/certs/607986c7.0'
plat.provision_with '/usr/sbin/svcadm restart /system/ca-certificates'
plat.add_build_repository "http://solaris-11-reposync.delivery.puppetlabs.net:81", "puppetlabs.com"
plat.install_build_dependencies_with "pkg install ", " || [[ $? -eq 4 ]]"
end

0 comments on commit 5122f7f

Please sign in to comment.