From 5756e5b6acae6ebab704c98605a5035806d5fad2 Mon Sep 17 00:00:00 2001
From: Grace Wehner <grace.wehner@microsoft.com>
Date: Thu, 28 Apr 2022 08:39:43 -0700
Subject: [PATCH 1/3] script changes

---
 kubernetes/linux/main.sh | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh
index 997f624e2..1ff440887 100644
--- a/kubernetes/linux/main.sh
+++ b/kubernetes/linux/main.sh
@@ -288,6 +288,27 @@ fi
 export CLOUD_ENVIRONMENT=$CLOUD_ENVIRONMENT
 echo "export CLOUD_ENVIRONMENT=$CLOUD_ENVIRONMENT" >> ~/.bashrc
 
+# Copying over CA certs for airgapped clouds. This is needed for Mariner vs Ubuntu hosts.
+# We are unable to tell if the host is Mariner or Ubuntu,
+# so both /anchors/ubuntu and /anchors/mariner are mounted in the yaml.
+# One will have the certs and the other will be empty.
+# These need to be copied to a different location for Mariner vs Ubuntu containers.
+# OS_ID here is the container distro.
+# Adding Mariner now even though the elif will never currently evaluate. 
+if [ $CLOUD_ENVIRONMENT == "usnat" ] || [ $CLOUD_ENVIRONMENT == "ussec" ]; then
+  OS_ID=$(cat /etc/os-release | grep ^ID= | cut -d '=' -f2)
+  if [ $OS_ID == "ubuntu" ]; then
+    cp /anchors/ubuntu/* /usr/local/share/ca-certificates/
+    cp /anchors/mariner/* /usr/local/share/ca-certificates/
+    update-ca-certificates
+    cp /etc/ssl/certs/ca-certificates.crt /usr/lib/ssl/cert.pem
+  elif [ $OS_ID == "mariner" ]; then
+    cp /anchors/ubuntu/* /etc/pki/ca-trust/source/anchors
+    cp /anchors/mariner/* /etc/pki/ca-trust/source/anchors
+    update-ca-trust
+  fi
+fi
+
 #consisten naming conventions with the windows
 export DOMAIN=$domain
 echo "export DOMAIN=$DOMAIN" >> ~/.bashrc

From 661d8752bef01bc0c0a5a1c8bf014f678c698a01 Mon Sep 17 00:00:00 2001
From: Grace Wehner <grace.wehner@microsoft.com>
Date: Fri, 29 Apr 2022 11:51:07 -0700
Subject: [PATCH 2/3] PR feedback

---
 kubernetes/linux/main.sh | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/kubernetes/linux/main.sh b/kubernetes/linux/main.sh
index 1ff440887..2b25b044c 100644
--- a/kubernetes/linux/main.sh
+++ b/kubernetes/linux/main.sh
@@ -296,16 +296,19 @@ echo "export CLOUD_ENVIRONMENT=$CLOUD_ENVIRONMENT" >> ~/.bashrc
 # OS_ID here is the container distro.
 # Adding Mariner now even though the elif will never currently evaluate. 
 if [ $CLOUD_ENVIRONMENT == "usnat" ] || [ $CLOUD_ENVIRONMENT == "ussec" ]; then
-  OS_ID=$(cat /etc/os-release | grep ^ID= | cut -d '=' -f2)
-  if [ $OS_ID == "ubuntu" ]; then
+  OS_ID=$(cat /etc/os-release | grep ^ID= | cut -d '=' -f2 | tr -d '"' | tr -d "'")
+  if [ $OS_ID == "mariner" ]; then
+    cp /anchors/ubuntu/* /etc/pki/ca-trust/source/anchors
+    cp /anchors/mariner/* /etc/pki/ca-trust/source/anchors
+    update-ca-trust
+  else
+    if [ $OS_ID != "ubuntu" ]; then
+      echo "Error: The ID in /etc/os-release is not ubuntu or mariner. Defaulting to ubuntu."
+    fi
     cp /anchors/ubuntu/* /usr/local/share/ca-certificates/
     cp /anchors/mariner/* /usr/local/share/ca-certificates/
     update-ca-certificates
     cp /etc/ssl/certs/ca-certificates.crt /usr/lib/ssl/cert.pem
-  elif [ $OS_ID == "mariner" ]; then
-    cp /anchors/ubuntu/* /etc/pki/ca-trust/source/anchors
-    cp /anchors/mariner/* /etc/pki/ca-trust/source/anchors
-    update-ca-trust
   fi
 fi
 

From 59210a76c748edcfebdbeb73aaf10892b261107a Mon Sep 17 00:00:00 2001
From: Grace Wehner <grace.wehner@microsoft.com>
Date: Mon, 9 May 2022 10:41:53 -0700
Subject: [PATCH 3/3] sla recheck