Skip to content

copy SSL certificates from NC instance to ExApp upon install/update action #448

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Dec 27, 2024
Merged

copy SSL certificates from NC instance to ExApp upon install/update action #448

merged 4 commits into from
Dec 27, 2024

Conversation

oleksandr-nc
Copy link
Contributor

This PR adds the updateCertificates method to automate SSL certificate updates in Docker containers.

It detects the container's OS, determines the correct certificate directory (e.g., /usr/local/share/ca-certificates for Debian), parses the Nextcloud certificate bundle, copies individual certificates into the container, and applies updates using OS-specific commands like update-ca-certificates.

Tested on Debian and Alpine.

@oleksandr-nc
Copy link
Contributor Author

the only thing that worries me is that we copy all the certificates from the bundle from the server, including the system ones.

as far as I know, this shouldn't break anything, and this PR won't be backported, so we have plenty of time for testing until Nextcloud 31 get released.

This was referenced Nov 20, 2024
Merged
Merged
kyteinsky
kyteinsky reviewed Nov 21, 2024
View reviewed changes
kyteinsky
kyteinsky reviewed Nov 21, 2024
View reviewed changes
@oleksandr-nc oleksandr-nc force-pushed the feat/ssl-certificates-update branch from 7f7e394 to 1343bda Compare December 26, 2024 11:45
@oleksandr-nc
added small test
4d4c892 
Signed-off-by: Oleksander Piskun <[email protected]>
@oleksandr-nc oleksandr-nc force-pushed the feat/ssl-certificates-update branch from 1343bda to 4d4c892 Compare December 26, 2024 11:51
@oleksandr-nc oleksandr-nc added the enhancement New feature or request label Dec 26, 2024
andrey18106
andrey18106 approved these changes Dec 27, 2024
View reviewed changes
Copy link
Contributor

@andrey18106 andrey18106 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@oleksandr-nc oleksandr-nc merged commit 28b9319 into main Dec 27, 2024
31 checks passed
@oleksandr-nc oleksandr-nc deleted the feat/ssl-certificates-update branch December 27, 2024 20:02
@bigcat88 bigcat88 mentioned this pull request Jan 2, 2025
Closed
@bigcat88 bigcat88 mentioned this pull request Jan 19, 2025
Merged
bigcat88 added a commit to cloud-py-api/nc_py_api that referenced this pull request Jan 19, 2025
@bigcat88 @pre-commit-ci
Use system trust store by default (#328)
301296d 
After internal discussion with @kyteinsky when we tested this
nextcloud/app_api#448 - it was found out that
the `test-deploy` ExApp from AppAPI "Test Deploy" button action fails in
such setups, since the Python library "httpx" ignores system
certificates by default.

reference: encode/httpx#302

Temporary workaround, until "httpx" will change it's behavior.

---------

Signed-off-by: bigcat88 <[email protected]>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kyteinsky kyteinsky kyteinsky left review comments

@andrey18106 andrey18106 andrey18106 approved these changes

@julien-nc julien-nc Awaiting requested review from julien-nc

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@oleksandr-nc @kyteinsky @andrey18106 @bigcat88