Use postrun script to properly link for certificate

Author: donhardman

.github/workflows/release.yml

@@ -93,6 +93,11 @@ jobs:
         run: |
           # name is like assets manticore-executor_v0.5.1-221214-e089052_linux_amd64:
           tar -xzf *.tar.gz
+
+          # Setup openssl workaround
+          mkdir -p .debpkg/DEBIAN
+          cp -p packages/postrun .debpkg/DEBIAN/postinst
+
           mkdir -p .debpkg/usr/bin
           mkdir -p .rpmpkg/usr/bin
           mkdir -p .rpmpkg/usr/share/
@@ -135,6 +140,7 @@ jobs:
           sed -i 's/{{ MAINTAINER }}/${{ env.MAINTAINER }}/g' $spec_file
           sed -i 's/{{ DESC }}/${{ env.DESC }}/g' $spec_file
           sed -i 's/{{ ARCH }}/x86_64/g' $spec_file
+          # sed -i "s@{{ POSTRUN }}@$(<packages/postrun)@g" $spec_file
 
           tar czf tmp.tar.gz "${{ env.APP_NAME }}/"
           mkdir -p "$RPMBUILD_SOURCE_DIR"
@@ -187,6 +193,11 @@ jobs:
         run: |
           # name is like assets manticore-executor_v0.5.1-221214-e089052_linux_arm64:
           tar -xzf *.tar.gz
+
+          # Setup openssl workaround
+          mkdir -p .debpkg/DEBIAN
+          cp -p packages/postrun .debpkg/DEBIAN/postinst
+
           mkdir -p .debpkg/usr/bin
           mkdir -p .rpmpkg/usr/bin
           mkdir -p .rpmpkg/usr/share
@@ -221,7 +232,7 @@ jobs:
           distro: centos7
           githubToken: ${{ github.token }}
           setup: |
-            mkdir -p "${PWD}/artifacts"
+            mkdir -p "${PWD}/artifacts/packages"
             cp -rp .rpmpkg "${PWD}/artifacts/.rpmpkg"
           dockerRunArgs: |
             --volume "${PWD}/artifacts:/artifacts"
@@ -245,6 +256,8 @@ jobs:
             sed -i 's/{{ MAINTAINER }}/${{ env.MAINTAINER }}/g' $spec_file
             sed -i 's/{{ DESC }}/${{ env.DESC }}/g' $spec_file
             sed -i 's/{{ ARCH }}/aarch64/g' $spec_file
+            # sed -i "s@{{ POSTRUN }}@$(<packages/postrun)@g" $spec_file
+
 
             tar czf tmp.tar.gz "${{ env.APP_NAME }}/"
             mkdir -p "$RPMBUILD_SOURCE_DIR"
@@ -294,7 +307,7 @@ jobs:
           arch: 'all'
           desc: '${{ env.EXTRA_DESC }}'
           license: 'Apache-2.0'
-          depends: '${{ env.APP_NAME }} (>= ${{ steps.vars.outputs.app_version }}), ${{ env.COLUMNAR_NAME }} (>= ${{ env. COLUMNAR_VERSION }})'
+          depends: '${{ env.APP_NAME }} (>= ${{ steps.vars.outputs.app_version }}), ${{ env.COLUMNAR_NAME }} (>= ${{ env. COLUMNAR_VERSION }}), ca-certificates'
       - name: Build RPM packages
         run: |
           sudo apt-get update -y -q

packages/extra.spec

@@ -8,6 +8,7 @@ Packager: {{ MAINTAINER }}
 Vendor: {{ MAINTAINER }}
 Requires: {{ EXECUTOR_NAME }} >= {{ EXECUTOR_VERSION }}
 Requires: {{ COLUMNAR_NAME }} >= {{ COLUMNAR_VERSION }}
+Requires: ca-certificates
 
 Source: tmp.tar.gz
 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot

packages/main.spec

@@ -32,7 +32,22 @@ rm -rf %{buildroot}
 
 %post
 
-%postun
+%postrun
+if [ -f /etc/ssl/cert.pem ]; then
+  exit 0
+fi
+
+for cert in "/etc/ssl/certs/ca-certificates.crt" \
+  "/etc/pki/tls/certs/ca-bundle.crt" \
+  "/etc/ssl/ca-bundle.pem" \
+  "/etc/pki/tls/cacert.pem" \
+  "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"; do
+  if [ -f "$cert" ]; then
+    ln -s "$cert" /etc/ssl/cert.pem
+    break
+  fi
+done
+
 
 %files
 %doc usr/share/{{ NAME }}-README.md

packages/postrun

@@ -0,0 +1,16 @@
+# This script used in postrun and postinst for packages
+# Used only in deb but we copy paste this file for main.spec (rpm)
+if [ -f /etc/ssl/cert.pem ]; then
+  exit 0
+fi
+
+for cert in "/etc/ssl/certs/ca-certificates.crt" \
+  "/etc/pki/tls/certs/ca-bundle.crt" \
+  "/etc/ssl/ca-bundle.pem" \
+  "/etc/pki/tls/cacert.pem" \
+  "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"; do
+  if [ -f "$cert" ]; then
+    ln -s "$cert" /etc/ssl/cert.pem
+    break
+  fi
+done