Merge pull request #2667 from flatcar/ca-certs-missing-newline-fix

app-misc/ca-certificates: Account for certs missing newlines
2025-08-10 22:46:58 +02:00 · 2025-02-24 17:05:34 +01:00 · 2025-02-24 17:05:34 +01:00 · d3c8c8f4a8
commit d3c8c8f4a8
parent 8f20565f43 37cf10e965
3 changed files with 3 additions and 1 deletions
--- a/changelog/bugfixes/2025-02-14-update-ca-certificates-missing-newlines-fix.md
+++ b/changelog/bugfixes/2025-02-14-update-ca-certificates-missing-newlines-fix.md
@ -0,0 +1 @@
+- Fix update-ca-certificates behavior when concatenating certificates with missing trailing newlines. ([flatcar/scripts#2667](https://github.com/flatcar/scripts/pull/2667))
--- a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.108-r1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.108-r1.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/files/update-ca-certificates
+++ b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/files/update-ca-certificates
@ -32,7 +32,8 @@ if [[ ! -e "${CERTBUNDLE}" || "${CERTSDIR}" -nt "${CERTBUNDLE}" ]]; then
    trap "rm -f '${CERTSDIR}/${TEMPBUNDLE}'" EXIT

    # Use .0 instead of .pem to pull in only what c_rehash validated
-    cat "${CERTSDIR}"/*.[0-9] > "${TEMPBUNDLE}"
+    sed --separate '$a\' "${CERTSDIR}"/*.[0-9] >"${TEMPBUNDLE}"
+
    chmod 644 "${TEMPBUNDLE}"
    mv -f "${TEMPBUNDLE}" "${CERTBUNDLE}"
    trap - EXIT
				`@ -0,0 +1 @@`
				`- Fix update-ca-certificates behavior when concatenating certificates with missing trailing newlines. ([flatcar/scripts#2667](https://github.com/flatcar/scripts/pull/2667))`