From 81e5f11605504e5aa556eb9ed98f749292a15a77 Mon Sep 17 00:00:00 2001
From: Lubos Mjachky <lmjachky@redhat.com>
Date: Thu, 23 May 2024 10:18:28 +0200
Subject: [PATCH] Trust certificates after copying them

[noissue]
---
 .github/template_gitref                         | 2 +-
 .github/workflows/scripts/install.sh            | 2 --
 .github/workflows/scripts/post_before_script.sh | 7 +++++++
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/.github/template_gitref b/.github/template_gitref
index d3966ad3e..09354118f 100644
--- a/.github/template_gitref
+++ b/.github/template_gitref
@@ -1 +1 @@
-2021.08.26-333-gdf1d3ba
+2021.08.26-335-gdf91f79
diff --git a/.github/workflows/scripts/install.sh b/.github/workflows/scripts/install.sh
index fb4da766e..db4367bb6 100755
--- a/.github/workflows/scripts/install.sh
+++ b/.github/workflows/scripts/install.sh
@@ -145,7 +145,6 @@ sudo chown -R 700:700 ~/.config
 echo ::group::SSL
 # Copy pulp CA
 sudo docker cp pulp:/etc/pulp/certs/pulp_webserver.crt /usr/local/share/ca-certificates/pulp_webserver.crt
-sudo docker exec -u root pulp trust anchor /etc/pulp/certs/pulp_webserver.crt
 
 # Hack: adding pulp CA to certifi.where()
 CERTIFI=$(python -c 'import certifi; print(certifi.where())')
@@ -174,7 +173,6 @@ if [[ "$TEST" = "azure" ]]; then
   cat /usr/local/share/ca-certificates/azcert.crt >> $AZCERTIFI
   cat /usr/local/share/ca-certificates/azcert.crt | cmd_stdin_prefix tee -a "$PULPCERTIFI" > /dev/null
   cat /usr/local/share/ca-certificates/azcert.crt | cmd_stdin_prefix tee -a /etc/pki/tls/cert.pem > /dev/null
-  cmd_stdin_prefix sudo trust anchor /etc/pki/tls/cert.pem
   AZURE_STORAGE_CONNECTION_STRING='DefaultEndpointsProtocol=https;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=https://ci-azurite:10000/devstoreaccount1;'
   az storage container create --name pulp-test --connection-string $AZURE_STORAGE_CONNECTION_STRING
 fi
diff --git a/.github/workflows/scripts/post_before_script.sh b/.github/workflows/scripts/post_before_script.sh
index 867f3eae3..577a26998 100644
--- a/.github/workflows/scripts/post_before_script.sh
+++ b/.github/workflows/scripts/post_before_script.sh
@@ -2,3 +2,10 @@ if [[ " ${SCENARIOS[*]} " =~ " ${TEST} " ]]; then
   # Needed by pulp_container/tests/functional/api/test_flatpak.py:
   cmd_prefix dnf install -yq dbus-daemon flatpak
 fi
+
+# add the copied certificates from install.sh to the container's trusted certificates list
+if [[ "$TEST" = "azure" ]]; then
+  cmd_prefix sudo trust anchor /etc/pki/tls/cert.pem
+else
+  cmd_prefix sudo trust anchor /etc/pulp/certs/pulp_webserver.crt
+fi