From 420303b9433d081b2507202221a2e912b3509f4c Mon Sep 17 00:00:00 2001
From: Andrzej Klajnert <github@aklajnert.pl>
Date: Fri, 14 Jan 2022 16:47:23 +0100
Subject: [PATCH] Recursively copy cert files.

[NO NEW TESTS NEEDED]

Signed-off-by: Andrzej Klajnert <github@aklajnert.pl>
---
 pkg/machine/ignition.go | 85 ++++++++++++++++++++++-------------------
 1 file changed, 46 insertions(+), 39 deletions(-)

diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index ac2cf71cf4..09228553c6 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -1,3 +1,4 @@
+//go:build amd64 || arm64
 // +build amd64 arm64
 
 package machine
@@ -423,61 +424,67 @@ func getCerts(certsDir string, isDir bool) []File {
 		files []File
 	)
 
-	certs, err := ioutil.ReadDir(certsDir)
 	if isDir {
-		if err == nil {
-			for _, cert := range certs {
-				b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name()))
+		err := filepath.Walk(certsDir, func(path string, info os.FileInfo, err error) error {
+			if err == nil && !info.IsDir() {
+				certPath, err := filepath.Rel(certsDir, path)
 				if err != nil {
-					logrus.Warnf("Unable to read cert file %s", err.Error())
-					continue
+					logrus.Warnf("%s", err)
+					return nil
+				}
+
+				file, err := prepareCertFile(filepath.Join(certsDir, certPath), certPath)
+				if err == nil {
+					files = append(files, file)
 				}
-				files = append(files, File{
-					Node: Node{
-						Group: getNodeGrp("root"),
-						Path:  filepath.Join("/etc/containers/certs.d/", cert.Name()),
-						User:  getNodeUsr("root"),
-					},
-					FileEmbedded1: FileEmbedded1{
-						Append: nil,
-						Contents: Resource{
-							Source: encodeDataURLPtr(string(b)),
-						},
-						Mode: intToPtr(0644),
-					},
-				})
 			}
-		} else {
+
+			return nil
+		})
+		if err != nil {
 			if !os.IsNotExist(err) {
 				logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s:  %s", certsDir, err.Error())
 			}
 		}
 	} else {
 		fileName := filepath.Base(certsDir)
-		b, err := ioutil.ReadFile(certsDir)
-		if err != nil {
-			logrus.Warnf("Unable to read cert file %s", err.Error())
-			return files
+		file, err := prepareCertFile(certsDir, fileName)
+		if err == nil {
+			files = append(files, file)
 		}
-		files = append(files, File{
-			Node: Node{
-				Group: getNodeGrp("root"),
-				Path:  filepath.Join("/etc/containers/certs.d/", fileName),
-				User:  getNodeUsr("root"),
-			},
-			FileEmbedded1: FileEmbedded1{
-				Append: nil,
-				Contents: Resource{
-					Source: encodeDataURLPtr(string(b)),
-				},
-				Mode: intToPtr(0644),
-			},
-		})
 	}
 
 	return files
 }
 
+func prepareCertFile(path string, name string) (File, error) {
+	b, err := ioutil.ReadFile(path)
+	if err != nil {
+		logrus.Warnf("Unable to read cert file %s", err.Error())
+		return File{}, err
+	}
+
+	targetPath := filepath.Join("/etc/containers/certs.d", name)
+
+	logrus.Debugf("Copying cert file from '%s' to '%s'.", path, targetPath)
+
+	file := File{
+		Node: Node{
+			Group: getNodeGrp("root"),
+			Path:  targetPath,
+			User:  getNodeUsr("root"),
+		},
+		FileEmbedded1: FileEmbedded1{
+			Append: nil,
+			Contents: Resource{
+				Source: encodeDataURLPtr(string(b)),
+			},
+			Mode: intToPtr(0644),
+		},
+	}
+	return file, nil
+}
+
 func getProxyVariables() string {
 	proxyOpts := ""
 	for _, variable := range config.ProxyEnv {