[bitnami/harbor-portal] Release 2.7.0-debian-11-r10 (#20439)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

bitnami/harbor-portal/2/debian-11/Dockerfile

@@ -5,7 +5,7 @@ ARG TARGETARCH
 LABEL org.opencontainers.image.authors="https://bitnami.com/contact" \
       org.opencontainers.image.description="Application packaged by Bitnami" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="2.7.0-debian-11-r9" \
+      org.opencontainers.image.ref.name="2.7.0-debian-11-r10" \
       org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/harbor-portal" \
       org.opencontainers.image.title="harbor-portal" \
       org.opencontainers.image.vendor="VMware, Inc." \

bitnami/harbor-portal/2/debian-11/rootfs/opt/bitnami/scripts/harbor-portal/postunpack.sh

@@ -28,7 +28,7 @@ for dir in "${NGINX_BASE_DIR}/client_body_temp" "${NGINX_BASE_DIR}/proxy_temp" "
 done
 
 # Ensure permissions for Internal TLS
-configure_permissions_system_certs
+configure_permissions_system_certs "$HARBOR_PORTAL_DAEMON_USER"
 
 # Loading bitnami paths
 replace_in_file "$HARBOR_PORTAL_NGINX_CONF_FILE" "/usr/share/nginx/html" "${HARBOR_PORTAL_BASE_DIR}" false

bitnami/harbor-portal/2/debian-11/rootfs/opt/bitnami/scripts/libharbor.sh

@@ -48,16 +48,34 @@ get_system_cert_paths() {
 #   None
 #########################
 configure_permissions_system_certs() {
-    if [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then
-        chmod g+w /etc/pki/tls/certs/ca-bundle.crt
-    fi
+    local -r owner="${1:-}"
+    # Debian
+    set_permissions_ownership "/etc/pki/tls/certs/ca-bundle.crt" "$owner"
+    # Centos/Phonton
+    set_permissions_ownership "/etc/pki/tls/certs/ca-bundle.trust.crt" "$owner"
+    set_permissions_ownership "/etc/ssl/certs/ca-certificates.crt" "$owner"
+}
 
-    if [[ -f /etc/pki/tls/certs/ca-bundle.trust.crt ]]; then
-        chmod g+w /etc/pki/tls/certs/ca-bundle.trust.crt
-    fi
+########################
+# Grant group write permissions to the file provided and change ownership if a the owner argument is set.
+# If the path is not a file, then do nothing.
+# Globals:
+#   OS_FLAVOUR
+# Arguments:
+#   $1 - path
+#   $2 - owner
+# Returns:
+#   None
+#########################
+set_permissions_ownership() {
+    local -r path="${1:?path is missing}"
+    local -r owner="${2:-}"
 
-    if [[ -f /etc/ssl/certs/ca-certificates.crt ]]; then
-        chmod g+w /etc/ssl/certs/ca-certificates.crt
+    if [[ -f "$path" ]]; then
+        chmod g+w "$path"
+        if [[ -n "$owner" ]]; then
+            chown "$owner" "$path"
+        fi
     fi
 }