From 7942cfabc6738433481da6c8e0766e5ce0bb0ed8 Mon Sep 17 00:00:00 2001
From: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Date: Fri, 14 Feb 2025 10:49:37 +0100
Subject: [PATCH 1/2] app-misc/ca-certificates: Account for certs missing
 newlines

Concatenating certificates missing newlines naively with cat results in broken
bundle. Fix the issue by using a sed expression that appends a trailing newline
after the lastline if it is missing.

Issue: flatcar/flatcar#1601
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
---
 ...rtificates-3.108.ebuild => ca-certificates-3.108-r1.ebuild} | 0
 .../app-misc/ca-certificates/files/update-ca-certificates      | 3 ++-
 2 files changed, 2 insertions(+), 1 deletion(-)
 rename sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/{ca-certificates-3.108.ebuild => ca-certificates-3.108-r1.ebuild} (100%)

diff --git a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.108.ebuild b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.108-r1.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.108.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/ca-certificates-3.108-r1.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/files/update-ca-certificates b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/files/update-ca-certificates
index ea7cb27cff0..fcbdd008ed4 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/files/update-ca-certificates
+++ b/sdk_container/src/third_party/coreos-overlay/app-misc/ca-certificates/files/update-ca-certificates
@@ -32,7 +32,8 @@ if [[ ! -e "${CERTBUNDLE}" || "${CERTSDIR}" -nt "${CERTBUNDLE}" ]]; then
     trap "rm -f '${CERTSDIR}/${TEMPBUNDLE}'" EXIT
 
     # Use .0 instead of .pem to pull in only what c_rehash validated
-    cat "${CERTSDIR}"/*.[0-9] > "${TEMPBUNDLE}"
+    sed --separate '$a\' "${CERTSDIR}"/*.[0-9] >"${TEMPBUNDLE}"
+
     chmod 644 "${TEMPBUNDLE}"
     mv -f "${TEMPBUNDLE}" "${CERTBUNDLE}"
     trap - EXIT

From 37cf10e9656dcfb57bdf4c8a5623861ca799af4f Mon Sep 17 00:00:00 2001
From: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Date: Fri, 14 Feb 2025 12:06:54 +0100
Subject: [PATCH 2/2] changelog: Add entry for update-ca-certificates bugfix

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
---
 .../2025-02-14-update-ca-certificates-missing-newlines-fix.md    | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog/bugfixes/2025-02-14-update-ca-certificates-missing-newlines-fix.md

diff --git a/changelog/bugfixes/2025-02-14-update-ca-certificates-missing-newlines-fix.md b/changelog/bugfixes/2025-02-14-update-ca-certificates-missing-newlines-fix.md
new file mode 100644
index 00000000000..89406492d99
--- /dev/null
+++ b/changelog/bugfixes/2025-02-14-update-ca-certificates-missing-newlines-fix.md
@@ -0,0 +1 @@
+- Fix update-ca-certificates behavior when concatenating certificates with missing trailing newlines. ([flatcar/scripts#2667](https://github.com/flatcar/scripts/pull/2667))