story/DP 1447/add trust starfield cert ih setup (#25)

* [DP-1447] Add starfield cert to trusted CAs

* Bump version to 0.1.10

VERSION

@@ -1 +1 @@
-0.1.9
+0.1.10

formula/ih-core.rb

@@ -1,5 +1,5 @@
 class IhCore < Formula
-  VERSION="0.1.9"
+  VERSION="0.1.10"
   desc "Brew formula for installing core tools used at Included Health engineering."
   homepage "https://github.com/ConsultingMD/homebrew-ih-public"
   license "CC BY-NC-ND 4.0"

lib/core/certificates/step.sh

@@ -56,9 +56,19 @@ function ih::setup::core.certificates::install() {
   # Append our DLP certs to the mozilla bundle.
   cat "$CA_PATH" >>"$MOZILLA_PATH"
 
+  # Download a CA cert that AWS sometimes uses, which is not
+  # included in the Mozilla bundle. This affects a few people
+  # with no obvious pattern.
+  curl https://www.amazontrust.com/repository/SFSRootCAG2.pem >>"$MOZILLA_PATH"
+
   # Configure NPM to use the bundle.
   npm config set cafile "$MOZILLA_PATH"
 
+  if command -v yarn &>/dev/null; then
+    # Configure yarn to use the bundle.
+    yarn config set cafile "$MOZILLA_PATH"
+  fi
+
   local OPENSSL_PATH OPENSSL_FOUND REHASH_PATH
   OPENSSL_PATH=$(brew info openssl | grep -oE "/usr/local/etc/openssl.*")
   OPENSSL_FOUND=$?
@@ -72,9 +82,5 @@ function ih::setup::core.certificates::install() {
   ih::log::info "Rehashing brew OpenSSL certs..."
   "$(brew --prefix)"/opt/openssl/bin/c_rehash
 
-  ih::file::add-if-not-present "$HOME/.npmrc" "cafile=\"$MOZILLA_PATH\""
-  ih::file::add-if-not-present "$HOME/.yarnrc" "cafile=\"$MOZILLA_PATH\""
-
   cp -f "$IH_CORE_LIB_DIR/core/certificates/default/11_certificates.sh" "$IH_DEFAULT_DIR/11_certificates.sh"
-
 }