From 73e92d7bb028e297236c52965b1dc4525f603214 Mon Sep 17 00:00:00 2001
From: Steve Ruble <SteveRuble@users.noreply.github.com>
Date: Thu, 27 Oct 2022 16:34:07 -0400
Subject: [PATCH] story/DP 1447/add trust starfield cert ih setup (#25)

* [DP-1447] Add starfield cert to trusted CAs

* Bump version to 0.1.10
---
 VERSION                       |  2 +-
 formula/ih-core.rb            |  2 +-
 lib/core/certificates/step.sh | 14 ++++++++++----
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/VERSION b/VERSION
index 1a03094..9767cc9 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.1.9
+0.1.10
diff --git a/formula/ih-core.rb b/formula/ih-core.rb
index 64c8480..8e41681 100644
--- a/formula/ih-core.rb
+++ b/formula/ih-core.rb
@@ -1,5 +1,5 @@
 class IhCore < Formula
-  VERSION="0.1.9"
+  VERSION="0.1.10"
   desc "Brew formula for installing core tools used at Included Health engineering."
   homepage "https://github.com/ConsultingMD/homebrew-ih-public"
   license "CC BY-NC-ND 4.0"
diff --git a/lib/core/certificates/step.sh b/lib/core/certificates/step.sh
index ce1ad33..0a1fa26 100644
--- a/lib/core/certificates/step.sh
+++ b/lib/core/certificates/step.sh
@@ -56,9 +56,19 @@ function ih::setup::core.certificates::install() {
   # Append our DLP certs to the mozilla bundle.
   cat "$CA_PATH" >>"$MOZILLA_PATH"
 
+  # Download a CA cert that AWS sometimes uses, which is not
+  # included in the Mozilla bundle. This affects a few people
+  # with no obvious pattern.
+  curl https://www.amazontrust.com/repository/SFSRootCAG2.pem >>"$MOZILLA_PATH"
+
   # Configure NPM to use the bundle.
   npm config set cafile "$MOZILLA_PATH"
 
+  if command -v yarn &>/dev/null; then
+    # Configure yarn to use the bundle.
+    yarn config set cafile "$MOZILLA_PATH"
+  fi
+
   local OPENSSL_PATH OPENSSL_FOUND REHASH_PATH
   OPENSSL_PATH=$(brew info openssl | grep -oE "/usr/local/etc/openssl.*")
   OPENSSL_FOUND=$?
@@ -72,9 +82,5 @@ function ih::setup::core.certificates::install() {
   ih::log::info "Rehashing brew OpenSSL certs..."
   "$(brew --prefix)"/opt/openssl/bin/c_rehash
 
-  ih::file::add-if-not-present "$HOME/.npmrc" "cafile=\"$MOZILLA_PATH\""
-  ih::file::add-if-not-present "$HOME/.yarnrc" "cafile=\"$MOZILLA_PATH\""
-
   cp -f "$IH_CORE_LIB_DIR/core/certificates/default/11_certificates.sh" "$IH_DEFAULT_DIR/11_certificates.sh"
-
 }