From 2171b9fb31451aa15ec57719295a7182b7591322 Mon Sep 17 00:00:00 2001
From: Malte Poll <mp@edgeless.systems>
Date: Mon, 7 Nov 2022 18:58:09 +0100
Subject: [PATCH] Install CA certificates in initrd

---
 .../modules.d/39constellation-mount/module-setup.sh    | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/module-setup.sh b/image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/module-setup.sh
index 59cab85db..446a81ad0 100644
--- a/image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/module-setup.sh
+++ b/image/mkosi.skeleton/usr/lib/dracut/modules.d/39constellation-mount/module-setup.sh
@@ -17,6 +17,11 @@ install_and_enable_unit() {
         "${systemdsystemconfdir}/${target}.wants/${unit}"
 }
 
+install_path() {
+    local dir="$1"; shift
+    mkdir -p "${initdir}/${dir}"
+}
+
 install() {
     inst_multiple \
         bash
@@ -60,4 +65,9 @@ install() {
         "/usr/sbin/aws-nvme-disk"
     install_and_enable_unit "aws-nvme-disk.service" \
         "basic.target"
+
+    # TLS / CA store in initramfs
+    install_path /etc/pki/tls/certs/
+    inst_simple /etc/pki/tls/certs/ca-bundle.crt \
+        /etc/pki/tls/certs/ca-bundle.crt
 }