From 4865aabdb3a7400f13fb5573b268a5491909f3d5 Mon Sep 17 00:00:00 2001
From: John Crispin <john@phrozen.org>
Date: Tue, 25 Nov 2025 07:31:08 +0100
Subject: [PATCH] certificates: copy all certificates at boot

Modify early_boot init script to copy all .pem and .ca files from
/certificates/ to /etc/ucentral/ instead of only operational.pem
and operational.ca.

This enables support for multiple trust chains where certificates
are stored with FQDN-based names (e.g., controller.example.com.pem)
alongside the traditional operational.pem.

The simple wildcard copy allows air-gapped deployments to maintain
certificates for multiple controllers without complex logic.

Signed-off-by: John Crispin <john@phrozen.org>
---
 feeds/tip/certificates/files/etc/init.d/early_boot | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/feeds/tip/certificates/files/etc/init.d/early_boot b/feeds/tip/certificates/files/etc/init.d/early_boot
index e4f1d9ca5..c731d9715 100755
--- a/feeds/tip/certificates/files/etc/init.d/early_boot
+++ b/feeds/tip/certificates/files/etc/init.d/early_boot
@@ -5,7 +5,7 @@ START=09
 copy_certificates() {
 	[ -f /certificates/key.pem ] || return
 
-	cp /certificates/cert.pem /certificates/key.pem /certificates/operational.* /etc/ucentral/
+	cp /certificates/*.pem /certificates/*.ca /etc/ucentral/ 2>/dev/null || true
 	chown root.network /etc/ucentral/*.pem /etc/ucentral/*.ca
 	chmod 0440 root.network /etc/ucentral/*.pem /etc/ucentral/*.ca
 	[ -f /certificates/gateway.json ] && cp /certificates/gateway.json /etc/ucentral/gateway.flash