fix(kopia): instead of setting env var, provide custom ca to s3 command

perfectra1n · perfectra1n · commit 0e3df3bbfec8 · 2025-09-03T19:15:03.000Z
diff --git a/mover-kopia/entry.sh b/mover-kopia/entry.sh
@@ -179,8 +179,9 @@ echo ""
 
 KOPIA=("kopia" "--config-file=${KOPIA_CACHE_DIR}/kopia.config" "--log-dir=${KOPIA_CACHE_DIR}/logs" "--file-log-level=${KOPIA_FILE_LOG_LEVEL}" "--log-dir-max-files=${KOPIA_LOG_DIR_MAX_FILES}" "--log-dir-max-age=${KOPIA_LOG_DIR_MAX_AGE}")
 if [[ -n "${CUSTOM_CA}" ]]; then
-    echo "Using custom CA."
-    export KOPIA_CA_CERT="${CUSTOM_CA}"
+    echo "Using custom CA certificate at: ${CUSTOM_CA}"
+    # Note: Custom CA is now handled via --root-ca-pem-path flag in S3 connect/create commands
+    # The KOPIA_CA_CERT environment variable is not used by Kopia for S3 connections
 fi
 
 echo "=== Kopia Version ==="
@@ -872,6 +873,12 @@ function connect_repository {
             S3_CONNECT_CMD+=(--disable-tls)
         fi
         
+        # Add custom CA certificate if specified
+        if [[ -n "${CUSTOM_CA}" ]] && [[ -f "${CUSTOM_CA}" ]]; then
+            echo "Adding custom CA certificate for S3 connection: ${CUSTOM_CA}"
+            S3_CONNECT_CMD+=(--root-ca-pem-path="${CUSTOM_CA}")
+        fi
+        
         # Add username/hostname overrides if specified
         add_user_overrides S3_CONNECT_CMD
         
@@ -1085,6 +1092,12 @@ function create_repository {
             S3_CREATE_CMD+=(--disable-tls)
         fi
         
+        # Add custom CA certificate if specified
+        if [[ -n "${CUSTOM_CA}" ]] && [[ -f "${CUSTOM_CA}" ]]; then
+            echo "Adding custom CA certificate for S3 repository creation: ${CUSTOM_CA}"
+            S3_CREATE_CMD+=(--root-ca-pem-path="${CUSTOM_CA}")
+        fi
+        
         # Add username/hostname overrides if specified
         add_user_overrides S3_CREATE_CMD
         
