From 38e13c81eb5cb5b10d4477467547b0823d877720 Mon Sep 17 00:00:00 2001
From: Joe Ferguson <joseph.ferguson@docker.com>
Date: Fri, 3 Feb 2023 11:22:19 -0800
Subject: [PATCH] prevent tls being disabled if _tls_generate_certs fails

---
 20.10/dind/dockerd-entrypoint.sh | 11 +++++------
 23.0/dind/dockerd-entrypoint.sh  | 11 +++++------
 dockerd-entrypoint.sh            | 11 +++++------
 3 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/20.10/dind/dockerd-entrypoint.sh b/20.10/dind/dockerd-entrypoint.sh
index 38bc262934..caf382300e 100755
--- a/20.10/dind/dockerd-entrypoint.sh
+++ b/20.10/dind/dockerd-entrypoint.sh
@@ -108,12 +108,11 @@ if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then
 	esac
 
 	# add our default arguments
-	if [ -n "${DOCKER_TLS_CERTDIR:-}" ] \
-		&& _tls_generate_certs "$DOCKER_TLS_CERTDIR" \
-		&& [ -s "$DOCKER_TLS_CERTDIR/server/ca.pem" ] \
-		&& [ -s "$DOCKER_TLS_CERTDIR/server/cert.pem" ] \
-		&& [ -s "$DOCKER_TLS_CERTDIR/server/key.pem" ] \
-	; then
+	if [ -n "${DOCKER_TLS_CERTDIR:-}" ]; then
+		_tls_generate_certs "$DOCKER_TLS_CERTDIR"
+		[ -s "$DOCKER_TLS_CERTDIR/server/ca.pem" ]
+		[ -s "$DOCKER_TLS_CERTDIR/server/cert.pem" ]
+		[ -s "$DOCKER_TLS_CERTDIR/server/key.pem" ]
 		# generate certs and use TLS if requested/possible (default in 19.03+)
 		set -- dockerd \
 			--host="$dockerSocket" \
diff --git a/23.0/dind/dockerd-entrypoint.sh b/23.0/dind/dockerd-entrypoint.sh
index 38bc262934..caf382300e 100755
--- a/23.0/dind/dockerd-entrypoint.sh
+++ b/23.0/dind/dockerd-entrypoint.sh
@@ -108,12 +108,11 @@ if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then
 	esac
 
 	# add our default arguments
-	if [ -n "${DOCKER_TLS_CERTDIR:-}" ] \
-		&& _tls_generate_certs "$DOCKER_TLS_CERTDIR" \
-		&& [ -s "$DOCKER_TLS_CERTDIR/server/ca.pem" ] \
-		&& [ -s "$DOCKER_TLS_CERTDIR/server/cert.pem" ] \
-		&& [ -s "$DOCKER_TLS_CERTDIR/server/key.pem" ] \
-	; then
+	if [ -n "${DOCKER_TLS_CERTDIR:-}" ]; then
+		_tls_generate_certs "$DOCKER_TLS_CERTDIR"
+		[ -s "$DOCKER_TLS_CERTDIR/server/ca.pem" ]
+		[ -s "$DOCKER_TLS_CERTDIR/server/cert.pem" ]
+		[ -s "$DOCKER_TLS_CERTDIR/server/key.pem" ]
 		# generate certs and use TLS if requested/possible (default in 19.03+)
 		set -- dockerd \
 			--host="$dockerSocket" \
diff --git a/dockerd-entrypoint.sh b/dockerd-entrypoint.sh
index 38bc262934..caf382300e 100755
--- a/dockerd-entrypoint.sh
+++ b/dockerd-entrypoint.sh
@@ -108,12 +108,11 @@ if [ "$#" -eq 0 ] || [ "${1#-}" != "$1" ]; then
 	esac
 
 	# add our default arguments
-	if [ -n "${DOCKER_TLS_CERTDIR:-}" ] \
-		&& _tls_generate_certs "$DOCKER_TLS_CERTDIR" \
-		&& [ -s "$DOCKER_TLS_CERTDIR/server/ca.pem" ] \
-		&& [ -s "$DOCKER_TLS_CERTDIR/server/cert.pem" ] \
-		&& [ -s "$DOCKER_TLS_CERTDIR/server/key.pem" ] \
-	; then
+	if [ -n "${DOCKER_TLS_CERTDIR:-}" ]; then
+		_tls_generate_certs "$DOCKER_TLS_CERTDIR"
+		[ -s "$DOCKER_TLS_CERTDIR/server/ca.pem" ]
+		[ -s "$DOCKER_TLS_CERTDIR/server/cert.pem" ]
+		[ -s "$DOCKER_TLS_CERTDIR/server/key.pem" ]
 		# generate certs and use TLS if requested/possible (default in 19.03+)
 		set -- dockerd \
 			--host="$dockerSocket" \