From c1e143c1f4730d0a6be9e6dae90978a8b42d64d2 Mon Sep 17 00:00:00 2001 From: Valentin Lab Date: Mon, 22 Nov 2021 10:45:46 +0100 Subject: [PATCH] fix: system image support for letsencrypt SSL protected host This is following the DST Root CA X3 expiration (cf: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ ). Any access (for instance through charm's hook) to any let's encrypt SSL protected could fail because of this. This could be any ``git``, ``curl``, ``wget`` command on those host. Signed-off-by: Valentin Lab --- Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Dockerfile b/Dockerfile index b6ebe2e..604a60b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -130,6 +130,11 @@ RUN wget https://github.com/bronze1man/yaml2json/releases/download/v1.3/yaml2jso -O /usr/local/bin/yaml2json && \ chmod +x /usr/local/bin/yaml2json +## Fixing Let's encrypt CA issue from 2021-10-01, probably can remove +## with newer alpine version (was added with alpine 3.7.1) +RUN sed -ri 's%^(mozilla/DST_Root_CA_X3.crt)%!\\1%g' /etc/ca-certificates.conf && \ + update-ca-certificates + ## install compose COPY ./bin/ /usr/local/bin/