From c1e143c1f4730d0a6be9e6dae90978a8b42d64d2 Mon Sep 17 00:00:00 2001
From: Valentin Lab <valentin.lab@kalysto.org>
Date: Mon, 22 Nov 2021 10:45:46 +0100
Subject: [PATCH] fix: system image support for letsencrypt SSL protected host

This is following the DST Root CA X3 expiration (cf:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
). Any access (for instance through charm's hook) to any let's encrypt
SSL protected could fail because of this. This could be any ``git``,
``curl``, ``wget`` command on those host.

Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
---
 Dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index b6ebe2e..604a60b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -130,6 +130,11 @@ RUN wget https://github.com/bronze1man/yaml2json/releases/download/v1.3/yaml2jso
     -O /usr/local/bin/yaml2json && \
     chmod +x /usr/local/bin/yaml2json
 
+## Fixing Let's encrypt CA issue from 2021-10-01, probably can remove
+## with newer alpine version (was added with alpine 3.7.1)
+RUN sed -ri 's%^(mozilla/DST_Root_CA_X3.crt)%!\\1%g' /etc/ca-certificates.conf && \
+    update-ca-certificates
+
 ## install compose
 COPY ./bin/ /usr/local/bin/