summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-10-17 09:36:20 +0200
committerChristian Poessinger <christian@poessinger.com>2021-10-17 09:40:08 +0200
commit72226d89e917d9aa5744e54e3d75ae166e12dc36 (patch)
tree754b9f0635f23190b870cdabb13089f78bd006ca
parentc0dc0f5578df83c762f15a6073cb863ca4a6a0d8 (diff)
downloadvyos-build-72226d89e917d9aa5744e54e3d75ae166e12dc36.tar.gz
vyos-build-72226d89e917d9aa5744e54e3d75ae166e12dc36.zip
Docker: T3911: invalidate old LetsEncrypt CA
Diffstat
-rwxr-xr-xdata/live-build-config/hooks/live/00-update-letsencrypt-root-ca.chroot7
-rw-r--r--docker/Dockerfile9
2 files changed, 16 insertions, 0 deletions
diff --git a/data/live-build-config/hooks/live/00-update-letsencrypt-root-ca.chroot b/data/live-build-config/hooks/live/00-update-letsencrypt-root-ca.chroot
new file mode 100755
index 00000000..d27cc12c
--- /dev/null
+++ b/data/live-build-config/hooks/live/00-update-letsencrypt-root-ca.chroot
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+echo I: Un-trust old LetsEncrypt root
+sed -i '/^mozilla\/DST_Root_CA_X3/s/^/!/' /etc/ca-certificates.conf
+echo I: Update CA certificates
+update-ca-certificates
+
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 238229d0..221de785 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -73,6 +73,15 @@ RUN apt-get update && apt-get install -y \
grub2
#
+# The LetsEncrypt root certificate expired - we need to install the new ones
+#
+RUN apt-get update && apt-get install -y ca-certificates
+# Un-trust the old certificate
+RUN sed -i '/^mozilla\/DST_Root_CA_X3/s/^/!/' /etc/ca-certificates.conf
+# Update CA store
+RUN update-ca-certificates
+
+#
# Setup Debian Jessie Backports repository
#
COPY no--check-valid-until /etc/apt/apt.conf.d/
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-05 10:28:05 +0000