Updated php-fpm image to correctly update ca trust

This resolves issue where running update-ca-trust would remove the warden root ca from trust, and also adds support for mounting a PEM into /etc/pki/ca-trust/source/anchors when an additional root cert should be trusted by the processes in the container.
wardenenv · Mar 23, 2020 · 3a841b7 · 3a841b7
1 parent 35cbd4e
commit 3a841b7
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/images/php-fpm/context/docker-entrypoint b/images/php-fpm/context/docker-entrypoint
@@ -8,9 +8,12 @@ cat /etc/php.d/05-additions.ini.template \
 
 # append warden issued root ca cert to ca-bundle trusted by curl/openssl
 if [ -f /etc/ssl/warden-rootca-cert/ca.cert.pem ]; then
-  cat /etc/ssl/warden-rootca-cert/ca.cert.pem | sudo tee -a /etc/ssl/certs/ca-bundle.crt >/dev/null
+  sudo cp /etc/ssl/warden-rootca-cert/ca.cert.pem /etc/pki/ca-trust/source/anchors/warden-rootca-cert.pem
 fi
 
+# update trust outside if condition above to allow mounting PEM files into /etc/pki/ca-trust/source/anchors
+sudo update-ca-trust
+
 # start socat process in background to connect sockets used for agent access within container environment
 if [[ -S /run/host-services/ssh-auth.sock ]] \
   && [[ "${SSH_AUTH_SOCK}" != "/run/host-services/ssh-auth.sock" ]]