docker: Add Let's Encrypt root CA

This is required to connect to the IPFire LDAP server

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/Dockerfile.in b/Dockerfile.in
index b9200d85626cdfad62295c2742678181cc1bb9d9..263ab7f6f52635e9ccaf3156fa37f8c8216d5b76 100644 (file)
--- a/Dockerfile.in
+++ b/Dockerfile.in
@@ -12,6 +12,7 @@ RUN yum install -y \
        autoconf \
        intltool \
        make \
+       openssl-perl \
        python2-pip \
        python-daemon \
        python-ldap \
@@ -29,6 +30,11 @@ RUN pip install geoip2
 RUN groupadd -g 2000 pbs && \
        useradd --system --no-create-home --shell /bin/bash --uid 2000 --gid 2000 pbs
 
+# Install LDAP certificate
+RUN mkdir -p /etc/openldap/cacerts
+COPY src/misc/lets-encrypt-x3-cross-signed.pem /etc/openldap/cacerts/
+RUN c_rehash -v /etc/openldap/cacerts
+
 # Copy the source code
 COPY . /build/pakfire-build-service
 

diff --git a/Makefile.am b/Makefile.am
index 438cbd9d14d64013ff6ef50923f63cb834f74137..42b22ee34b857a0a70c75d9626457f56b8216197 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -458,6 +458,7 @@ dist_geoip_DATA = \
 geoipdir = $(datadir)/geoip
 
 EXTRA_DIST += \
+       src/misc/lets-encrypt-x3-cross-signed.pem \
        src/tools/dump-database-schema.sh \
        src/tools/update-geoip-database.sh
 

diff --git a/src/misc/lets-encrypt-x3-cross-signed.pem b/src/misc/lets-encrypt-x3-cross-signed.pem
new file mode 100644 (file)
index 0000000..0002462
--- /dev/null
+++ b/src/misc/lets-encrypt-x3-cross-signed.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----