GIT-2927: Fixed Greenlight doesn't handle the Let's Encrypt CA switch (…

…Fixes bigbluebutton#2927)
KH-Amir-TN · Dec 10, 2021 · 7cf6829 · 7cf6829
1 parent 057df18
commit 7cf6829
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -65,10 +65,13 @@ ENV VERSION_CODE=$version_code
 
 # Set executable permission to start file
 RUN chmod +x bin/start
-
-# FIXME / to remove / https://github.com/nahi/httpclient/issues/445
-RUN cat /etc/ssl/certs/ca-certificates.crt \
-    >/usr/src/app/vendor/bundle/ruby/2.7.0/gems/httpclient-2.8.3/lib/httpclient/cacert.pem
-
+# Update HTTPClient cacert.pem with the latest Mozilla cacert.pem
+RUN wget https://curl.se/ca/cacert.pem https://curl.se/ca/cacert.pem.sha256 -P /tmp
+RUN cd /tmp && sha256sum cacert.pem > cacert.pem.sha256sum && cd ${RAILS_ROOT}
+RUN diff /tmp/cacert.pem.sha256sum /tmp/cacert.pem.sha256
+RUN mv -v /tmp/cacert.pem $(bundle info httpclient --path)/lib/httpclient/ && rm -v /tmp/cacert*
+
+# Update Openssl certs [This is for Faraday adapter for Net::HTTP]
+RUN [[ $(id -u) -eq 0 ]] && update-ca-certificates
 # Start the application.
 CMD ["bin/start"]