From 11e94ce19fd3ba29fb3ff89b652e8d618f5d7eec Mon Sep 17 00:00:00 2001
From: "Schiefelbein, Andrew" <as3525@att.com>
Date: Fri, 24 Apr 2020 10:01:39 -0500
Subject: [PATCH] Adding the ability to inject certificate authorities into
 docker image

Change-Id: I06697ceabe5d24b1643ceb741a923aa1ee6977e2
---
 Dockerfile      | 7 +++++++
 certs/README.md | 6 ++++++
 2 files changed, 13 insertions(+)
 create mode 100755 certs/README.md

diff --git a/Dockerfile b/Dockerfile
index 79db24d33..fa72a99b4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,6 +2,13 @@ ARG GO_IMAGE=docker.io/golang:1.13.1-stretch
 ARG RELEASE_IMAGE=scratch
 FROM ${GO_IMAGE} as builder
 
+# Inject custom root certificate authorities if needed
+# Docker does not have a good conditional copy statement and requires that a source file exists
+# to complete the copy function without error.  Therefore the README.md file will be copied to
+# the image every time even if there are no .crt files.
+COPY ./certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 SHELL [ "/bin/bash", "-cex" ]
 WORKDIR /usr/src/airshipctl
 
diff --git a/certs/README.md b/certs/README.md
new file mode 100755
index 000000000..7d04f7ec4
--- /dev/null
+++ b/certs/README.md
@@ -0,0 +1,6 @@
+# Additional Docker image root certificate authorities
+If you require additional certificate authorities for your Docker image:
+* Add ASCII PEM encoded .crt files to this directory
+  * The files will be copied into your docker image at build time.
+
+To update manually copy the .crt files to /usr/local/share/ca-certificates/ and run sudo update-ca-certificates.
\ No newline at end of file