mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-21 06:21:08 +02:00
6751326e80
It is a common pattern to bind mount /etc/ssl/certs from the host system into a container. This doesn't work on CoreOS because /etc/ssl/certs is just a pile of symlinks to /usr. If the applications in the container use Go then binding /usr/share/ca-certificates to /etc/ssl/certs does happen to work because Go only needs ca-certificates.crt which is in that top level directory. This however does not work for OpenSSL applications because it needs a whole directory of hashed certificates. To fix this change two things: - Remove the `mozilla` directory left over from when certs came from multiple sources. Install certs in ca-certificates directory instead. - Include the OpenSSL hash symlinks in ca-certificates.