From bce3a906fc9632400c1bc359441cb5920dfd9900 Mon Sep 17 00:00:00 2001
From: Richie <richiejr.81@gmail.com>
Date: Mon, 8 Jun 2026 21:21:04 +0200
Subject: [PATCH] fix: run update-ca-certificates after apt-get install in
 simplerisk image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

ca-certificates is installed but update-ca-certificates is never called,
so /etc/ssl/certs/ca-certificates.crt is absent from the built image.
PHP's libcurl is compiled with that path as its default CA bundle, causing
all outbound HTTPS cURL calls to fail with:

  error setting certificate file: /etc/ssl/certs/ca-certificates.crt

This affects any feature that makes outbound HTTPS calls from the container.

Fix: chain update-ca-certificates at the end of the apt-get RUN layer.

Note: simplerisk-minimal is unaffected — it already calls
update-ca-certificates as part of its SSL certificate generation step.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 simplerisk/Dockerfile             | 3 ++-
 simplerisk/generate_dockerfile.sh | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/simplerisk/Dockerfile b/simplerisk/Dockerfile
index c5e6a0a..300327a 100644
--- a/simplerisk/Dockerfile
+++ b/simplerisk/Dockerfile
@@ -61,7 +61,8 @@ RUN dpkg-divert --local --rename /usr/bin/ischroot && \
                                                                               curl \
                                                                               ca-certificates \
                                                                               supervisor && \
-    rm -rf /var/lib/apt/lists
+    rm -rf /var/lib/apt/lists && \
+    update-ca-certificates
 
 # Create the OpenSSL password
 RUN echo "$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32})" > /passwords/pass_openssl.txt
diff --git a/simplerisk/generate_dockerfile.sh b/simplerisk/generate_dockerfile.sh
index 8a9c214..7716e87 100755
--- a/simplerisk/generate_dockerfile.sh
+++ b/simplerisk/generate_dockerfile.sh
@@ -83,7 +83,8 @@ RUN dpkg-divert --local --rename /usr/bin/ischroot && \\
                                                                               curl \\
                                                                               ca-certificates \\
                                                                               supervisor && \\
-    rm -rf /var/lib/apt/lists
+    rm -rf /var/lib/apt/lists && \\
+    update-ca-certificates
 
 # Create the OpenSSL password
 RUN echo "\$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c\${1:-32})" > /passwords/pass_openssl.txt