Update ca-certs base image (#4153)

* Use a newer debian image for certs stable-20211201 is based on the current `oldstable` release, `bullseye`, and has an older ca-certificates package (20210119), whereas 20240110 is based on the current `stable` release, `bookworm`, and has a more up to date ca-certificates package (20230311) * Clean up unneeded removal Current versions of the ca-certificates package no longer include CNNIC_ROOT certificates, so the separate trimming step is no longer necessary --------- Co-authored-by: Wayne Galen <lewayne@amazon.com>
aws · Apr 24, 2024 · 7b9ca6f · 7b9ca6f
1 parent 7e51191
commit 7b9ca6f
Showing 1 changed file with 1 addition and 6 deletions.
diff --git a/misc/certs/Dockerfile b/misc/certs/Dockerfile
@@ -1,10 +1,5 @@
-FROM public.ecr.aws/docker/library/debian:stable-20211201-slim
+FROM public.ecr.aws/docker/library/debian:stable-20240110-slim
 
 RUN apt-get update &&  \
     apt-get install -y ca-certificates && \
     rm -rf /var/lib/apt/lists/*
-
-# If anyone has a better idea for how to trim undesired certs or a better ca list to use, I'm all ears
-RUN cp /etc/ca-certificates.conf /tmp/caconf && cat /tmp/caconf | \
-  grep -v "mozilla/CNNIC_ROOT\.crt" > /etc/ca-certificates.conf && \
-  update-ca-certificates --fresh