Merge branch 'garypen/3173-ca-certs' into garypen/3140-flush-otlp-met…

…rics
apollographql · May 30, 2023 · 1bb1825 · 1bb1825
2 parents 413a3a4 + 42d9c73
commit 1bb1825
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 4 deletions.
diff --git a/.changesets/fix_garypen_3173_ca_certs.md b/.changesets/fix_garypen_3173_ca_certs.md
@@ -0,0 +1,7 @@
+### Add ca-certificates to our docker image ([Issue #3173](https://github.com/apollographql/router/issues/3173))
+
+We removed `curl` from our docker images to improve security, which meant that our implicit install of `ca-certificates` (as a dependency of `curl`) was no longer performed.
+
+This fix manually installs the `ca-certificates` package which is required for the router to be able to process TLS requests.
+
+By [@garypen](https://github.com/garypen) in https://github.com/apollographql/router/pull/3174
diff --git a/dockerfiles/Dockerfile.router b/dockerfiles/Dockerfile.router
@@ -19,8 +19,11 @@ WORKDIR /dist
 
 COPY --from=downloader /dist/router /dist
 
-# Update apt
-RUN apt-get update -y
+# Update apt and install ca-certificates
+RUN \
+  apt-get update -y \
+  && apt-get install -y \
+    ca-certificates
 
 # If debug image, install heaptrack and make a data directory
 RUN \

diff --git a/dockerfiles/diy/dockerfiles/Dockerfile.repo b/dockerfiles/diy/dockerfiles/Dockerfile.repo
@@ -36,8 +36,11 @@ ARG DEBUG_IMAGE=false
 
 WORKDIR /dist
 
-# Update apt
-RUN apt-get update -y
+# Update apt and install ca-certificates
+RUN \
+  apt-get update -y \
+  && apt-get install -y \
+    ca-certificates
 
 # Copy in the required files from our build image
 COPY --from=build --chown=root:root /dist /dist