From 2d952e95cacf3c73575333b554f3922e7b6aab03 Mon Sep 17 00:00:00 2001 From: ab026jz Date: Mon, 27 Apr 2026 15:37:03 +0200 Subject: [PATCH 1/5] Dockerfile fixed to include .crt files as well --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a2aa66b..8138ecf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ RUN \ echo "######################################################" && \ echo "### Import trusted certs before doing anything else ###" && \ echo "######################################################" && \ - for FILE in `ls /opt/certs/*.pem`; \ + for FILE in `ls /opt/certs/*.pem /opt/certs/*.crf`; \ do cat $FILE >> /etc/pki/tls/certs/ca-bundle.crt ; done && \ echo "###############################################" && \ echo "### Install ###" && \ From 510030c70575279b254d6cbb6ce8e76d7c7af39f Mon Sep 17 00:00:00 2001 From: ab026jz Date: Mon, 27 Apr 2026 15:44:19 +0200 Subject: [PATCH 2/5] typo fix --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 8138ecf..c06c449 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ RUN \ echo "######################################################" && \ echo "### Import trusted certs before doing anything else ###" && \ echo "######################################################" && \ - for FILE in `ls /opt/certs/*.pem /opt/certs/*.crf`; \ + for FILE in `ls /opt/certs/*.pem /opt/certs/*.crt`; \ do cat $FILE >> /etc/pki/tls/certs/ca-bundle.crt ; done && \ echo "###############################################" && \ echo "### Install ###" && \ From 081253a38c8ce48a27d6fdf00b3e8225085d74e0 Mon Sep 17 00:00:00 2001 From: ab026jz Date: Mon, 27 Apr 2026 15:51:44 +0200 Subject: [PATCH 3/5] Installed missing package Co-authored-by: Copilot --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index c06c449..f41a8f3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,6 +21,7 @@ FROM --platform=linux/arm64 public.ecr.aws/lambda/python:3.13-arm64 ARG TRUSTED_SSL_CERTS=./trusted_certs # Artifacts for kerberized sasl_ssl ARG SASL_SSL_ARTIFACTS=./sasl_ssl_artifacts +RUN apk add --no-cache ca-certificates # Trusted certs COPY $TRUSTED_SSL_CERTS /opt/certs/ @@ -31,6 +32,7 @@ RUN \ echo "######################################################" && \ for FILE in `ls /opt/certs/*.pem /opt/certs/*.crt`; \ do cat $FILE >> /etc/pki/tls/certs/ca-bundle.crt ; done && \ + update-ca-certificates && \ echo "###############################################" && \ echo "### Install ###" && \ echo "### -> Basics ###" && \ From 0b9b422faad1a6ebbbc6cf8c95b79a864c802e1f Mon Sep 17 00:00:00 2001 From: ab026jz Date: Mon, 27 Apr 2026 15:59:33 +0200 Subject: [PATCH 4/5] update-ca-trust added --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index f41a8f3..d583f21 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,7 +21,6 @@ FROM --platform=linux/arm64 public.ecr.aws/lambda/python:3.13-arm64 ARG TRUSTED_SSL_CERTS=./trusted_certs # Artifacts for kerberized sasl_ssl ARG SASL_SSL_ARTIFACTS=./sasl_ssl_artifacts -RUN apk add --no-cache ca-certificates # Trusted certs COPY $TRUSTED_SSL_CERTS /opt/certs/ @@ -32,7 +31,7 @@ RUN \ echo "######################################################" && \ for FILE in `ls /opt/certs/*.pem /opt/certs/*.crt`; \ do cat $FILE >> /etc/pki/tls/certs/ca-bundle.crt ; done && \ - update-ca-certificates && \ + update-ca-trust && \ echo "###############################################" && \ echo "### Install ###" && \ echo "### -> Basics ###" && \ From 1eb4c58488b3f0406a9f794b8cb066e90792ea5e Mon Sep 17 00:00:00 2001 From: Oto Macenauer Date: Mon, 27 Apr 2026 16:09:25 +0200 Subject: [PATCH 5/5] Add CA Cert paramter to wget --- Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index d583f21..e11a990 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,6 @@ RUN \ echo "######################################################" && \ for FILE in `ls /opt/certs/*.pem /opt/certs/*.crt`; \ do cat $FILE >> /etc/pki/tls/certs/ca-bundle.crt ; done && \ - update-ca-trust && \ echo "###############################################" && \ echo "### Install ###" && \ echo "### -> Basics ###" && \ @@ -47,7 +46,7 @@ RUN \ echo "#################" && \ mkdir -p /tmp/env-install-workdir/librdkafka && \ cd /tmp/env-install-workdir/librdkafka && \ - wget https://github.com/edenhill/librdkafka/archive/v2.4.0.tar.gz && \ + wget --ca-certificate=/etc/pki/tls/certs/ca-bundle.crt https://github.com/edenhill/librdkafka/archive/v2.4.0.tar.gz && \ tar -xf v2.4.0.tar.gz && \ cd /tmp/env-install-workdir/librdkafka/librdkafka-2.4.0 && \ ./configure && make && make install && \ @@ -60,7 +59,7 @@ RUN \ echo "######################" && \ mkdir -p /tmp/env-install-workdir/confluent-kafka && \ cd /tmp/env-install-workdir/confluent-kafka && \ - wget https://github.com/confluentinc/confluent-kafka-python/archive/v2.4.0.tar.gz && \ + wget --ca-certificate=/etc/pki/tls/certs/ca-bundle.crt https://github.com/confluentinc/confluent-kafka-python/archive/v2.4.0.tar.gz && \ tar -xf v2.4.0.tar.gz && \ cd /tmp/env-install-workdir/confluent-kafka/confluent-kafka-python-2.4.0 && \ CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/opt" python setup.py install && \