From cd81efe2419ef13d58cf8d768de5100cd76be098 Mon Sep 17 00:00:00 2001
From: "Andrew M. Zhang" <dev@andrewmzhang.com>
Date: Fri, 3 May 2024 15:34:42 -0400
Subject: [PATCH] Add ca-certificates to Dockerfile.hsm

This addition is necessary if you want to run the smallstep/step-ca:hsm
container in linked mode. Without ca-certificates, the container is
unable to verify https certificates of and connect to smallstep.com
---
 docker/Dockerfile.hsm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker/Dockerfile.hsm b/docker/Dockerfile.hsm
index f6cec47a1..66bc43db7 100644
--- a/docker/Dockerfile.hsm
+++ b/docker/Dockerfile.hsm
@@ -18,7 +18,8 @@ COPY --from=kms /usr/local/bin/step-kms-plugin /usr/local/bin/step-kms-plugin
 
 USER root
 RUN apt-get update
-RUN apt-get install -y --no-install-recommends pcscd libpcsclite1
+RUN apt-get install -y --no-install-recommends pcscd libpcsclite1 ca-certificates
+RUN update-ca-certificates
 RUN mkdir -p /run/pcscd
 RUN chown step:step /run/pcscd
 USER step