Add update-ca-trust command (#1314)

wanlonghenry · web-flow · commit 1b29b934aef0 · 2024-09-12T00:50:16.000Z
* Add update-ca-trust command

* update triv ignore
diff --git a/.trivyignore b/.trivyignore
@@ -16,3 +16,8 @@ CVE-2024-24791
 
 #cbl-mariner
 CVE-2024-5535
+
+#stdlib
+CVE-2024-34156
+CVE-2024-34155
+CVE-2024-34158
diff --git a/kubernetes/linux/Dockerfile.multiarch b/kubernetes/linux/Dockerfile.multiarch
@@ -22,7 +22,23 @@ ENV tmpdir /opt
 RUN tdnf clean all
 RUN tdnf repolist --refresh
 RUN tdnf -y update
-RUN tdnf install -y build-essential wget curl sudo net-tools cronie rsyslog dmidecode gnupg make logrotate busybox gawk tar && rm -rf /var/lib/apt/lists/*
+RUN tdnf install -y \
+         build-essential \
+        wget \
+        curl \
+        sudo \
+        net-tools \
+        cronie \
+        rsyslog \
+        dmidecode \
+        gnupg \
+        make \
+        logrotate \
+        busybox \
+        gawk \
+        tar \
+        ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
 RUN mkdir /busybin && busybox --install /busybin
 
 COPY --from=golang-builder /src/kubernetes/linux/Linux_ULINUX_1.0_*_64_Release/docker-cimprov-*.*.*-*.*.sh $tmpdir/
@@ -81,6 +97,7 @@ COPY --from=builder /usr/bin/curl /usr/bin/curl
 COPY --from=builder /usr/bin/jq /usr/bin/jq
 COPY --from=builder /usr/bin/base64 /usr/bin/base64
 COPY --from=builder /usr/bin/fluentd /usr/bin/fluentd
+COPY --from=builder /usr/bin/update-ca-trust /usr/bin/update-ca-trust
 
 # bash dependencies
 COPY --from=builder /lib/libreadline.so.8 /lib/
