Failed to build image due to ssl issue

[dhirwa-sx]

While building a custom docker image based on osixia/docker-openldap v1.5.0, I run into an ssl error service-available: :ssl-tools not found in /container/service-available/:ssl-tools. I thought maybe the changes that I made to build a custom image might be the root cause, so I cloned a fresh copy of the repository to ensure that it is not the case, then I run into the error in below results:

git clone https://github.com/osixia/docker-openldap.git
cd docker-openldap
git checkout v1.5.0
make build-nocache

Results

...[REDACTED]
Processing triggers for libc-bin (2.28-10) ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   356  100   356    0     0    861      0 --:--:-- --:--:-- --:--:--   861
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL: no alternative certificate subject name matches target host name 'www.meddeb.net'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
The command '/bin/sh -c echo "path-include /usr/share/doc/krb5*" >> /etc/dpkg/dpkg.cfg.d/docker && apt-get -y update     && /container/tool/add-service-available :ssl-tools     && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get -t buster-backports install -y --no-install-recommends     ca-certificates     curl     ldap-utils=${OPENLDAP_PACKAGE_VERSION}\*     libsasl2-modules     libsasl2-modules-db     libsasl2-modules-gssapi-mit     libsasl2-modules-ldap     libsasl2-modules-otp     libsasl2-modules-sql     openssl     slapd=${OPENLDAP_PACKAGE_VERSION}\*     slapd-contrib=${OPENLDAP_PACKAGE_VERSION}\*     krb5-kdc-ldap     && curl -o pqchecker.deb -SL http://www.meddeb.net/pub/pqchecker/deb/8/pqchecker_${PQCHECKER_VERSION}_amd64.deb     && echo "${PQCHECKER_MD5} *pqchecker.deb" | md5sum -c -     && dpkg -i pqchecker.deb     && rm pqchecker.deb     && update-ca-certificates     && apt-get remove -y --purge --auto-remove curl ca-certificates     && apt-get clean     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*' returned a non-zero code: 60
make: *** [build] Error 60

Digging into the issue a little bit, It pointed me to line 40 in the Dockerfile.

For testing purpose I updated the line to:

...[REDACTED
&& curl -o pqchecker.deb -SLk http://www.meddeb.net/pub/pqchecker/deb/8/pqchecker_${PQCHECKER_VERSION}_amd64.deb \
...[REDACTED]

[docker-openldap] (tags/v1.5.0) % make build
docker build -t osixia/openldap:1.5.0 --rm image
[+] Building 2.1s (12/12) FINISHED
 => [internal] load build definition from Dockerfile                                                                                                         0.0s
 => => transferring dockerfile: 2.84kB                                                                                                                       0.0s
 => [internal] load .dockerignore                                                                                                                            0.0s
 => => transferring context: 2B                                                                                                                              0.0s
 => [internal] load metadata for docker.io/osixia/light-baseimage:1.3.2                                                                                      1.6s
 => [1/7] FROM docker.io/osixia/light-baseimage:1.3.2@sha256:29ab0ec6f8788bd16e9fe1f8130de205f5464c98501c5dc953254c1ad6c97fa4                                0.0s
 => [internal] load build context                                                                                                                            0.0s
 => => transferring context: 32.08kB                                                                                                                         0.0s
 => CACHED [2/7] RUN if [ -z "${LDAP_OPENLDAP_GID}" ]; then groupadd -g 911 -r openldap; else groupadd -r -g ${LDAP_OPENLDAP_GID} openldap; fi     && if [   0.0s
 => CACHED [3/7] RUN echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list                                                  0.0s
 => CACHED [4/7] RUN echo "path-include /usr/share/doc/krb5*" >> /etc/dpkg/dpkg.cfg.d/docker && apt-get -y update     && /container/tool/add-service-availa  0.0s
 => [5/7] ADD service /container/service                                                                                                                     0.0s
 => [6/7] RUN /container/tool/install-service                                                                                                                0.3s
 => [7/7] ADD environment /container/environment/99-default                                                                                                  0.0s
 => exporting to image                                                                                                                                       0.1s
 => => exporting layers                                                                                                                                      0.0s
 => => writing image sha256:789eec03bf4ddead0986d6ea2ab892d828a99fdf7499b302aecebd98e842c3e4                                                                 0.0s
 => => naming to docker.io/osixia/openldap:1.5.0

I am now wondering if there might be a way to quickly fix the issue. Any help would be appreciated.

[genestouxguy]

Hi,

I changed the url by https://meddeb.net/pub/pqchecker/deb/8/pqchecker_${PQCHECKER_VERSION}_amd64.deb. So I transformed http to https and I removed www.