From 4c53479e4a9d323aeeb0c8b07f007998bdd8de4f Mon Sep 17 00:00:00 2001
From: Konstantin Demin <rockdrilla@gmail.com>
Date: Mon, 15 Aug 2022 18:22:08 +0300
Subject: [PATCH] Dockerfile: copy only CA certificate bundle (#5571)

and never more - (dangling) symlinks pointing to /usr/share/ca-certificates/mozilla/ in Debian:stable-slim

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
---
 Dockerfile | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9c4608589..0eace2550 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,11 +1,18 @@
 FROM debian:stable-slim
+SHELL [ "/bin/sh", "-ec" ]
 
-RUN apt-get update && apt-get -uy upgrade
-RUN apt-get -y install ca-certificates && update-ca-certificates
+RUN export DEBCONF_NONINTERACTIVE_SEEN=true \
+           DEBIAN_FRONTEND=noninteractive \
+           DEBIAN_PRIORITY=critical \
+           TERM=linux ; \
+    apt-get -qq update ; \
+    apt-get -yyqq upgrade ; \
+    apt-get -yyqq install ca-certificates ; \
+    apt-get clean
 
 FROM scratch
 
-COPY --from=0 /etc/ssl/certs /etc/ssl/certs
+COPY --from=0 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 ADD coredns /coredns
 
 EXPOSE 53 53/udp