[xen master] automation: Remove expired root certificates used to be used by let's encrypt

[patchbot@xxxxxxx]

commit ba2370a55f83b8ce9d0e2c262e06b854604ba4b6
Author:     Anthony PERARD <anthony.perard@xxxxxxxxxx>
AuthorDate: Fri Feb 24 17:29:14 2023 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Fri Feb 24 17:44:29 2023 +0000

    automation: Remove expired root certificates used to be used by let's 
encrypt
    
    While the Let's Encrypt root certificate ISRG_Root_X1.crt is already
    present, openssl seems to still check for the root certificate
    DST_Root_CA_X3.crt which has expired. This prevent https connections.
    
    Removing DST_Root_CA_X3 fix the issue.
    
    Signed-off-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
    Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 automation/build/ubuntu/trusty.dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/automation/build/ubuntu/trusty.dockerfile 
b/automation/build/ubuntu/trusty.dockerfile
index b298a515c6..22e294c20c 100644
--- a/automation/build/ubuntu/trusty.dockerfile
+++ b/automation/build/ubuntu/trusty.dockerfile
@@ -47,3 +47,8 @@ RUN apt-get update && \
         apt-get autoremove -y && \
         apt-get clean && \
         rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
+
+# Remove expired certificate that Let's Encrypt certificates used to relie on.
+# (Not needed anymore)
+RUN sed -i 's#mozilla/DST_Root_CA_X3\.crt#!\0#' /etc/ca-certificates.conf && \
+    update-ca-certificates
--
generated by git-patchbot for /home/xen/git/xen.git#master