Root CA seems to be missing from the docker images

[daddykotex]

Hey,

Thanks for dhall, it's amazing and the project/community is great.

I was using the docker image for dhall until I ran into an issue.

Given the following file:

❯ cat test.dhall
let Map = https://prelude.dhall-lang.org/Map/Type

in 2

We get an unknown CA certificate:

❯ docker run -i dhallhaskell/dhall:1.27.0 dhall < test.dhall
dhall:
InternalException (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)))

I open the issue before a PR because I want to make sure I'm not the only one that has the issue and also because I'm still not comfortable with nix enough to fix that easily.

If you got any pointer to where I should head in order to write a fix for that, I'd be grateful and would probably be able to submit a PR.

I saw some docker shenanigans in shared.nix and I'll probably start from there.

[Gabriella439]

I can fix it myself, but if you're interested it seems like the container doesn't have the correct root certificates installed. I think the container needs to install the certificates bundled as part of the pkgs.cacert package in Nixpkgs (somehow). Maybe just adding pkgs.cacert to this line would help, but I'm not sure until I try this myself:

dhall-haskell/nix/shared.nix

Line 643 in d5b7c38

contents = [ possibly-static."${name}" ];

[daddykotex]

I don't have all the nix goodies available on this laptop so my fix would have to wait.

I suggest you fix it, when you have time for that, there's no rush. And I can look at your fix and try to learn from it.

Thanks again

[Gabriella439]

Fixed by #1493