mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-06 12:00:44 +00:00
f5b01c1e0e
Commit 2cd23957c0 ("build: use slim docker runtime") switched the
runtime image from `node:24-bookworm` (full) to `node:24-bookworm-slim`.
The slim base does not ship `ca-certificates`, and the runtime stage's
`apt-get install` line was not updated to add it.
Result on the resulting image:
- `/etc/ssl/certs/` is empty (`ls /etc/ssl/certs/ | wc -l` == 0)
- `dpkg -l ca-certificates` reports `un` (not installed)
- `update-ca-certificates` is missing in `$PATH` (exit 127)
- every HTTPS outbound from the gateway dies at TLS handshake with
`error setting certificate file: /etc/ssl/certs/ca-certificates.crt`
- channel plugins that use `node fetch` (telegram/discord/slack)
crash-loop with `Network request for 'deleteWebhook' failed!`
and pin the gateway main thread at ~100% CPU on retry.
Verified by rebuilding the runtime image with this patch and
confirming inside the container:
- `ls /etc/ssl/certs/ | wc -l` -> 285
- `curl -4 https://api.telegram.org/` -> 302
- `curl -4 https://www.google.com/` -> 200
- channel plugins (telegram/discord/slack) register cleanly,
gateway main-thread CPU returns to idle.
Add `ca-certificates` to the apt-install list and call
`update-ca-certificates` to populate the CA bundle.
Signed-off-by: ryuhaneul <luj.moonlight@gmail.com>
15 KiB
15 KiB