Update government CAs, #112 needs additional work performed

Summary

To update the DISA certs, ticket #112 (closed) put the additional ticket into the certs directory. However, the ubi9 Dockerfile requires explicitly listing out the certificate filename in the Dockerfile.

The certs never get copied from the repo to the image. Recommendation at end of ticket to use the ubi9-minimal method of copying all certs from repo to image.

Steps to reproduce

docker run -it --entrypoint=bash --user=root registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.4

# interestingly, this only shows Certificates_PKCS7_v5.11_DoD.pem and Certificates_PKCS7_v5.14_WCF.pem, so I wonder why 5.13_DoD is not getting added either. Although, that's a separate issue
ls -lta /etc/pki/ca-trust/source/anchors/

What is the current bug behavior?

Although certs/Certificates_PKCS7_v5.15_WCF.pem was added to the repo, the Dockerfile doesn't add it to the repo

Possible fixes

Compared to this ubi9 image, the ubi9-minimal repo allows for more certificates without needing to call them out in the Dockerfile because it copies the complete certs directory from the repo to the image with COPY certs/* /etc/pki/ca-trust/source/anchors/. The main ubi9 image explicitly calls out certificates. Recommend to change to ubi9-minimal method of a single command: COPY certs/* /etc/pki/ca-trust/source/anchors/

Tasks

Bug has been identified and corrected within the container

Please read the Iron Bank Documentation for more info

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information