install libnss3-tools/certutil to import nssb

[vctqs1]

Change Summary

To make chromium work with internal CAs, we need to import certification into nssdb, the backend for the Mozilla NSS library.

More detail https://chromium.googlesource.com/chromium/src.git/+/master/docs/linux/cert_management.md

https://github.com/SeleniumHQ/docker-selenium?tab=readme-ov-file#alternative-method-add-certificates-to-existing-selenium-based-images-for-browsers

PR Checklist

• I have read and signed the Contributor License Agreement.

[vctqs1anz]

Hi @jasonbosco Could you please help me review this PR , the purpose of adding libnss3-tools/certutil is I would like import our internal CAs into NSS shared db https://chromium.googlesource.com/chromium/src.git/+/master/docs/linux/cert_management.md

[vctqs1]

@jasonbosco could you help have a look on this iff you have time?

[jasonbosco]

@vctqs1 Even if we add this package to the base image, wouldn't you anyway have to create a separate Docker image to import your custom certs and then use that Docker image as your scraper?

[vctqs1]

@jasonbosco Yeah, I still need to create a separate Docker image to create certs, then copy it to the scraper image. (That is what I did to make python request work w my internal certs)

However, it fails when running the following script to add the certificate to the NSS database (docs) and then copying .pki/nssdb to the scraper image.

certutil -d sql:$HOME/.pki/nssdb -A -t <TRUSTARGS> -n <certificate nickname> -i <certificate filename>

That's why I need to install libnss3-tools in the scraper image to run certutil.

[vctqs1anz]

Hi @jasonbosco Could you help to have a look again

[jasonbosco]

Published in 0.12.0.rc13

[vctqs1anz]

Thank you so much