fix(stackable-base): Update expected ca-certificates package name

[Techassi]

The ca-certificates packages was recently updated and caused pretty much all image builds to fail. This PR updates the expected package name to the actual package name.

A local test build of the stackable-base image was successful.

[sbernauer]

Just to be sure, you checked trust list --filter=ca-anchors | grep 'E-Tugra'?

[Techassi]

Just to be sure, you checked trust list --filter=ca-anchors | grep 'E-Tugra'?

Yes I did, it is gone as expected:

docker run -it oci.stackable.tech/sdp/stackable-base:1.0.0-stackable0.0.0-dev-amd64
[root@8932cda1dbe4 /]# trust list --filter=ca-anchors | grep 'E-Tugra'
[root@8932cda1dbe4 /]#

[sbernauer]

Oh nice! In that case I'd say we can remove the entire CVE-2023-37920 handling

[Techassi]

Oh yeah, you might be right.

I will test this after this PR is merged and will raise a new one if we are sure it is gone.

[sbernauer]

Works for me 👍

[Techassi]

Okay I just checked if the CA certificates are gone before we update the root trust store via our blocklist. And yes, they are still there. I temporarily removed our blocklist and our check fails:

0.920 Still found E-Tugra root certificates, this should not happen!
0.992     label: E-Tugra Certification Authority
0.992     label: E-Tugra Global Root CA ECC v3
0.992     label: E-Tugra Global Root CA RSA v3

As such, the handling cannot be removed yet and we still need our blocklist to be in place.

[sbernauer]

Ahh, that makes sense. Thanks for checking