Add ca-certificates feature

README.md

@@ -23,6 +23,7 @@
 | [biomejs.dev](https://github.com/devcontainer-community/devcontainer-features/tree/main/src/biomejs.dev) | `biome` — fast JS/TS formatter and linter | gh release | 1.0.1 |
 | [btop](https://github.com/devcontainer-community/devcontainer-features/tree/main/src/btop) | `btop` — resource monitor (CPU, memory, network, processes) | gh release | 1.0.3 |
 | [bun.sh](https://github.com/devcontainer-community/devcontainer-features/tree/main/src/bun.sh) | `bun` — fast JS runtime and package manager | curl | 1.0.0 |
+| [ca-certificates](https://github.com/devcontainer-community/devcontainer-features/tree/main/src/ca-certificates) | `ca-certificates` — install CA certificates and optionally add custom ones from URLs | apt | 1.0.0 |
 | [ccache.dev](https://github.com/devcontainer-community/devcontainer-features/tree/main/src/ccache.dev) | `ccache` — compiler cache for faster C/C++ recompilation | apt | 1.0.0 |
 | [charmbracelet/gum](https://github.com/devcontainer-community/devcontainer-features/tree/main/src/charmbracelet-gum) | `gum` — building blocks for shell scripts | gh release | 1.0.4 |
 | [chezmoi.io](https://github.com/devcontainer-community/devcontainer-features/tree/main/src/chezmoi.io) | `chezmoi` — dotfiles manager across machines | gh release | 1.0.2 |

src/ca-certificates/NOTES.md

@@ -0,0 +1,17 @@
+# ca-certificates
+
+## Project
+
+- [ca-certificates](https://packages.debian.org/stable/ca-certificates)
+
+## Description
+
+Installs the `ca-certificates` package, which provides common CA certificates for SSL/TLS certificate verification. Optionally downloads additional custom CA certificates from specified URLs and registers them with `update-ca-certificates`.
+
+## Installation Method
+
+Installed via the system package manager (`apt`). Additional certificates are downloaded with `wget` or `curl` (installing `curl` if neither is available) and placed in `/usr/local/share/ca-certificates`, then registered via `update-ca-certificates`.
+
+## Other Notes
+
+_No additional notes._

src/ca-certificates/devcontainer-feature.json

@@ -0,0 +1,14 @@
+{
+    "name": "ca-certificates",
+    "id": "ca-certificates",
+    "version": "1.0.0",
+    "description": "Install \"ca-certificates\" and optionally add custom CA certificates from URLs",
+    "documentationURL": "https://github.com/devcontainer-community/devcontainer-features/tree/main/src/ca-certificates",
+    "options": {
+        "urls": {
+            "type": "string",
+            "default": "",
+            "description": "Newline-separated list of URLs to download as additional CA certificates into /usr/local/share/ca-certificates."
+        }
+    }
+}

src/ca-certificates/install.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+set -o noclobber
+set -o nounset
+set -o allexport
+readonly name="ca-certificates"
+readonly caCertificatesDir="/usr/local/share/ca-certificates"
+apt_get_update() {
+    if [ "$(find /var/lib/apt/lists/* | wc -l)" = "0" ]; then
+        echo "Running apt-get update..."
+        apt-get update -y
+    fi
+}
+apt_get_checkinstall() {
+    if ! dpkg -s "$@" >/dev/null 2>&1; then
+        apt_get_update
+        DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends --no-install-suggests --option 'Debug::pkgProblemResolver=true' --option 'Debug::pkgAcquire::Worker=1' "$@"
+    fi
+}
+apt_get_cleanup() {
+    apt-get clean
+    rm -rf /var/lib/apt/lists/*
+}
+echo_banner() {
+    local text="$1"
+    echo -e "\e[1m\e[97m\e[41m$text\e[0m"
+}
+download_file() {
+    local url=$1
+    local target=$2
+    if command -v wget >/dev/null 2>&1; then
+        wget -q -O "$target" "$url"
+    elif command -v curl >/dev/null 2>&1; then
+        curl -fsSL -o "$target" "$url"
+    else
+        apt_get_checkinstall curl
+        curl -fsSL -o "$target" "$url"
+    fi
+}
+install() {
+    apt_get_checkinstall ca-certificates
+    if [ -n "${URLS:-}" ]; then
+        mkdir -p "$caCertificatesDir"
+        while IFS= read -r url; do
+            url="$(echo "$url" | tr -d '[:space:]')"
+            if [ -n "$url" ]; then
+                echo "Downloading certificate from $url..."
+                local filename
+                filename="$(basename "$url" | tr -cd 'a-zA-Z0-9._-')"
+                if [ -z "$filename" ]; then
+                    echo "Skipping '$url': could not derive a safe filename."
+                    continue
+                fi
+                download_file "$url" "$caCertificatesDir/$filename"
+            fi
+        done <<< "$URLS"
+        update-ca-certificates
+    fi
+    apt_get_cleanup
+}
+echo_banner "devcontainer.community"
+echo "Installing $name..."
+install "$@"
+echo "(*) Done!"

test/ca-certificates/test.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -e
+
+# Optional: Import test library bundled with the devcontainer CLI
+# See https://github.com/devcontainers/cli/blob/HEAD/docs/features/test.md#dev-container-features-test-lib
+# Provides the 'check' and 'reportResults' commands.
+source dev-container-features-test-lib
+
+# Feature-specific tests
+# The 'check' command comes from the dev-container-features-test-lib. Syntax is...
+# check <LABEL> <cmd> [args...]
+check "ca-certificates installed" test -f /etc/ssl/certs/ca-certificates.crt
+check "update-ca-certificates available" bash -c "command -v update-ca-certificates"
+
+# Report results
+# If any of the checks above exited with a non-zero exit code, the test will fail.
+reportResults