alpine: Don't install ca-certificates on Alpine 3.7+

* CA certs come bundled on Alpine 3.7+
* On Alpine 3.6, rather install libressl which also include CA certs,
  allows us to use wget, and doesn't increase the size over
  ca-certificates

Author: JayH5

2.7/alpine3.6/Dockerfile

@@ -9,17 +9,15 @@ ENV LANG C.UTF-8
 # https://github.com/docker-library/python/issues/147
 ENV PYTHONIOENCODING UTF-8
 
-# install ca-certificates so that HTTPS works consistently
-# the other runtime dependencies for Python are installed later
-RUN apk add --no-cache ca-certificates
+# install libressl so that HTTPS works on Alpine <3.7
+RUN apk add --no-cache libressl
 
 ENV GPG_KEY C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF
 ENV PYTHON_VERSION 2.7.15
 
 RUN set -ex \
 	&& apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		libressl \
 		tar \
 		xz \
 	\
@@ -41,7 +39,6 @@ RUN set -ex \
 		gcc \
 		gdbm-dev \
 		libc-dev \
-		libressl \
 		libressl-dev \
 		linux-headers \
 		make \
@@ -89,13 +86,9 @@ RUN set -ex \
 ENV PYTHON_PIP_VERSION 10.0.1
 
 RUN set -ex; \
-	\
-	apk add --no-cache --virtual .fetch-deps libressl; \
 	\
 	wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
 	\
-	apk del .fetch-deps; \
-	\
 	python get-pip.py \
 		--disable-pip-version-check \
 		--no-cache-dir \

2.7/alpine3.7/Dockerfile

@@ -9,17 +9,15 @@ ENV LANG C.UTF-8
 # https://github.com/docker-library/python/issues/147
 ENV PYTHONIOENCODING UTF-8
 
-# install ca-certificates so that HTTPS works consistently
-# the other runtime dependencies for Python are installed later
-RUN apk add --no-cache ca-certificates
+# install libressl so that HTTPS works on Alpine <3.7
+# RUN apk add --no-cache libressl
 
 ENV GPG_KEY C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF
 ENV PYTHON_VERSION 2.7.15
 
 RUN set -ex \
 	&& apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		libressl \
 		tar \
 		xz \
 	\
@@ -91,13 +89,9 @@ RUN set -ex \
 ENV PYTHON_PIP_VERSION 10.0.1
 
 RUN set -ex; \
-	\
-	apk add --no-cache --virtual .fetch-deps libressl; \
 	\
 	wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
 	\
-	apk del .fetch-deps; \
-	\
 	python get-pip.py \
 		--disable-pip-version-check \
 		--no-cache-dir \

2.7/alpine3.8/Dockerfile

@@ -9,17 +9,15 @@ ENV LANG C.UTF-8
 # https://github.com/docker-library/python/issues/147
 ENV PYTHONIOENCODING UTF-8
 
-# install ca-certificates so that HTTPS works consistently
-# the other runtime dependencies for Python are installed later
-RUN apk add --no-cache ca-certificates
+# install libressl so that HTTPS works on Alpine <3.7
+# RUN apk add --no-cache libressl
 
 ENV GPG_KEY C01E1CAD5EA2C4F0B8E3571504C367C218ADD4FF
 ENV PYTHON_VERSION 2.7.15
 
 RUN set -ex \
 	&& apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		libressl \
 		tar \
 		xz \
 	\
@@ -91,13 +89,9 @@ RUN set -ex \
 ENV PYTHON_PIP_VERSION 10.0.1
 
 RUN set -ex; \
-	\
-	apk add --no-cache --virtual .fetch-deps libressl; \
 	\
 	wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
 	\
-	apk del .fetch-deps; \
-	\
 	python get-pip.py \
 		--disable-pip-version-check \
 		--no-cache-dir \

3.4/alpine3.7/Dockerfile

@@ -13,17 +13,15 @@ ENV PATH /usr/local/bin:$PATH
 # > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
 ENV LANG C.UTF-8
 
-# install ca-certificates so that HTTPS works consistently
-# the other runtime dependencies for Python are installed later
-RUN apk add --no-cache ca-certificates
+# install libressl so that HTTPS works on Alpine <3.7
+# RUN apk add --no-cache libressl
 
 ENV GPG_KEY 97FC712E4C024BBEA48A61ED3A5CA953F73C700D
 ENV PYTHON_VERSION 3.4.8
 
 RUN set -ex \
 	&& apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		libressl \
 		tar \
 		xz \
 	\
@@ -48,7 +46,6 @@ RUN set -ex \
 		gdbm-dev \
 		libc-dev \
 		libffi-dev \
-		libressl \
 		libressl-dev \
 		linux-headers \
 		make \
@@ -107,13 +104,9 @@ RUN cd /usr/local/bin \
 ENV PYTHON_PIP_VERSION 10.0.1
 
 RUN set -ex; \
-	\
-	apk add --no-cache --virtual .fetch-deps libressl; \
 	\
 	wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
 	\
-	apk del .fetch-deps; \
-	\
 	python get-pip.py \
 		--disable-pip-version-check \
 		--no-cache-dir \

3.4/alpine3.8/Dockerfile

@@ -13,17 +13,15 @@ ENV PATH /usr/local/bin:$PATH
 # > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
 ENV LANG C.UTF-8
 
-# install ca-certificates so that HTTPS works consistently
-# the other runtime dependencies for Python are installed later
-RUN apk add --no-cache ca-certificates
+# install libressl so that HTTPS works on Alpine <3.7
+# RUN apk add --no-cache libressl
 
 ENV GPG_KEY 97FC712E4C024BBEA48A61ED3A5CA953F73C700D
 ENV PYTHON_VERSION 3.4.8
 
 RUN set -ex \
 	&& apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		libressl \
 		tar \
 		xz \
 	\
@@ -48,7 +46,6 @@ RUN set -ex \
 		gdbm-dev \
 		libc-dev \
 		libffi-dev \
-		libressl \
 		libressl-dev \
 		linux-headers \
 		make \
@@ -107,13 +104,9 @@ RUN cd /usr/local/bin \
 ENV PYTHON_PIP_VERSION 10.0.1
 
 RUN set -ex; \
-	\
-	apk add --no-cache --virtual .fetch-deps libressl; \
 	\
 	wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
 	\
-	apk del .fetch-deps; \
-	\
 	python get-pip.py \
 		--disable-pip-version-check \
 		--no-cache-dir \

3.5/alpine3.7/Dockerfile

@@ -13,17 +13,15 @@ ENV PATH /usr/local/bin:$PATH
 # > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
 ENV LANG C.UTF-8
 
-# install ca-certificates so that HTTPS works consistently
-# the other runtime dependencies for Python are installed later
-RUN apk add --no-cache ca-certificates
+# install libressl so that HTTPS works on Alpine <3.7
+# RUN apk add --no-cache libressl
 
 ENV GPG_KEY 97FC712E4C024BBEA48A61ED3A5CA953F73C700D
 ENV PYTHON_VERSION 3.5.5
 
 RUN set -ex \
 	&& apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		libressl \
 		tar \
 		xz \
 	\
@@ -48,7 +46,6 @@ RUN set -ex \
 		gdbm-dev \
 		libc-dev \
 		libffi-dev \
-		libressl \
 		libressl-dev \
 		linux-headers \
 		make \
@@ -107,13 +104,9 @@ RUN cd /usr/local/bin \
 ENV PYTHON_PIP_VERSION 10.0.1
 
 RUN set -ex; \
-	\
-	apk add --no-cache --virtual .fetch-deps libressl; \
 	\
 	wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
 	\
-	apk del .fetch-deps; \
-	\
 	python get-pip.py \
 		--disable-pip-version-check \
 		--no-cache-dir \

3.5/alpine3.8/Dockerfile

@@ -13,17 +13,15 @@ ENV PATH /usr/local/bin:$PATH
 # > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
 ENV LANG C.UTF-8
 
-# install ca-certificates so that HTTPS works consistently
-# the other runtime dependencies for Python are installed later
-RUN apk add --no-cache ca-certificates
+# install libressl so that HTTPS works on Alpine <3.7
+# RUN apk add --no-cache libressl
 
 ENV GPG_KEY 97FC712E4C024BBEA48A61ED3A5CA953F73C700D
 ENV PYTHON_VERSION 3.5.5
 
 RUN set -ex \
 	&& apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		openssl \
 		tar \
 		xz \
 	\
@@ -48,7 +46,6 @@ RUN set -ex \
 		gdbm-dev \
 		libc-dev \
 		libffi-dev \
-		openssl \
 		openssl-dev \
 		linux-headers \
 		make \
@@ -107,13 +104,9 @@ RUN cd /usr/local/bin \
 ENV PYTHON_PIP_VERSION 10.0.1
 
 RUN set -ex; \
-	\
-	apk add --no-cache --virtual .fetch-deps openssl; \
 	\
 	wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
 	\
-	apk del .fetch-deps; \
-	\
 	python get-pip.py \
 		--disable-pip-version-check \
 		--no-cache-dir \

3.6/alpine3.6/Dockerfile

@@ -13,17 +13,15 @@ ENV PATH /usr/local/bin:$PATH
 # > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
 ENV LANG C.UTF-8
 
-# install ca-certificates so that HTTPS works consistently
-# the other runtime dependencies for Python are installed later
-RUN apk add --no-cache ca-certificates
+# install libressl so that HTTPS works on Alpine <3.7
+RUN apk add --no-cache libressl
 
 ENV GPG_KEY 0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
 ENV PYTHON_VERSION 3.6.6
 
 RUN set -ex \
 	&& apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		libressl \
 		tar \
 		xz \
 	\
@@ -48,7 +46,6 @@ RUN set -ex \
 		gdbm-dev \
 		libc-dev \
 		libffi-dev \
-		libressl \
 		libressl-dev \
 		linux-headers \
 		make \
@@ -107,13 +104,9 @@ RUN cd /usr/local/bin \
 ENV PYTHON_PIP_VERSION 10.0.1
 
 RUN set -ex; \
-	\
-	apk add --no-cache --virtual .fetch-deps libressl; \
 	\
 	wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
 	\
-	apk del .fetch-deps; \
-	\
 	python get-pip.py \
 		--disable-pip-version-check \
 		--no-cache-dir \

3.6/alpine3.7/Dockerfile

@@ -13,17 +13,15 @@ ENV PATH /usr/local/bin:$PATH
 # > At the moment, setting "LANG=C" on a Linux system *fundamentally breaks Python 3*, and that's not OK.
 ENV LANG C.UTF-8
 
-# install ca-certificates so that HTTPS works consistently
-# the other runtime dependencies for Python are installed later
-RUN apk add --no-cache ca-certificates
+# install libressl so that HTTPS works on Alpine <3.7
+# RUN apk add --no-cache libressl
 
 ENV GPG_KEY 0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D
 ENV PYTHON_VERSION 3.6.6
 
 RUN set -ex \
 	&& apk add --no-cache --virtual .fetch-deps \
 		gnupg \
-		libressl \
 		tar \
 		xz \
 	\
@@ -49,7 +47,6 @@ RUN set -ex \
 		libc-dev \
 		libffi-dev \
 		libnsl-dev \
-		libressl \
 		libressl-dev \
 		libtirpc-dev \
 		linux-headers \
@@ -109,13 +106,9 @@ RUN cd /usr/local/bin \
 ENV PYTHON_PIP_VERSION 10.0.1
 
 RUN set -ex; \
-	\
-	apk add --no-cache --virtual .fetch-deps libressl; \
 	\
 	wget -O get-pip.py 'https://bootstrap.pypa.io/get-pip.py'; \
 	\
-	apk del .fetch-deps; \
-	\
 	python get-pip.py \
 		--disable-pip-version-check \
 		--no-cache-dir \