osbuild-run: generate /etc/pki/tls/certs/ca-bundle.crt

There's no need to bind mount the full /etc/pki from the host. This file
can be generated from /usr.

osbuild-run

@@ -1,5 +1,6 @@
 #!/usr/bin/python3
 
+import os
 import subprocess
 import sys
 
@@ -14,6 +15,12 @@ except subprocess.CalledProcessError as error:
     sys.stderr.write(error.stdout)
     sys.exit(1)
 
+# generate /etc/pki/tls/certs/ca-bundle.crt
+os.makedirs("/etc/pki/ca-trust/extracted/pem")
+os.makedirs("/etc/pki/tls/certs")
+os.symlink("/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", "/etc/pki/tls/certs/ca-bundle.crt")
+subprocess.run(["update-ca-trust"])
+
 # Allow systemd-tmpfiles to return non-0. Some packages want to create
 # directories owned by users that are not set up with systemd-sysusers.
 subprocess.run(["systemd-tmpfiles", "--create"])

samples/base.json

@@ -3,7 +3,6 @@
   "stages": [
     {
       "name": "io.weldr.dnf",
-      "systemResourcesFromEtc": ["/etc/pki"],
       "options": {
         "releasever": "30",
         "repos": {

test/1-create-base.json

@@ -3,7 +3,6 @@
   "stages": [
     {
       "name": "io.weldr.dnf",
-      "systemResourcesFromEtc": ["/etc/pki"],
       "options": {
         "releasever": "30",
         "repos": {

test/4-all.json

@@ -3,7 +3,6 @@
   "stages": [
     {
       "name": "io.weldr.dnf",
-      "systemResourcesFromEtc": ["/etc/pki"],
       "options": {
         "releasever": "30",
         "repos": {