小贝子编程

如何在docker构建过程中指定和使用证书文件



我的公司刚刚更新了我们的安全性,现在我们需要添加自定义证书文件的使用。我的本地docker构建现在无法在构建过程中下载包。为了解决这个问题,我需要在docker构建中使用一个cert文件。

如果我在这篇文章的结尾尝试用Dockerfile构建图像,我会得到以下错误,表明权限被拒绝,因为它需要证书-

=> ERROR [4/4] RUN apk update && apk upgrade                                                                                                            0.3s
------                                                                                                                                                        
> [4/4] RUN apk update && apk upgrade:                                                                                                                       
#8 0.194 fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/x86_64/APKINDEX.tar.gz                                                                        
#8 0.232 140008555400008:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1913:
#8 0.233 ERROR: https://dl-cdn.alpinelinux.org/alpine/v3.14/main: Permission denied
#8 0.233 WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.14/main: No such file or directory
#8 0.233 fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/x86_64/APKINDEX.tar.gz
#8 0.273 140008555400008:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1913:
#8 0.273 ERROR: https://dl-cdn.alpinelinux.org/alpine/v3.14/community: Permission denied
#8 0.273 WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.14/community: No such file or directory
#8 0.273 2 errors; 14 distinct packages available

如果我注释掉RUN apk update && apk upgrade,它就会构建。我shell到容器中,手动运行export SSL_CERT_FILE=~/trusted-certs.pem,然后手动运行apk update && apk upgrade,它将执行apk安装。

我尝试过使用ENV和ARG,但也没有成功。

如果我像RUN SSL_CERT_FILE=~/biw-trusted-certs.pem apk update && SSL_CERT_FILE=~/biw-trusted-certs.pem apk upgrade这样更新Dockerfile中的apk命令,它将在构建过程中工作,但添加到所有apk命令中会很乏味。

我确实需要这个在Alpine linux中工作。

我的Dockerfile-

FROM alpine:3.14.1
COPY trusted-certs.pem ~/trusted-certs.pem
#ARG SSL_CERT_FILE=~/trusted-certs.pem
#ENV SSL_CERT_FILE=~/trusted-certs.pem
RUN export SSL_CERT_FILE=~/trusted-certs.pem
RUN apk update && apk upgrade

我终于想通了。

所有工作与此-

FROM alpine:3.14.1
COPY trusted-certs.pem /root/trusted-certs.pem
RUN SSL_CERT_FILE=~/trusted-certs.pem apk add ca-certificates
RUN update-ca-certificates
RUN apk update && apk upgrade
RUN apk add curl
RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip

更清洁:

FROM alpine
COPY ./trusted-certs.pem /usr/local/share/ca-certificates/
RUN cat /usr/local/share/ca-certificates/trusted-certs.pem >> /etc/ssl/certs/ca-certificates.crt
RUN apk update && apk add --no-cache jq
RUN apk add curl
RUN curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium