add root certificates to Alpine images #99
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes docker-library#96 (and the duplicate docker-library#97). This allows Go's HTTP library to make HTTPS client connections with secure certificate validation. Without this change, `net/http` in these images return the error `"x509: failed to load system roots and no roots provided"`. This adds 0.6MB to the image (as measured with docker history).
jmhodges
force-pushed
the
add_certificates
branch
from
7576d33 to
029d980
Compare
| @@ -5,9 +5,9 @@ ENV GOLANG_SRC_URL https://golang.org/dl/go$GOLANG_VERSION.src.tar.gz | |||
| ENV GOLANG_SRC_SHA256 002acabce7ddc140d0d55891f9d4fcfbdd806b9332fb8b110c91bc91afb0bc93 | |||
|
|
|||
| RUN set -ex \ | |||
| && apk add --no-cache ca-certificates \ | |||
There was a problem hiding this comment.
We should just make this a separate RUN above the ENV lines. We are already downloading the apk cache twice and this will let us share the layer between the go versions and might even work for other images from alpine:3.4
|
Feedback handled! Let me know what you think. |
|
LGTM ping @tianon |
|
Indeed, LGTM, thanks! |
|
Thank you! |
tianon
added a commit
to infosiftr/stackbrew
that referenced
this pull request
Jul 1, 2016
- `docker`: ootb support for `--userns-remap=default` (docker-library/docker#13) - `elasticsearch`: 5.0.0-alpha4 - `golang`: Alpine `ca-certificates` (esp. for `net/http` usage; docker-library/golang#99) - `hello-seattle`: use C for multi-architecture compatibility (docker-library/hello-world#17) - `hello-world`: use C for multi-architecture compatibility (docker-library/hello-world#17) - `hola-mundo`: use C for multi-architecture compatibility (docker-library/hello-world#17) - `kibana`: 5.0.0-alpha4 - `logstash`: 5.0.0-alpha4 - `mariadb`: 10.1.15 - `owncloud`: 9.0.3, 8.2.6 - `python`: remove double-`pip` (docker-library/python#121) - `rocket.chat`: 0.35.0
tianon
added a commit
to infosiftr/stackbrew
that referenced
this pull request
Jul 1, 2016
- `docker`: ootb support for `--userns-remap=default` (docker-library/docker#13) - `elasticsearch`: 5.0.0-alpha4 - `golang`: Alpine `ca-certificates` (esp. for `net/http` usage; docker-library/golang#99) - `hello-seattle`: use C for multi-architecture compatibility (docker-library/hello-world#17) - `hello-world`: use C for multi-architecture compatibility (docker-library/hello-world#17) - `hola-mundo`: use C for multi-architecture compatibility (docker-library/hello-world#17) - `kibana`: 5.0.0-alpha4 - `logstash`: 5.0.0-alpha4 - `mariadb`: 10.1.15 - `owncloud`: 9.0.3, 8.2.6 - `python`: remove double-`pip` (docker-library/python#121) - `rocket.chat`: 0.35.0
stuart-c
pushed a commit
to stuart-c/official-images
that referenced
this pull request
Jul 2, 2016
- `docker`: ootb support for `--userns-remap=default` (docker-library/docker#13) - `elasticsearch`: 5.0.0-alpha4 - `golang`: Alpine `ca-certificates` (esp. for `net/http` usage; docker-library/golang#99) - `hello-seattle`: use C for multi-architecture compatibility (docker-library/hello-world#17) - `hello-world`: use C for multi-architecture compatibility (docker-library/hello-world#17) - `hola-mundo`: use C for multi-architecture compatibility (docker-library/hello-world#17) - `kibana`: 5.0.0-alpha4 - `logstash`: 5.0.0-alpha4 - `mariadb`: 10.1.15 - `owncloud`: 9.0.3, 8.2.6 - `python`: remove double-`pip` (docker-library/python#121) - `rocket.chat`: 0.35.0
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #96 (and the duplicate #97).
This allows Go's HTTP library to make HTTPS client connections with secure certificate validation. Without this change,
net/httpin these images return the error"x509: failed to load system roots and no roots provided".This adds 0.6MB to the image (as measured with docker history).