Resolved x509 missing cacert issue with docker tf init

commitdev · Nov 10, 2019 · 581854b · 581854b
1 parent 4be488c
commit 581854b
Show file tree

Hide file tree

Showing 4 changed files with 3,512 additions and 45 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -47,20 +47,30 @@ RUN pip install awscli
 RUN chmod +x /usr/local/bin/* && \
   upx --lzma /usr/local/bin/*
 
+
+RUN mkdir -p /home/certs/curl
+COPY /certs/curl/cacert.pem /home/certs/curl/
+
 WORKDIR tmp/commit0
 COPY . .
+
 RUN make build-deps && make build && \
   mv commit0 /usr/local/bin && \
   upx --lzma /usr/local/bin/commit0
 
 FROM alpine:3.10
 ENV \
   PROTOBUF_VERSION=3.6.1-r1 \
-  GOPATH=/proto-libs
+  GOPATH=/proto-libs \
+  CURL_CA_BUNDLE=/home/certs/curl/cacert.pem \
+  SSL_CERT_DIR=/home/certs/curl \
+  SSL_CERT_FILE=cacert.pem
+
 RUN mkdir ${GOPATH}
 COPY --from=builder /usr/local/bin /usr/local/bin
 COPY --from=builder /usr/local/include /usr/local/include
 COPY --from=builder /go/src/github.com/grpc-ecosystem/grpc-gateway ${GOPATH}/src/github.com/grpc-ecosystem/grpc-gateway
+COPY --from=builder /home/certs/curl /home/certs/curl
 WORKDIR /project
 RUN apk add --update --no-cache make protobuf=${PROTOBUF_VERSION} && \
   rm -rf /var/cache/apk/*

diff --git a/certs/curl/README.md b/certs/curl/README.md
@@ -0,0 +1,9 @@
+# Terraform init x509 issue 
+
+```
+x509: certificate signed by unknown authority.
+```
+
+[Curl PEM issue solution](https://github.com/hashicorp/terraform/issues/10779#issuecomment-304664405)
+[Go x509 issue solution](https://stackoverflow.com/a/29295887/2990066)
+[Go x509 envar setup](https://golang.org/src/crypto/x509/root_unix.go)