Skip to content

add root certificates to Alpine images #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 29, 2016
Merged

add root certificates to Alpine images #99

merged 2 commits into from
Jun 29, 2016

Conversation

@jmhodges
Copy link
Contributor

@jmhodges jmhodges commented Jun 29, 2016

Fixes #96 (and the duplicate #97).

This allows Go's HTTP library to make HTTPS client connections with secure certificate validation. Without this change, net/http in these images return the error "x509: failed to load system roots and no roots provided".

This adds 0.6MB to the image (as measured with docker history).

@jmhodges
add root certificates to Alpine images
029d980 
Fixes docker-library#96 (and the duplicate docker-library#97).

This allows Go's HTTP library to make HTTPS client connections with secure
certificate validation. Without this change, `net/http` in these images return
the error `"x509: failed to load system roots and no roots provided"`.

This adds 0.6MB to the image (as measured with docker history).
yosifkit
yosifkit reviewed Jun 29, 2016
View reviewed changes
1.5/alpine/Dockerfile Outdated
ENV GOLANG_SRC_SHA256 002acabce7ddc140d0d55891f9d4fcfbdd806b9332fb8b110c91bc91afb0bc93

RUN set -ex \
&& apk add --no-cache ca-certificates \
Copy link
Member

@yosifkit yosifkit Jun 29, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should just make this a separate RUN above the ENV lines. We are already downloading the apk cache twice and this will let us share the layer between the go versions and might even work for other images from alpine:3.4

Copy link
Contributor Author

@jmhodges jmhodges Jun 29, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will do!

@jmhodges
Copy link
Contributor Author

jmhodges commented Jun 29, 2016

Feedback handled!

Let me know what you think.

@yosifkit
Copy link
Member

yosifkit commented Jun 29, 2016

LGTM

ping @tianon

@tianon
Copy link
Member

tianon commented Jun 29, 2016

Indeed, net/http is a fair argument. 👍

LGTM, thanks!

@tianon tianon merged commit 5a84ebf into docker-library:master Jun 29, 2016
@jmhodges
Copy link
Contributor Author

jmhodges commented Jun 30, 2016

Thank you!

tianon added a commit to infosiftr/stackbrew that referenced this pull request Jul 1, 2016
@tianon
Update docker-library images
b8b5b5d 
- `docker`: ootb support for `--userns-remap=default` (docker-library/docker#13)
- `elasticsearch`: 5.0.0-alpha4
- `golang`: Alpine `ca-certificates` (esp. for `net/http` usage; docker-library/golang#99)
- `hello-seattle`: use C for multi-architecture compatibility (docker-library/hello-world#17)
- `hello-world`: use C for multi-architecture compatibility (docker-library/hello-world#17)
- `hola-mundo`: use C for multi-architecture compatibility (docker-library/hello-world#17)
- `kibana`: 5.0.0-alpha4
- `logstash`: 5.0.0-alpha4
- `mariadb`: 10.1.15
- `owncloud`: 9.0.3, 8.2.6
- `python`: remove double-`pip` (docker-library/python#121)
- `rocket.chat`: 0.35.0
@tianon tianon mentioned this pull request Jul 1, 2016
Merged
tianon added a commit to infosiftr/stackbrew that referenced this pull request Jul 1, 2016
@tianon
Update docker-library images
f31c9a8 
- `docker`: ootb support for `--userns-remap=default` (docker-library/docker#13)
- `elasticsearch`: 5.0.0-alpha4
- `golang`: Alpine `ca-certificates` (esp. for `net/http` usage; docker-library/golang#99)
- `hello-seattle`: use C for multi-architecture compatibility (docker-library/hello-world#17)
- `hello-world`: use C for multi-architecture compatibility (docker-library/hello-world#17)
- `hola-mundo`: use C for multi-architecture compatibility (docker-library/hello-world#17)
- `kibana`: 5.0.0-alpha4
- `logstash`: 5.0.0-alpha4
- `mariadb`: 10.1.15
- `owncloud`: 9.0.3, 8.2.6
- `python`: remove double-`pip` (docker-library/python#121)
- `rocket.chat`: 0.35.0
stuart-c pushed a commit to stuart-c/official-images that referenced this pull request Jul 2, 2016
@tianon @stuart-c
Update docker-library images
2564111 
- `docker`: ootb support for `--userns-remap=default` (docker-library/docker#13)
- `elasticsearch`: 5.0.0-alpha4
- `golang`: Alpine `ca-certificates` (esp. for `net/http` usage; docker-library/golang#99)
- `hello-seattle`: use C for multi-architecture compatibility (docker-library/hello-world#17)
- `hello-world`: use C for multi-architecture compatibility (docker-library/hello-world#17)
- `hola-mundo`: use C for multi-architecture compatibility (docker-library/hello-world#17)
- `kibana`: 5.0.0-alpha4
- `logstash`: 5.0.0-alpha4
- `mariadb`: 10.1.15
- `owncloud`: 9.0.3, 8.2.6
- `python`: remove double-`pip` (docker-library/python#121)
- `rocket.chat`: 0.35.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jmhodges @yosifkit @tianon