-
Notifications
You must be signed in to change notification settings - Fork 24.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve Docker image's cacert scripting (#81659)
Apply suggestions from Docker Inc about how to update the `cacerts` in our Ubuntu-based Docker image. Instead of copying around files and symlinking, instead install `ca-certificates` and `p11-kit`, and use the latter to regenerate Java's `cacerts`, as well as ensuring it is regenerated if the system ca certs are updated.
- Loading branch information
1 parent
d6ba4a0
commit 19a27b1
Showing
4 changed files
with
40 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -Eeuo pipefail | ||
|
||
# Update "cacerts" bundle to use Ubuntu's CA certificates (and make sure it | ||
# stays up-to-date with changes to Ubuntu's store) | ||
|
||
trust extract \ | ||
--overwrite \ | ||
--format=java-cacerts \ | ||
--filter=ca-anchors \ | ||
--purpose=server-auth \ | ||
/usr/share/elasticsearch/jdk/lib/security/cacerts |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
pr: 81659 | ||
summary: Improve Docker image's cacert scripting | ||
area: Packaging | ||
type: enhancement | ||
issues: [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters