diff --git a/Dockerfile b/Dockerfile index 0251359..3dd1bbc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,14 @@ FROM gcr.io/gcp-runtimes/go1-builder:1.13 as builder ENV PATH "/usr/local/go/bin:$PATH" +# Inject custom root certificate authorities if needed. +# Docker does not have a good conditional copy statement and requires that a +# source file exists to complete the copy function without error. Therefore, the +# README.md file will be copied to the image every time even if there are no +# .crt files. +COPY ./certs/* /usr/local/share/ca-certificates/ +RUN update-ca-certificates + WORKDIR /workspace # Copy the Go Modules manifests COPY go.mod go.mod diff --git a/certs/README.md b/certs/README.md new file mode 100644 index 0000000..2a07450 --- /dev/null +++ b/certs/README.md @@ -0,0 +1,8 @@ +# Additional Docker image root certificate authorities + +If you require additional certificate authorities for your Docker image: +* Add ASCII PEM encoded .crt files to this directory + * The files will be copied into your docker image at build time. + +To update manually copy the `.crt` files to `/usr/local/share/ca-certificates/` +and run `sudo update-ca-certificates`. diff --git a/images/jump-host/Dockerfile b/images/jump-host/Dockerfile index bd55285..ebc0715 100644 --- a/images/jump-host/Dockerfile +++ b/images/jump-host/Dockerfile @@ -1,9 +1,18 @@ ARG BASE_IMAGE=gcr.io/google-appengine/python FROM ${BASE_IMAGE} +# Inject custom root certificate authorities if needed. +# Docker does not have a good conditional copy statement and requires that a +# source file exists to complete the copy function without error. Therefore, the +# README.md file will be copied to the image every time even if there are no +# .crt files. +COPY ./certs/* /usr/local/share/ca-certificates/ +RUN update-ca-certificates + RUN apt-get update RUN apt-get install -y --no-install-recommends jq +RUN pip3 config set global.cert /etc/ssl/certs/ca-certificates.crt RUN pip3 install requests python-dateutil redfishtool CMD ["/bin/bash"]