Skip to content

Commit

Permalink
Make sure we have some trusted domain CAs trusted (#29)
Browse files Browse the repository at this point in the history
  • Loading branch information
@joecorall
joecorall authored Aug 8, 2024
1 parent aae1590 commit ae6f345
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 5 deletions.
2 changes: 2 additions & 0 deletions .dockerignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,5 @@ scyllaridae
.git
.github
gha-creds-*.json
ci
fixtures
8 changes: 3 additions & 5 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,12 @@ RUN apk update && \
curl==8.9.0-r0 \
bash==5.2.26-r0 \
ca-certificates==20240705-r0 \
openssl==3.3.1-r3 && \
openssl s_client -connect helloworld.letsencrypt.org:443 -showcerts </dev/null 2>/dev/null | sed -e '/-----BEGIN/,/-----END/!d' | tee "/usr/local/share/ca-certificates/letsencrypt.crt" >/dev/null && \
update-ca-certificates

openssl==3.3.1-r3
COPY . ./
RUN go mod download && \
go build -o /app/scyllaridae && \
go clean -cache -modcache
go clean -cache -modcache && \
./ca-certs.sh

ENTRYPOINT ["/bin/bash"]
CMD ["/app/docker-entrypoint.sh"]
25 changes: 25 additions & 0 deletions ca-certs.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/usr/bin/env bash

set -eou pipefail

COUNT=0
DOMAINS=(
"preserve.lehigh.edu"
"helloworld.letsencrypt.org"
"www.libops.io"
"sandbox.islandora.ca"
)
for DOMAIN in "${DOMAINS[@]}"; do
echo $DOMAIN
CERTS=$(openssl s_client -connect "$DOMAIN:443" -showcerts </dev/null 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p')
while read -r CERT; do
if [[ "$CERT" == *"BEGIN CERTIFICATE"* ]]; then
FILENAME="/usr/local/share/ca-certificates/ca_$COUNT.crt"
COUNT=$(( COUNT + 1 ))
rm -f "$FILENAME"
fi
echo "$CERT" >> "$FILENAME"
done <<< "$CERTS"
done

update-ca-certificates

0 comments on commit ae6f345

Please sign in to comment.