All geek questions in one place

Does Alpine Linux control certificates differently than Busybox?

I started with the base image errordeveloper / oracle-jdk. This Docker file is shown here for reference:

FROM progrium/busybox MAINTAINER Ilya Dmitrichenko < errordeveloper@gmail.com > RUN opkg-install curl ca-certificates ENV JAVA_HOME /usr/jdk1.8.0_31 RUN curl \ --silent \ --location \ --retry 3 \ --cacert /etc/ssl/certs/GeoTrust_Global_CA.crt \ --header "Cookie: oraclelicense=accept-securebackup-cookie;" \ "http://download.oracle.com/otn-pub/java/jdk/8u31-b13/jdk-8u31-linux-x64.tar.gz" \ | gunzip \ | tar x -C /usr/ \ && ln -s $JAVA_HOME /usr/java \ && rm -rf $JAVA_HOME/src.zip $JAVA_HOME/javafx-src.zip $JAVA_HOME/man ENV PATH ${PATH}:${JAVA_HOME}/bin ENTRYPOINT [ "java" ] CMD [ "-version" ]

I would like to move this to Alpine Linux, so a made the following changes:

 FROM alpine MAINTAINER Ilya Dmitrichenko < errordeveloper@gmail.com > RUN apk --update upgrade && apk add curl ca-certificates && rm -rf /var/cache/apk/* ENV JAVA_HOME /usr/jdk1.8.0_31 RUN curl \ --silent \ --location \ --retry 3 \ --cacert /etc/ssl/certs/GeoTrust_Global_CA.crt \ --header "Cookie: oraclelicense=accept-securebackup-cookie;" \ "http://download.oracle.com/otn-pub/java/jdk/8u31-b13/jdk-8u31-linux-x64.tar.gz" \ | gunzip \ | tar x -C /usr/ \ && ln -s $JAVA_HOME /usr/java \ && rm -rf $JAVA_HOME/src.zip $JAVA_HOME/javafx-src.zip $JAVA_HOME/man ENV PATH ${PATH}:${JAVA_HOME}/bin ENTRYPOINT [ "java" ] CMD [ "-version" ]

I basically modified the package management tool to pull curls and ca certificates.

After confirming that the original assemblies were cleaned up on my machine (it does), I tried my version and received this error: (I turned off - on the flap to see it)

 Step 4 : RUN curl --location --retry 3 --cacert /etc/ssl/certs/GeoTrust_Global_CA.crt --header "Cookie: oraclelicense=accept-securebackup-cookie;" "http://download.oracle.com/otn-pub/java/jdk/8u31-b13/server-jre-8u31-linux-x64.tar.gz" | gunzip | tar x -C /usr/ && ln -s $JAVA_HOME /usr/java && rm -rf $JAVA_HOME/man ---> Running in c91e4939f851 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (77) error setting certificate verify locations: CAfile: /etc/ssl/certs/GeoTrust_Global_CA.crt CApath: none gunzip: invalid magic tar: short read The command '/bin/sh -c curl --location --retry 3 --cacert /etc/ssl/certs/GeoTrust_Global_CA.crt --header "Cookie: oraclelicense=accept-securebackup-cookie;" "http://download.oracle.com/otn-pub/java/jdk/8u31-b13/server-jre-8u31-linux-x64.tar.gz" | gunzip | tar x -C /usr/ && ln -s $JAVA_HOME /usr/java && rm -rf $JAVA_HOME/man' returned a non-zero code: 1

Is there something else here Alpine? Why can my curl / certs crash?

+5
source share
1 answer

To make sure that CA certificates are created / updated where they should, try adding (after this answer ) update-ca-certificates :

 apk add ca-certificates update-ca-certificates

In your case:

 RUN apk --update upgrade && \ apk add curl ca-certificates && \ update-ca-certificates && \ rm -rf /var/cache/apk/*
+13
source

Source: https://habr.com/ru/post/1234550/

More articles:


All Articles