Skip to content

Simplify from scratch docker - use built in go CA bundle#146

Merged
ldemailly merged 9 commits intomainfrom
ca_bundle
Jun 23, 2024
Merged

Simplify from scratch docker - use built in go CA bundle#146
ldemailly merged 9 commits intomainfrom
ca_bundle

Conversation

@ldemailly
Copy link
Copy Markdown
Member

@ldemailly ldemailly commented Jun 23, 2024
edited
Loading

Fixes #145

  • adding local docker test: shows: 
    18:21:00 [E] 2: Error fetching 192.9.142.5: Get "https://debug.fortio.org/build-test": tls: failed to verify certificate: x509: 
certificate signed by unknown authority
    when missing CA bundle
  • remove the certs alpine docker step and test should fail
  • replace it by _ "golang.org/x/crypto/x509roots/fallback" import
  • move that to cli so it applies to all

ldemailly added 2 commits June 23, 2024 09:05
@ldemailly
adding local docker test - before addressing #145
ad3d4b4
@ldemailly
remove alpine
43a11fd 
test/connect will fail with 16:07:44 [E] 1: Error fetching 18.222.136.83: Get "https://debug.fortio.org/build-test": tls: failed to verify certificate: x509: certificate signed by unknown authority
@ldemailly ldemailly mentioned this pull request Jun 23, 2024
Merged
@ldemailly ldemailly requested a review from hhhapz June 23, 2024 18:29
ldemailly added a commit to fortio/cli that referenced this pull request Jun 23, 2024
@ldemailly
Add the CA bundle auto fallback for FROM scratch docker from fortio/m…
791dfb6 
…ulticurl#146 here
@ldemailly ldemailly mentioned this pull request Jun 23, 2024
Merged
@ldemailly
Copy link
Copy Markdown
Member Author

ldemailly commented Jun 23, 2024

negative test to test the build tag from fortio/cli#31

$ make no-bundle-failing-test
CGO_ENABLED=0 GOOS=linux go build -a -tags no_tls_fallback .
docker build -t fortio/multicurl:local -f Dockerfile .
[+] Building 0.1s (5/5) FINISHED                                                                                                                                                      docker:desktop-linux
 => [internal] load build definition from Dockerfile                                                                                                                                                  0.0s
 => => transferring dockerfile: 118B                                                                                                                                                                  0.0s
 => [internal] load .dockerignore                                                                                                                                                                     0.0s
 => => transferring context: 2B                                                                                                                                                                       0.0s
 => [internal] load build context                                                                                                                                                                     0.1s
 => => transferring context: 7.46MB                                                                                                                                                                   0.1s
 => [1/1] COPY multicurl /usr/bin/multicurl                                                                                                                                                           0.0s
 => exporting to image                                                                                                                                                                                0.0s
 => => exporting layers                                                                                                                                                                               0.0s
 => => writing image sha256:29cbb54a02b023d0b55dd66c1a05ca8e056b72bb90c7e1b05e9cbe2968540713                                                                                                          0.0s
 => => naming to docker.io/fortio/multicurl:local                                                                                                                                                     0.0s

View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/d457fpg80e9q8llpbu1u1qi7a

What's next:
    View a summary of image vulnerabilities and recommendations → docker scout quickview 
docker run --rm fortio/multicurl:local -4 https://debug.fortio.org/build-test
19:19:05 [I] Fortio multicurl dev  go1.22.4 arm64 linux, using resolver ip4, GET https://debug.fortio.org/build-test
19:19:05 [I] Resolved ip4 debug.fortio.org:https to port 443 and 3 addresses [192.9.227.83 18.222.136.83 192.9.142.5]
19:19:05 [E] 1: Error fetching 192.9.227.83: Get "https://debug.fortio.org/build-test": tls: failed to verify certificate: x509: certificate signed by unknown authority
19:19:05 [E] 2: Error fetching 18.222.136.83: Get "https://debug.fortio.org/build-test": tls: failed to verify certificate: x509: certificate signed by unknown authority
19:19:05 [E] 3: Error fetching 192.9.142.5: Get "https://debug.fortio.org/build-test": tls: failed to verify certificate: x509: certificate signed by unknown authority
19:19:05 [E] [1] 3 errors (0 warnings)
19:19:05 [E] Reached max repeat 0
19:19:05 [I] Total iterations: 1, errors: 3, warnings 0
make: *** [test-local-image] Error 3

ldemailly added a commit to fortio/cli that referenced this pull request Jun 23, 2024
@ldemailly
Add the CA bundle auto fallback for FROM scratch docker from multicur…
cc90dd3 
…l to here (#31)

* Add the CA bundle auto fallback for FROM scratch docker from fortio/multicurl#146 here

* move to a seperate file and use negative build tag - thx @hhhapz
@ldemailly ldemailly merged commit 1815f10 into main Jun 23, 2024
@ldemailly ldemailly deleted the ca_bundle branch June 23, 2024 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@hhhapz hhhapz hhhapz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

(build) CA bundle from go itself

2 participants

@ldemailly @hhhapz