Adding the ability to inject certificate authorities into docker image

Change-Id: I06697ceabe5d24b1643ceb741a923aa1ee6977e2
2020-04-24 10:01:39 -05:00 · 2020-04-24 10:01:39 -05:00 · 11e94ce19f
commit 11e94ce19f
parent f555af3bf6
2 changed files with 13 additions and 0 deletions
--- a/7
+++ b/7
@ -2,6 +2,13 @@ ARG GO_IMAGE=docker.io/golang:1.13.1-stretch
 ARG RELEASE_IMAGE=scratch
 FROM ${GO_IMAGE} as builder

+# Inject custom root certificate authorities if needed
+# Docker does not have a good conditional copy statement and requires that a source file exists
+# to complete the copy function without error.  Therefore the README.md file will be copied to
+# the image every time even if there are no .crt files.
+COPY ./certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 SHELL [ "/bin/bash", "-cex" ]
 WORKDIR /usr/src/airshipctl

--- a/certs/README.md
+++ b/certs/README.md
@ -0,0 +1,6 @@
+# Additional Docker image root certificate authorities
+If you require additional certificate authorities for your Docker image:
+* Add ASCII PEM encoded .crt files to this directory
+  * The files will be copied into your docker image at build time.
+
+To update manually copy the .crt files to /usr/local/share/ca-certificates/ and run sudo update-ca-certificates.