Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify from scratch docker - use built in go CA bundle #146

Merged
merged 9 commits into from
Jun 23, 2024
Merged

Simplify from scratch docker - use built in go CA bundle #146

merged 9 commits into from
Jun 23, 2024

Conversation

ldemailly
Copy link
Member

@ldemailly ldemailly commented Jun 23, 2024
edited
Loading

Fixes #145

  • adding local docker test: shows: 
    18:21:00 [E] 2: Error fetching 192.9.142.5: Get "https://debug.fortio.org/build-test": tls: failed to verify certificate: x509: 
certificate signed by unknown authority
    when missing CA bundle
  • remove the certs alpine docker step and test should fail
  • replace it by _ "golang.org/x/crypto/x509roots/fallback" import
  • move that to cli so it applies to all

ldemailly added 2 commits June 23, 2024 09:05
@ldemailly
adding local docker test - before addressing #145
ad3d4b4
@ldemailly
remove alpine
43a11fd 
test/connect will fail with 16:07:44 [E] 1: Error fetching 18.222.136.83: Get "https://debug.fortio.org/build-test": tls: failed to verify certificate: x509: certificate signed by unknown authority
@ldemailly ldemailly mentioned this pull request Jun 23, 2024
Merged
@ldemailly ldemailly requested a review from hhhapz June 23, 2024 18:29
ldemailly added a commit to fortio/cli that referenced this pull request Jun 23, 2024
@ldemailly
Add the CA bundle auto fallback for FROM scratch docker from fortio/m…
791dfb6 
…ulticurl#146 here
@ldemailly ldemailly mentioned this pull request Jun 23, 2024
Merged
@ldemailly
Copy link
Member Author

negative test to test the build tag from fortio/cli#31

$ make no-bundle-failing-test
CGO_ENABLED=0 GOOS=linux go build -a -tags no_tls_fallback .
docker build -t fortio/multicurl:local -f Dockerfile .
[+] Building 0.1s (5/5) FINISHED                                                                                                                                                      docker:desktop-linux
 => [internal] load build definition from Dockerfile                                                                                                                                                  0.0s
 => => transferring dockerfile: 118B                                                                                                                                                                  0.0s
 => [internal] load .dockerignore                                                                                                                                                                     0.0s
 => => transferring context: 2B                                                                                                                                                                       0.0s
 => [internal] load build context                                                                                                                                                                     0.1s
 => => transferring context: 7.46MB                                                                                                                                                                   0.1s
 => [1/1] COPY multicurl /usr/bin/multicurl                                                                                                                                                           0.0s
 => exporting to image                                                                                                                                                                                0.0s
 => => exporting layers                                                                                                                                                                               0.0s
 => => writing image sha256:29cbb54a02b023d0b55dd66c1a05ca8e056b72bb90c7e1b05e9cbe2968540713                                                                                                          0.0s
 => => naming to docker.io/fortio/multicurl:local                                                                                                                                                     0.0s

View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/d457fpg80e9q8llpbu1u1qi7a

What's next:
    View a summary of image vulnerabilities and recommendations → docker scout quickview 
docker run --rm fortio/multicurl:local -4 https://debug.fortio.org/build-test
19:19:05 [I] Fortio multicurl dev  go1.22.4 arm64 linux, using resolver ip4, GET https://debug.fortio.org/build-test
19:19:05 [I] Resolved ip4 debug.fortio.org:https to port 443 and 3 addresses [192.9.227.83 18.222.136.83 192.9.142.5]
19:19:05 [E] 1: Error fetching 192.9.227.83: Get "https://debug.fortio.org/build-test": tls: failed to verify certificate: x509: certificate signed by unknown authority
19:19:05 [E] 2: Error fetching 18.222.136.83: Get "https://debug.fortio.org/build-test": tls: failed to verify certificate: x509: certificate signed by unknown authority
19:19:05 [E] 3: Error fetching 192.9.142.5: Get "https://debug.fortio.org/build-test": tls: failed to verify certificate: x509: certificate signed by unknown authority
19:19:05 [E] [1] 3 errors (0 warnings)
19:19:05 [E] Reached max repeat 0
19:19:05 [I] Total iterations: 1, errors: 3, warnings 0
make: *** [test-local-image] Error 3

ldemailly added a commit to fortio/cli that referenced this pull request Jun 23, 2024
@ldemailly
Add the CA bundle auto fallback for FROM scratch docker from multicur…
cc90dd3 
…l to here (#31)

* Add the CA bundle auto fallback for FROM scratch docker from fortio/multicurl#146 here

* move to a seperate file and use negative build tag - thx @hhhapz
@ldemailly ldemailly merged commit 1815f10 into main Jun 23, 2024
5 checks passed
@ldemailly ldemailly deleted the ca_bundle branch June 23, 2024 19:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hhhapz hhhapz hhhapz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

(build) CA bundle from go itself
2 participants
@ldemailly @hhhapz