Home Esplora Aiuto
Accedi
fphammerle
/
docker-toit
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

uninstall `ca-certificates` package after download (cert pinned in `toit` executable)

Fabian Peter Hammerle 3 anni fa
parent
cae257eb92
commit
32ca261867
1 ha cambiato i file con 11 aggiunte e 9 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 11 9
      Dockerfile

+ 11 - 9
Dockerfile
Vedi File 

@@ -1,17 +1,19 @@
 
 # TODO test alpine base image
 
 FROM docker.io/debian:bullseye-slim
 
 
-# TODO test if ca-certificates is required at runtime (cert pinned?)
 
+# > $ grep -azoP -- '\-+BEGIN CERTIFICATE\-+[\sa-zA-Z0-9\+/]+\=*\s\-+END CERTIFICATE\-+\s' \
 
+# >   /usr/local/bin/toit | openssl x509 -noout -serial -subject -issuer -dates -fingerprint
 
+# > serial=02008EB2023336658B64CDDB9B
 
+# > subject=C = US, O = Google Trust Services LLC, CN = GTS CA 1D4
 
+# > issuer=C = US, O = Google Trust Services LLC, CN = GTS Root R1
 
+# > notBefore=Aug 13 00:00:42 2020 GMT
 
+# > notAfter=Sep 30 00:00:42 2027 GMT
 
+# > SHA1 Fingerprint=34:9C:38:5F:F8:E3:30:F2:0E:AD:73:3C:D3:6F:B4:35:FE:E0:B4:03
 
 RUN apt-get update \
 
-    && apt-get install --no-install-recommends --yes \
 
-        curl
 
-# TODO merge
 
-RUN apt-get install --no-install-recommends --yes \
 
-        ca-certificates
 
-# TODO merge
 
-RUN curl https://archive.toit.io/cli/v1.18.2/linux \
 
+    && apt-get install --no-install-recommends --yes ca-certificates curl \
 
+    && curl https://archive.toit.io/cli/v1.18.2/linux \
 
         | tar -xvzf - -C /usr/local/bin \
 
-    && apt-get install --autoremove --yes curl \
 
+    && apt-get install --autoremove --yes ca-certificates curl \
 
     && rm -r /var/lib/apt/lists/*
 
 
 # TODO change user