|
|
@@ -1,17 +1,19 @@
|
|
|
# TODO test alpine base image
|
|
|
FROM docker.io/debian:bullseye-slim
|
|
|
|
|
|
-# TODO test if ca-certificates is required at runtime (cert pinned?)
|
|
|
+# > $ grep -azoP -- '\-+BEGIN CERTIFICATE\-+[\sa-zA-Z0-9\+/]+\=*\s\-+END CERTIFICATE\-+\s' \
|
|
|
+# > /usr/local/bin/toit | openssl x509 -noout -serial -subject -issuer -dates -fingerprint
|
|
|
+# > serial=02008EB2023336658B64CDDB9B
|
|
|
+# > subject=C = US, O = Google Trust Services LLC, CN = GTS CA 1D4
|
|
|
+# > issuer=C = US, O = Google Trust Services LLC, CN = GTS Root R1
|
|
|
+# > notBefore=Aug 13 00:00:42 2020 GMT
|
|
|
+# > notAfter=Sep 30 00:00:42 2027 GMT
|
|
|
+# > SHA1 Fingerprint=34:9C:38:5F:F8:E3:30:F2:0E:AD:73:3C:D3:6F:B4:35:FE:E0:B4:03
|
|
|
RUN apt-get update \
|
|
|
- && apt-get install --no-install-recommends --yes \
|
|
|
- curl
|
|
|
-# TODO merge
|
|
|
-RUN apt-get install --no-install-recommends --yes \
|
|
|
- ca-certificates
|
|
|
-# TODO merge
|
|
|
-RUN curl https://archive.toit.io/cli/v1.18.2/linux \
|
|
|
+ && apt-get install --no-install-recommends --yes ca-certificates curl \
|
|
|
+ && curl https://archive.toit.io/cli/v1.18.2/linux \
|
|
|
| tar -xvzf - -C /usr/local/bin \
|
|
|
- && apt-get install --autoremove --yes curl \
|
|
|
+ && apt-get install --autoremove --yes ca-certificates curl \
|
|
|
&& rm -r /var/lib/apt/lists/*
|
|
|
|
|
|
# TODO change user
|
