balena-io-library / resin-rpi-raspbian

Apache License 2.0
74 stars 27 forks source link

Want to use this as a base image, but ssl errors #20

Closed alexellis closed 8 years ago

alexellis commented 8 years ago

Hi, is this suitable to be used as a base image? I found I was getting SSL errors when using curl and wget.. should I need to install ca-certificates? Is this being kept out of the base image to keep the size artificially small?

FROM resin/rpi-raspbian
USER root
RUN apt-get update && apt-get install -qy curl wget
RUN wget https://github.com/alexellis/docker-arm.git
CMD ["/bin/bash"]

gives:

Step 4 : RUN wget https://github.com/alexellis/docker-arm.git
 ---> Running in 617d8b93c4d9
--2016-03-13 12:12:39--  https://github.com/alexellis/docker-arm.git
Resolving github.com (github.com)... 192.30.252.130
Connecting to github.com (github.com)|192.30.252.130|:443... connected.
ERROR: The certificate of ‘github.com’ is not trusted.
ERROR: The certificate of ‘github.com’ hasn't got a known issuer.
petrosagg commented 8 years ago

@alexellis yes, you have to install ca-certificates to have proper TLS validation.

The reason this isn't installed by default isn't for size reduction, ca-certificates is only ~10KB. The reason it's missing is because we follow the way the official debian images are built by Docker, which is basically the minbase variant plus inetutils-ping and iproute2. You can see the source here:

https://github.com/tianon/docker-brew-debian/blob/d431f09a3730996c0f759eb446bff454f715a321/jessie/build-command.txt#L1

and the packages installed here:

https://github.com/tianon/docker-brew-debian/blob/d431f09a3730996c0f759eb446bff454f715a321/jessie/build.manifest