I've been attempting a rocker build which needs to contact my local docker registry. Unfortunately, the registry uses a self-signed certificate, so when I run my rocker build script, I get the following output:
INFO[0000] FROM [redacted]/[redacted]/alpine
FATA[0000] FROM error: Failed to list tags of image [redacted]/[redacted]/alpine:latest from the remote registry, error: Request to https://[redacted]/v2/[redacted]/alpine/tags/list?page_size=9999&page=1 failed with Get https://[redacted]/v2/[redacted]/alpine/tags/list?page_size=9999&page=1: x509: certificate signed by unknown authority
Granted, it's running in a container, but that it's what's throwing the error.
Version output: rocker version 1.3.0 - 30ec46f (master) 2017-01-14_18:37_GMT
I've attempted the following workarounds with no results:
Installed the local cert in the container (add to /usr/local/share/ca-certificates/ or /usr/local/share/ca-certificates/extra/, run update-ca-certificates)
passed it to rocker with --tlscacert (completely ignored)
Same as above, but also added --tls / --tlsverify (complained it couldn't find the other cert/key files)
I really just want the build to work, so having a switch that lets me ignore validation until I can get a proper cert installed would be great.
I've been attempting a rocker build which needs to contact my local docker registry. Unfortunately, the registry uses a self-signed certificate, so when I run my rocker build script, I get the following output:
The build script I'm using is as follows:
Granted, it's running in a container, but that it's what's throwing the error. Version output:
rocker version 1.3.0 - 30ec46f (master) 2017-01-14_18:37_GMT
I've attempted the following workarounds with no results:
/usr/local/share/ca-certificates/
or/usr/local/share/ca-certificates/extra/
, runupdate-ca-certificates
)--tlscacert
(completely ignored)--tls
/--tlsverify
(complained it couldn't find the other cert/key files)I really just want the build to work, so having a switch that lets me ignore validation until I can get a proper cert installed would be great.