search

krallin / tini

A tiny but valid `init` for containers
MIT License
9.79k stars 506 forks source link

Failed to ADD tini in Dockerfile ( x509: certificate signed by unknown authority) #162

Closed moopene36607 closed 4 years ago

moopene36607 commented 4 years ago

I'm noob in Docker and I failed to build image if I ADD tini in Dockerfile. ( x509: certificate signed by unknown authority)

Inside Dockerfile:

...
ENV TINI_VERSION v0.16.1
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /usr/bin/tini
...

Log: ADD failed: Get https://github-production-release-asset-2e65be.s3.amazonaws.com/31432573/f039db52-89a3-11e7-8e08-44ac01cb80d5?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200522%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200522T010650Z&X-Amz-Expires=300&X-Amz-Signature=29bf00c6d04cc935b8da4a2a50249ff786ad0996a1b821f2c3084f471e144778&X-Amz-SignedHeaders=host&actor_id=0&repo_id=31432573&response-content-disposition=attachment%3B%20filename%3Dtini&response-content-type=application%2Foctet-stream: x509: certificate signed by unknown authority

---What I've tried

  1. Tried to add "https://github.com/krallin/tini/releases/download/v0.16.1/tini" into "insecure-registries" in /etc/docker/daemon.json but it didn't work.
  2. Tried to use openssl generates certification and copy it into /usr/local/share/ca-certificates/ but it didn't work. 
    sudo cp domain.crt /usr/local/share/ca-certificates/
sudo update-ca-certificates
sudo systemctl daemon-reload
sudo systemctl restart docker

What can I do to solve this problem?

uniquestring commented 4 years ago

Hi, did you find a solution for your problem? From what you've wrote, I would think it's not an issue with this specific project, but with your docker installation in general (which might be one reason, why nobody felt the urge to reply to this issue).

Tried to add "https://github.com/krallin/tini/releases/download/v0.16.1/tini" into "insecure-registries" in /etc/docker/daemon.json but it didn't work.

insecure-registries won't help here, since you aren't getting this error when interacting with an docker registry. insecure-registries would be used for example if you want to connect to a registry that uses an SSL certificate, that your computer doesn't trust. More under https://docs.docker.com/registry/insecure/

Tried to use openssl generates certification and copy it into /usr/local/share/ca-certificates/ but it didn't work.

I'm not sure what exactly you did there. But you could be on the right path. Can you access github from your machine or do you get similar errors?

curl -vLo /dev/null https://github.com/krallin/tini/releases/download/v0.16.1/tini

If you get similar errors, (certificate signed by unknown authority, or something along those lines), your pc might be missing some certification authorities, and therefore not trusting certificates signed by them.

moopene36607 commented 4 years ago

OK! Thank you for your suggestion.