Closed T0MASD closed 1 year ago
Can we just add the CAs to the image? They're not secret, and it would avoid yet another mount of our local filesystem into the container. This would allow any users to use OCM container without having to have the CAs, too, which I think is an excellent advantage of the project. I like being able to just pull the image and go, without needing to customize my laptop at all to get things to work :)
Coming back to this, I just added this to another image I use - would you be open to making this change in the Dockerfile instead of adding the mount, @T0MASD:
RUN curl -sSL -o /etc/pki/ca-trust/source/anchors/RH-IT-Root-CA.crt https://certs.corp.redhat.com/certs/2015-IT-Root-CA.pem
RUN curl -sSL -o /etc/pki/ca-trust/source/anchors/2022-IT-Root-CA.pem https://certs.corp.redhat.com/certs/2022-IT-Root-CA.pem
RUN update-ca-trust
@clcollins unfortunatley those certs aren't public :(
$ curl https://certs.corp.redhat.com/certs/2015-IT-Root-CA.pem
curl: (6) Could not resolve host: certs.corp.redhat.com
Ah, bummer. Maybe we can grab those in some other way in the future.
/lgtm /approve
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: clcollins, T0MASD
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Mounts certificate authority trust source to avoid self-signed certificate errors
before
after