dockerfiles: add ability to include private ca chains

This adds a two steps that will allow having private CA chains to be copied into the container and installed in the system CA store. Signed-off-by: Daniel P. Smith <[email protected]>
OpenXT · Apr 10, 2024 · ff78107 · ff78107
1 parent 8348e0f
commit ff78107
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 0 deletions.
diff --git a/Dockerfiles/ca-certs/README.md b/Dockerfiles/ca-certs/README.md
@@ -0,0 +1,5 @@
+# CA Certificate Chains
+
+Add any PEM formated CA certification chain to this directory with an extension
+of '.cert'. If the docker file supports importing CA chains, it will add them
+to the container's system CA store.
diff --git a/Dockerfiles/generic-oe64 b/Dockerfiles/generic-oe64
@@ -15,6 +15,10 @@ RUN apt-get update && \
 RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /usr/local/bin/repo && \
         chmod a+x /usr/local/bin/repo
 
+# This copy will include README, but update should ignore
+ADD ca-certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 RUN useradd -Ums /bin/bash -l -p build -u [UID] build && \
         usermod -aG sudo build
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \

diff --git a/Dockerfiles/openxt-bullseye-oe64 b/Dockerfiles/openxt-bullseye-oe64
@@ -46,6 +46,10 @@ RUN useradd -Ums /bin/bash -l -p '""' -u $UID $UNAME
 ADD files/quiltrc /home/$UNAME/.quiltrc
 ADD files/oxt-patch.header /home/$UNAME/oxt-patch.header
 
+# This copy will include README, but update should ignore
+ADD ca-certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
     locale-gen
 ENV LANG en_US.utf8

diff --git a/Dockerfiles/openxt-buster-oe64 b/Dockerfiles/openxt-buster-oe64
@@ -57,6 +57,11 @@ ADD files/oxt-patch.header /home/$UNAME/oxt-patch.header
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
     locale-gen
 ENV LANG en_US.utf8
+
+# This copy will include README, but update should ignore
+ADD ca-certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 USER $UNAME
 WORKDIR /home/$UNAME
 ENTRYPOINT ["/bin/bash"]
diff --git a/Dockerfiles/openxt-oe64 b/Dockerfiles/openxt-oe64
@@ -51,6 +51,10 @@ RUN useradd -Ums /bin/bash -l -p '""' -G sudo -u $UID $UNAME
 ADD files/quiltrc /home/$UNAME/.quiltrc
 ADD files/oxt-patch.header /home/$UNAME/oxt-patch.header
 
+# This copy will include README, but update should ignore
+ADD ca-certs/* /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
 RUN echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
     locale-gen
 ENV LANG en_US.utf8