Chisel in restricted environment

[moconnell]

Similar to #125, I would like to use chisel to build a custom chiselled asp.net base image that includes Kerberos libs.

The secured build environment has restricted internet access though.

I can get around the database lookup by cloning the chisel-releases repo outside of the Docker build and COPYing it into the image, but then chisel tries to look-up archive.ubuntu.com - which of course fails.

What is the advice for using the tool in such environments?

[cjdcordeiro]

Hi @moconnell ,

this is a very valid use case you're raising.
For the time being, Chisel only supports Ubuntu archives.

We do have an item in our roadmap that could potentially help here, and that is "support for archive mirrors". If you are running chisel in an air-gapped environment, you'd need to mirror the apt archives in order to make it work (as you would with apt).

This item is however not scheduled to be worked immediately, so it could still take a few months to land, as we need to prioritize some other features first.

If you really need to keep going at it and can't wait, then one workaround I can suggest is to set a proxy between Chisel and the Ubuntu archives, such that you can trap Chisel's requests and forward them to your mirrors (yes, they must be mirrors because Chisel will verify the integrity of the archives). Maybe tools like mitmproxy can help you in the meantime.