Skip to content
Snippets Groups Projects
Commit 31c64e49 authored by Carl Tashian's avatar Carl Tashian
Browse files

Add CA cert to mongo image via args

parent b9561951
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 26 additions and 0 deletions
Dockerfile.mongotls 0 → 100644
+ 26
0
View file @ 31c64e49
FROM mongo
ARG CA_URL=https://ca.oloid.io:4443
ARG CA_FINGERPRINT=c8de28e620ec4367f734a0c405d92d7350dbec351cec3e4f6a6d1fc9512387aa
ENV CA_URL=${CA_URL} CA_FINGERPRINT=${CA_FINGERPRINT}
RUN apt update; \
apt install -y --no-install-recommends \
curl \
jq \
openssl \
; \
curl -ks "${CA_URL}/root/${CA_FINGERPRINT}" \
| jq -re ".ca" \
| tee /usr/local/share/ca-certificates/root_ca.crt; \
fingerprint=$(openssl x509 -in /usr/local/share/ca-certificates/root_ca.crt -noout -sha256 -fingerprint \
| tr -d ":" \
| cut -d "=" -f 2 \
| tr "[:upper:]" "[:lower:]"); \
if [ $fingerprint = ${CA_FINGERPRINT} ]; then \
/usr/sbin/update-ca-certificates; \
else \
echo >&2; \
echo >&2 "error: CA certificate fingerprint $fingerprint does not match expected value ${CA_FINGERPRINT}"; \
echo >&2; \
exit 1; \
fi; \
rm -rf /var/lib/apt/lists/*
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

:feet::heart: Strive to be the person your dogs believe you are :heart::feet: