Create common script to download LetsEncrypt CA in pipeline environments
This commit is contained in:
parent
8f0d37213b
commit
94abda3f1a
|
|
@ -0,0 +1,26 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -eo pipefail
|
||||||
|
|
||||||
|
DESTDIR=/usr/local/share/ca-certificates
|
||||||
|
UPDATE_CERTS_CMD=update-ca-certificates
|
||||||
|
CERTS="$(cat <<EOF
|
||||||
|
https://letsencrypt.org/certs/isrgrootx1.pem
|
||||||
|
https://letsencrypt.org/certs/isrg-root-x2.pem
|
||||||
|
https://letsencrypt.org/certs/lets-encrypt-r3.pem
|
||||||
|
https://letsencrypt.org/certs/lets-encrypt-e1.pem
|
||||||
|
https://letsencrypt.org/certs/lets-encrypt-r4.pem
|
||||||
|
https://letsencrypt.org/certs/lets-encrypt-e2.pem
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
|
||||||
|
cd "$DESTDIR"
|
||||||
|
|
||||||
|
for cert in $CERTS; do
|
||||||
|
echo "Downloading '$cert'..."
|
||||||
|
filename=$(basename "$cert")
|
||||||
|
wget -O "$filename" "$cert"
|
||||||
|
openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
|
||||||
|
done
|
||||||
|
|
||||||
|
$UPDATE_CERTS_CMD
|
||||||
|
|
@ -9,18 +9,8 @@ ARG TAMARIN_VERSION=develop
|
||||||
|
|
||||||
RUN apk add --no-cache git docker python3 bash openssl
|
RUN apk add --no-cache git docker python3 bash openssl
|
||||||
|
|
||||||
ADD https://letsencrypt.org/certs/isrgrootx1.pem.txt /usr/local/share/ca-certificates/isrgrootx1.pem
|
COPY add-letsencrypt-ca.sh /usr/local/bin/add-letsencrypt-ca
|
||||||
ADD https://letsencrypt.org/certs/isrg-root-x2.pem /usr/local/share/ca-certificates/isrg-root-x2.pem
|
RUN chmod +x /usr/local/bin/add-letsencrypt-ca && /usr/local/bin/add-letsencrypt-ca
|
||||||
ADD https://letsencrypt.org/certs/trustid-x3-root.pem.txt /usr/local/share/ca-certificates/trustid-x3-root.pem
|
|
||||||
ADD https://letsencrypt.org/certs/letsencryptauthorityx3.pem /usr/local/share/ca-certificates/letsencryptauthorityx3.pem
|
|
||||||
|
|
||||||
RUN cd /usr/local/share/ca-certificates \
|
|
||||||
&& openssl x509 -in isrgrootx1.pem -inform PEM -out isrgrootx1.crt \
|
|
||||||
&& openssl x509 -in trustid-x3-root.pem -inform PEM -out trustid-x3-root.crt \
|
|
||||||
&& openssl x509 -in letsencryptauthorityx3.pem -inform PEM -out letsencryptauthorityx3.crt \
|
|
||||||
&& openssl x509 -in isrg-root-x2.pem -inform PEM -out isrg-root-x2.crt
|
|
||||||
|
|
||||||
RUN update-ca-certificates
|
|
||||||
|
|
||||||
RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\
|
RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\
|
||||||
&& cd /tamarin\
|
&& cd /tamarin\
|
||||||
|
|
|
||||||
|
|
@ -122,6 +122,9 @@ def buildDockerImage() {
|
||||||
def runTamarinScript = libraryResource 'com/cadoles/tamarin/run-tamarin.sh'
|
def runTamarinScript = libraryResource 'com/cadoles/tamarin/run-tamarin.sh'
|
||||||
writeFile file:'run-tamarin.sh', text:runTamarinScript
|
writeFile file:'run-tamarin.sh', text:runTamarinScript
|
||||||
|
|
||||||
|
def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
|
||||||
|
writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
|
||||||
|
|
||||||
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
||||||
def imageTag = "${safeJobName}-${env.BUILD_ID}"
|
def imageTag = "${safeJobName}-${env.BUILD_ID}"
|
||||||
return docker.build("tamarin:${imageTag}", ".")
|
return docker.build("tamarin:${imageTag}", ".")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue