Create common script to download LetsEncrypt CA in pipeline environments

This commit is contained in:
wpetit 2021-02-22 14:46:22 +01:00
parent 8f0d37213b
commit 94abda3f1a
3 changed files with 31 additions and 12 deletions

View File

@ -0,0 +1,26 @@
#!/bin/sh
set -eo pipefail
DESTDIR=/usr/local/share/ca-certificates
UPDATE_CERTS_CMD=update-ca-certificates
CERTS="$(cat <<EOF
https://letsencrypt.org/certs/isrgrootx1.pem
https://letsencrypt.org/certs/isrg-root-x2.pem
https://letsencrypt.org/certs/lets-encrypt-r3.pem
https://letsencrypt.org/certs/lets-encrypt-e1.pem
https://letsencrypt.org/certs/lets-encrypt-r4.pem
https://letsencrypt.org/certs/lets-encrypt-e2.pem
EOF
)"
cd "$DESTDIR"
for cert in $CERTS; do
echo "Downloading '$cert'..."
filename=$(basename "$cert")
wget -O "$filename" "$cert"
openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
done
$UPDATE_CERTS_CMD

View File

@ -9,18 +9,8 @@ ARG TAMARIN_VERSION=develop
RUN apk add --no-cache git docker python3 bash openssl RUN apk add --no-cache git docker python3 bash openssl
ADD https://letsencrypt.org/certs/isrgrootx1.pem.txt /usr/local/share/ca-certificates/isrgrootx1.pem COPY add-letsencrypt-ca.sh /usr/local/bin/add-letsencrypt-ca
ADD https://letsencrypt.org/certs/isrg-root-x2.pem /usr/local/share/ca-certificates/isrg-root-x2.pem RUN chmod +x /usr/local/bin/add-letsencrypt-ca && /usr/local/bin/add-letsencrypt-ca
ADD https://letsencrypt.org/certs/trustid-x3-root.pem.txt /usr/local/share/ca-certificates/trustid-x3-root.pem
ADD https://letsencrypt.org/certs/letsencryptauthorityx3.pem /usr/local/share/ca-certificates/letsencryptauthorityx3.pem
RUN cd /usr/local/share/ca-certificates \
&& openssl x509 -in isrgrootx1.pem -inform PEM -out isrgrootx1.crt \
&& openssl x509 -in trustid-x3-root.pem -inform PEM -out trustid-x3-root.crt \
&& openssl x509 -in letsencryptauthorityx3.pem -inform PEM -out letsencryptauthorityx3.crt \
&& openssl x509 -in isrg-root-x2.pem -inform PEM -out isrg-root-x2.crt
RUN update-ca-certificates
RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\ RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\
&& cd /tamarin\ && cd /tamarin\

View File

@ -121,6 +121,9 @@ def buildDockerImage() {
def runTamarinScript = libraryResource 'com/cadoles/tamarin/run-tamarin.sh' def runTamarinScript = libraryResource 'com/cadoles/tamarin/run-tamarin.sh'
writeFile file:'run-tamarin.sh', text:runTamarinScript writeFile file:'run-tamarin.sh', text:runTamarinScript
def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-') def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
def imageTag = "${safeJobName}-${env.BUILD_ID}" def imageTag = "${safeJobName}-${env.BUILD_ID}"