Last active
October 5, 2021 20:26
-
-
Save tashian/601d9c6ceb0e9a3c3c1a3b121586d2af to your computer and use it in GitHub Desktop.
A MongoDB Dockerfile that bootstraps with a step-ca Certificate Authority for root CA trust
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM mongo | |
| ARG CA_URL | |
| ARG CA_FINGERPRINT | |
| ENV CA_URL=${CA_URL} CA_FINGERPRINT=${CA_FINGERPRINT} | |
| RUN apt update; \ | |
| apt install -y --no-install-recommends \ | |
| curl \ | |
| jq \ | |
| openssl \ | |
| ; \ | |
| curl -ks "${CA_URL}/root/${CA_FINGERPRINT}" \ | |
| | jq -re ".ca" \ | |
| | tee /usr/local/share/ca-certificates/root_ca.crt; \ | |
| fingerprint=$(openssl x509 -in /usr/local/share/ca-certificates/root_ca.crt -noout -sha256 -fingerprint \ | |
| | tr -d ":" \ | |
| | cut -d "=" -f 2 \ | |
| | tr "[:upper:]" "[:lower:]"); \ | |
| if [ $fingerprint = ${CA_FINGERPRINT} ]; then \ | |
| /usr/sbin/update-ca-certificates; \ | |
| else \ | |
| echo >&2; \ | |
| echo >&2 "error: CA certificate fingerprint $fingerprint does not match expected value ${CA_FINGERPRINT}"; \ | |
| echo >&2; \ | |
| exit 1; \ | |
| fi; \ | |
| rm -rf /var/lib/apt/lists/* |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CA_URLandCA_FINGERPRINTshould be supplied as build args, eg.