Go语言 如何避免出现“x509:从Alpine容器执行“去下载”操作时,是否出现“由未知机构签名的证书”?

qlvxas9a  于 2023-01-15  发布在  Go
关注(0)|答案(1)|浏览(153)

我尝试使用以下Dockerfile从头开始构建coredns:

FROM golang:alpine
SHELL [ "/bin/sh", "-ec" ]

RUN apk update && apk add --no-cache git make ca-certificates openssl && update-ca-certificates
RUN  git clone https://github.com/coredns/coredns.git
WORKDIR /go/coredns
RUN go get download
RUN make

当我运行**docker build --no-cache --progress=plain -t coredns .**时,我得到的输出和错误如下:

#1 [internal] load build definition from Dockerfile
#1 sha256:5b65661f68f3298655d88d1e83c5014118e9d278e724f83e2f8d968a8f11fe27
#1 transferring dockerfile: 619B done
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 sha256:2e78fdc563f1836b7815b48a445b2878de57404b5573a93080990b3c49e92f8f
#2 transferring context: 2B done
#2 DONE 0.0s

#3 [internal] load metadata for docker.io/library/golang:alpine
#3 sha256:299327d28eff710219f2e24597cfa9b226e8b1b0dc90f9e2122573004cfe837f
#3 DONE 0.5s

#4 [1/6] FROM docker.io/library/golang:alpine@sha256:2381c1e5f8350a901597d633b2e517775eeac7a6682be39225a93b22cfd0f8bb
#4 sha256:bcd1e622e133c928bad4175797b9e323eb9ac29a1d90fbb12f2566da7e868b8f
#4 CACHED

#5 [2/6] RUN apk update && apk add --no-cache git make ca-certificates openssl && update-ca-certificates
#5 sha256:6dd058a5b7f80d591599c7ab466c65cf38e8d5d1b7ddb8f4d2e5d1c0e79a32f0
#5 0.198 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
#5 0.847 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
#5 1.224 v3.17.1-21-gf40c2ce77f [https://dl-cdn.alpinelinux.org/alpine/v3.17/main]
#5 1.224 v3.17.1-23-g06668be47f [https://dl-cdn.alpinelinux.org/alpine/v3.17/community]
#5 1.224 OK: 17813 distinct packages available
#5 1.280 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
#5 1.753 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
#5 2.043 (1/8) Installing brotli-libs (1.0.9-r9)
#5 2.120 (2/8) Installing nghttp2-libs (1.51.0-r0)
#5 2.182 (3/8) Installing libcurl (7.87.0-r1)
#5 2.257 (4/8) Installing libexpat (2.5.0-r0)
#5 2.314 (5/8) Installing pcre2 (10.42-r0)
#5 2.387 (6/8) Installing git (2.38.2-r0)
#5 2.622 (7/8) Installing make (4.3-r1)
#5 2.686 (8/8) Installing openssl (3.0.7-r2)
#5 2.763 Executing busybox-1.35.0-r29.trigger
#5 2.774 OK: 17 MiB in 24 packages
#5 DONE 2.9s

#6 [3/6] RUN  git clone https://github.com/coredns/coredns.git
#6 sha256:aae1eab60ab1f0ffb8d8a48bd03ef02b93bb537b82f1bd4285cfcb2731e19ff4
#6 0.264 Cloning into 'coredns'...
#6 DONE 14.1s

#7 [4/6] WORKDIR /go/coredns
#7 sha256:2291c568fa24f46c6531c6e7d41d5e1150d10485b34e88a85f81542e26295acb
#7 DONE 0.0s

#8 [5/6] RUN go get download
#8 sha256:b2878fe66127be7ffe2e7f4e1f6b538679aebda0abffdd20b14bf928ef23957f
#8 3.603 go: cloud.google.com/go/compute@v1.14.0: Get "https://proxy.golang.org/cloud.google.com/go/compute/@v/v1.14.0.mod": x509: certificate signed by unknown authority
#8 ERROR: executor failed running [/bin/sh -ec go get download]: exit code: 1
------
 > [5/6] RUN go get download:
------
executor failed running [/bin/sh -ec go get download]: exit code: 1

我在谷歌上搜遍了我的心试图找出如何通过“x509:证书由未知授权机构签名”错误。如有帮助,将不胜感激。

q3aa0525

q3aa05251#

看起来这个问题是由我Mac上的Cisco AnyConnect客户端引起的。您可以卸载Cisco AnyConnect或将以下内容添加到您的DockerFile中。

RUN wget http://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer
RUN openssl x509 -inform DER -in ciscoumbrellaroot.cer -out ciscoumbrellaroot.crt
RUN cp ciscoumbrellaroot.crt /usr/local/share/ca-certificates/ciscoumbrellaroot.crt
RUN update-ca-certificates

我找到了答案here

相关问题