Support for --no-tls-verify or --tlsverify false (v1.3.0)
Closed this issue · 1 comments
I've been attempting a rocker build which needs to contact my local docker registry. Unfortunately, the registry uses a self-signed certificate, so when I run my rocker build script, I get the following output:
INFO[0000] FROM [redacted]/[redacted]/alpine
FATA[0000] FROM error: Failed to list tags of image [redacted]/[redacted]/alpine:latest from the remote registry, error: Request to https://[redacted]/v2/[redacted]/alpine/tags/list?page_size=9999&page=1 failed with Get https://[redacted]/v2/[redacted]/alpine/tags/list?page_size=9999&page=1: x509: certificate signed by unknown authority
The build script I'm using is as follows:
#!/bin/bash -e
DOCKER_REGISTRY=${DOCKER_REGISTRY:-[redacted]}
HTTP_PROXY=${HTTP_PROXY:-[redacted]}
GIT_HOST=${GIT_HOST:-[redacted]}
DOCKER_CACHE=${DOCKER_CACHE:-~/.docker}
ROCKER_CACHE=${ROCKER_CACHE:-~/.rocker_cache}
DOCKER_USER=${DOCKER_USER:-[redacted]}
DOCKER_PASS=${1}
WORKDIR=$(pwd)
RUN_OPTS=""
RUN_OPTS="${RUN_OPTS} -it --rm"
RUN_OPTS="${RUN_OPTS} -v /var/run/docker.sock:/var/run/docker.sock"
RUN_OPTS="${RUN_OPTS} -v ${DOCKER_CACHE}:/root/.docker"
RUN_OPTS="${RUN_OPTS} -v ${ROCKER_CACHE}:/root/.rocker_cache"
RUN_OPTS="${RUN_OPTS} -v ${WORKDIR}:/work"
RUN_OPTS="${RUN_OPTS} -e HTTP_PROXY=${HTTP_PROXY}"
RUN_OPTS="${RUN_OPTS} -e HPWD=/work"
RUN_OPTS="${RUN_OPTS} -w /work"
BUILD_OPTS=""
BUILD_OPTS="${BUILD_OPTS} --var DOCKER_REGISTRY=${DOCKER_REGISTRY}"
BUILD_OPTS="${BUILD_OPTS} --var HTTP_PROXY=${HTTP_PROXY}"
BUILD_OPTS="${BUILD_OPTS} --var GIT_HOST=${GIT_HOST}"
BUILD_OPTS="${BUILD_OPTS} --var BUILD_DATE=latest"
if [ ! -z "${DOCKER_PASS}" ]; then
BUILD_OPTS="${BUILD_OPTS} --auth ${DOCKER_USER}:${DOCKER_PASS}"
fi
docker run ${RUN_OPTS} segfly/rocker:latest build ${BUILD_OPTS}
Granted, it's running in a container, but that it's what's throwing the error.
Version output: rocker version 1.3.0 - 30ec46f (master) 2017-01-14_18:37_GMT
I've attempted the following workarounds with no results:
- Installed the local cert in the container (add to
/usr/local/share/ca-certificates/
or/usr/local/share/ca-certificates/extra/
, runupdate-ca-certificates
) - passed it to rocker with
--tlscacert
(completely ignored) - Same as above, but also added
--tls
/--tlsverify
(complained it couldn't find the other cert/key files)
I really just want the build to work, so having a switch that lets me ignore validation until I can get a proper cert installed would be great.
Thanks for requesting. Unfortunately, we are discontinuing this project. See the notice here: https://github.com/grammarly/rocker/blob/master/README.md
Closing this issue as we are not able to implement it. Sorry.