Update all dockerfiles to source ca certs from alpine:3 instead of in…

…fra-toolkit
strangelove-ventures · Mar 27, 2024 · 50387dc · 50387dc
1 parent 39fcb28
commit 50387dc
Show file tree

Hide file tree

Showing 9 changed files with 36 additions and 9 deletions.
diff --git a/dockerfile/avalanche/Dockerfile b/dockerfile/avalanche/Dockerfile
@@ -107,6 +107,9 @@ RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G hei
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
+# Use alpine to source the latest CA certificates
+FROM alpine:3 as alpine-3
+
 # Build final image from scratch
 FROM scratch
 
@@ -161,7 +164,7 @@ COPY --from=build-env /root/bin /bin
 COPY --from=build-env /lib /lib
 
 # Install trusted CA certificates
-COPY --from=infra-toolkit /etc/ssl/cert.pem /etc/ssl/cert.pem
+COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
 
 # Install heighliner user
 COPY --from=infra-toolkit /etc/passwd /etc/passwd

diff --git a/dockerfile/avalanche/native.Dockerfile b/dockerfile/avalanche/native.Dockerfile
@@ -84,6 +84,9 @@ RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G hei
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
+# Use alpine to source the latest CA certificates
+FROM alpine:3 as alpine-3
+
 # Build final image from scratch
 FROM scratch
 
@@ -138,7 +141,7 @@ COPY --from=build-env /root/bin /bin
 COPY --from=build-env /lib /lib
 
 # Install trusted CA certificates
-COPY --from=infra-toolkit /etc/ssl/cert.pem /etc/ssl/cert.pem
+COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
 
 # Install heighliner user
 COPY --from=infra-toolkit /etc/passwd /etc/passwd

diff --git a/dockerfile/cargo/Dockerfile b/dockerfile/cargo/Dockerfile
@@ -152,6 +152,9 @@ RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G hei
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
+# Use alpine to source the latest CA certificates
+FROM alpine:3 as alpine-3
+
 # Use TARGETARCH image for determining necessary libs
 FROM rust:1-bullseye as target-arch-libs
 RUN apt update && apt install -y libssl1.1 openssl clang libstdc++6
@@ -301,7 +304,7 @@ RUN if [ ! -z "$FINAL_IMAGE" ]; then sh -c "$FINAL_IMAGE"; fi
 RUN rm -rf ln rm mv mkdir dirname /root/lib_abs /root/lib_abs.list
 
 # Install trusted CA certificates
-COPY --from=infra-toolkit /etc/ssl/cert.pem /etc/ssl/cert.pem
+COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
 
 # Install heighliner user
 COPY --from=infra-toolkit /etc/passwd /etc/passwd

diff --git a/dockerfile/cargo/native.Dockerfile b/dockerfile/cargo/native.Dockerfile
@@ -166,6 +166,9 @@ RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G hei
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
+# Use alpine to source the latest CA certificates
+FROM alpine:3 as alpine-3
+
 # Build final image from scratch
 FROM scratch
 
@@ -251,7 +254,7 @@ RUN if [ ! -z "$FINAL_IMAGE" ]; then sh -c "$FINAL_IMAGE"; fi
 RUN rm -rf ln rm mv mkdir dirname /root/lib_abs /root/lib_abs.list
 
 # Install trusted CA certificates
-COPY --from=infra-toolkit /etc/ssl/cert.pem /etc/ssl/cert.pem
+COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
 
 # Install heighliner user
 COPY --from=infra-toolkit /etc/passwd /etc/passwd

diff --git a/dockerfile/cosmos/Dockerfile b/dockerfile/cosmos/Dockerfile
@@ -114,6 +114,9 @@ RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G hei
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
+# Use alpine to source the latest CA certificates
+FROM alpine:3 as alpine-3
+
 # Build final image from scratch
 FROM scratch
 
@@ -168,7 +171,7 @@ COPY --from=build-env /root/bin /bin
 COPY --from=build-env /root/lib /lib
 
 # Install trusted CA certificates
-COPY --from=infra-toolkit /etc/ssl/cert.pem /etc/ssl/cert.pem
+COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
 
 # Install heighliner user
 COPY --from=infra-toolkit /etc/passwd /etc/passwd

diff --git a/dockerfile/cosmos/local.Dockerfile b/dockerfile/cosmos/local.Dockerfile
@@ -39,6 +39,9 @@ RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G hei
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
+# Use alpine to source the latest CA certificates
+FROM alpine:3 as alpine-3
+
 # Build part 1 of the final image
 FROM scratch AS final-part1
 
@@ -87,7 +90,7 @@ RUN for b in \
 RUN rm ln rm
 
 # Install trusted CA certificates
-COPY --from=infra-toolkit /etc/ssl/cert.pem /etc/ssl/cert.pem
+COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
 
 # Install heighliner user
 COPY --from=infra-toolkit /etc/passwd /etc/passwd

diff --git a/dockerfile/cosmos/localcross.Dockerfile b/dockerfile/cosmos/localcross.Dockerfile
@@ -112,6 +112,9 @@ RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G hei
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
+# Use alpine to source the latest CA certificates
+FROM alpine:3 as alpine-3
+
 # Build final image from scratch
 FROM scratch
 
@@ -166,7 +169,7 @@ COPY --from=build-env /root/bin /bin
 COPY --from=build-env /root/lib /lib
 
 # Install trusted CA certificates
-COPY --from=infra-toolkit /etc/ssl/cert.pem /etc/ssl/cert.pem
+COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
 
 # Install heighliner user
 COPY --from=infra-toolkit /etc/passwd /etc/passwd

diff --git a/dockerfile/cosmos/native.Dockerfile b/dockerfile/cosmos/native.Dockerfile
@@ -88,6 +88,9 @@ RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G hei
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
+# Use alpine to source the latest CA certificates
+FROM alpine:3 as alpine-3
+
 # Build final image from scratch
 FROM scratch
 
@@ -142,7 +145,7 @@ COPY --from=build-env /root/bin /bin
 COPY --from=build-env /root/lib /lib
 
 # Install trusted CA certificates
-COPY --from=infra-toolkit /etc/ssl/cert.pem /etc/ssl/cert.pem
+COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
 
 # Install heighliner user
 COPY --from=infra-toolkit /etc/passwd /etc/passwd

diff --git a/dockerfile/imported/Dockerfile b/dockerfile/imported/Dockerfile
@@ -9,6 +9,9 @@ RUN addgroup --gid 1025 -S heighliner && adduser --uid 1025 -S heighliner -G hei
 # Use ln and rm from full featured busybox for assembling final image
 FROM busybox:1.34.1-musl AS busybox-full
 
+# Use alpine to source the latest CA certificates
+FROM alpine:3 as alpine-3
+
 FROM debian:latest AS build-env
 
 COPY --from=imported / /imported
@@ -202,7 +205,7 @@ RUN if [ ! -z "$FINAL_IMAGE" ]; then sh -c "$FINAL_IMAGE"; fi
 RUN rm -rf ln rm mv mkdir dirname /root/lib_abs /root/lib_abs.list
 
 # Install trusted CA certificates
-COPY --from=infra-toolkit /etc/ssl/cert.pem /etc/ssl/cert.pem
+COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
 
 # Install heighliner user
 COPY --from=infra-toolkit /etc/passwd /etc/passwd