How do I avoid a "x509: certificate signed by unknown authority" when doing a "go get download" from an alpine container?

huangapple go评论157阅读模式
英文:

How do I avoid a "x509: certificate signed by unknown authority" when doing a "go get download" from an alpine container?

问题

我正在尝试使用以下Dockerfile从头构建coredns:

FROM golang:alpine
SHELL ["/bin/sh", "-ec"]

RUN apk update && apk add --no-cache git make ca-certificates openssl && update-ca-certificates
RUN git clone https://github.com/coredns/coredns.git
WORKDIR /go/coredns
RUN go get download
RUN make

当我运行**docker build --no-cache --progress=plain -t coredns .**时,我得到以下输出和错误:

#1 [internal] load build definition from Dockerfile
#1 sha256:5b65661f68f3298655d88d1e83c5014118e9d278e724f83e2f8d968a8f11fe27
#1 transferring dockerfile: 619B done
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 sha256:2e78fdc563f1836b7815b48a445b2878de57404b5573a93080990b3c49e92f8f
#2 transferring context: 2B done
#2 DONE 0.0s

#3 [internal] load metadata for docker.io/library/golang:alpine
#3 sha256:299327d28eff710219f2e24597cfa9b226e8b1b0dc90f9e2122573004cfe837f
#3 DONE 0.5s

#4 [1/6] FROM docker.io/library/golang:alpine@sha256:2381c1e5f8350a901597d633b2e517775eeac7a6682be39225a93b22cfd0f8bb
#4 sha256:bcd1e622e133c928bad4175797b9e323eb9ac29a1d90fbb12f2566da7e868b8f
#4 CACHED

#5 [2/6] RUN apk update && apk add --no-cache git make ca-certificates openssl && update-ca-certificates
#5 sha256:6dd058a5b7f80d591599c7ab466c65cf38e8d5d1b7ddb8f4d2e5d1c0e79a32f0
#5 0.198 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
#5 0.847 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
#5 1.224 v3.17.1-21-gf40c2ce77f [https://dl-cdn.alpinelinux.org/alpine/v3.17/main]
#5 1.224 v3.17.1-23-g06668be47f [https://dl-cdn.alpinelinux.org/alpine/v3.17/community]
#5 1.224 OK: 17813 distinct packages available
#5 1.280 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
#5 1.753 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
#5 2.043 (1/8) Installing brotli-libs (1.0.9-r9)
#5 2.120 (2/8) Installing nghttp2-libs (1.51.0-r0)
#5 2.182 (3/8) Installing libcurl (7.87.0-r1)
#5 2.257 (4/8) Installing libexpat (2.5.0-r0)
#5 2.314 (5/8) Installing pcre2 (10.42-r0)
#5 2.387 (6/8) Installing git (2.38.2-r0)
#5 2.622 (7/8) Installing make (4.3-r1)
#5 2.686 (8/8) Installing openssl (3.0.7-r2)
#5 2.763 Executing busybox-1.35.0-r29.trigger
#5 2.774 OK: 17 MiB in 24 packages
#5 DONE 2.9s

#6 [3/6] RUN git clone https://github.com/coredns/coredns.git
#6 sha256:aae1eab60ab1f0ffb8d8a48bd03ef02b93bb537b82f1bd4285cfcb2731e19ff4
#6 0.264 Cloning into 'coredns'...
#6 DONE 14.1s

#7 [4/6] WORKDIR /go/coredns
#7 sha256:2291c568fa24f46c6531c6e7d41d5e1150d10485b34e88a85f81542e26295acb
#7 DONE 0.0s

#8 [5/6] RUN go get download
#8 sha256:b2878fe66127be7ffe2e7f4e1f6b538679aebda0abffdd20b14bf928ef23957f
#8 3.603 go: cloud.google.com/go/compute@v1.14.0: Get "https://proxy.golang.org/cloud.google.com/go/compute/@v/v1.14.0.mod": x509: certificate signed by unknown authority
#8 ERROR: executor failed running [/bin/sh -ec go get download]: exit code: 1
------
 > [5/6] RUN go get download:
------
executor failed running [/bin/sh -ec go get download]: exit code: 1

我已经尽力搜索了如何解决"x509: certificate signed by unknown authority"错误的方法。任何帮助将不胜感激。

英文:

I am trying to build coredns from scratch with the following Dockerfile:

FROM golang:alpine
SHELL [ "/bin/sh", "-ec" ]

RUN apk update && apk add --no-cache git make ca-certificates openssl && update-ca-certificates
RUN  git clone https://github.com/coredns/coredns.git
WORKDIR /go/coredns
RUN go get download
RUN make

When I run docker build --no-cache --progress=plain -t coredns . this is the output and error I am getting:

#1 [internal] load build definition from Dockerfile
#1 sha256:5b65661f68f3298655d88d1e83c5014118e9d278e724f83e2f8d968a8f11fe27
#1 transferring dockerfile: 619B done
#1 DONE 0.0s

#2 [internal] load .dockerignore
#2 sha256:2e78fdc563f1836b7815b48a445b2878de57404b5573a93080990b3c49e92f8f
#2 transferring context: 2B done
#2 DONE 0.0s

#3 [internal] load metadata for docker.io/library/golang:alpine
#3 sha256:299327d28eff710219f2e24597cfa9b226e8b1b0dc90f9e2122573004cfe837f
#3 DONE 0.5s

#4 [1/6] FROM docker.io/library/golang:alpine@sha256:2381c1e5f8350a901597d633b2e517775eeac7a6682be39225a93b22cfd0f8bb
#4 sha256:bcd1e622e133c928bad4175797b9e323eb9ac29a1d90fbb12f2566da7e868b8f
#4 CACHED

#5 [2/6] RUN apk update && apk add --no-cache git make ca-certificates openssl && update-ca-certificates
#5 sha256:6dd058a5b7f80d591599c7ab466c65cf38e8d5d1b7ddb8f4d2e5d1c0e79a32f0
#5 0.198 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
#5 0.847 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
#5 1.224 v3.17.1-21-gf40c2ce77f [https://dl-cdn.alpinelinux.org/alpine/v3.17/main]
#5 1.224 v3.17.1-23-g06668be47f [https://dl-cdn.alpinelinux.org/alpine/v3.17/community]
#5 1.224 OK: 17813 distinct packages available
#5 1.280 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
#5 1.753 fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
#5 2.043 (1/8) Installing brotli-libs (1.0.9-r9)
#5 2.120 (2/8) Installing nghttp2-libs (1.51.0-r0)
#5 2.182 (3/8) Installing libcurl (7.87.0-r1)
#5 2.257 (4/8) Installing libexpat (2.5.0-r0)
#5 2.314 (5/8) Installing pcre2 (10.42-r0)
#5 2.387 (6/8) Installing git (2.38.2-r0)
#5 2.622 (7/8) Installing make (4.3-r1)
#5 2.686 (8/8) Installing openssl (3.0.7-r2)
#5 2.763 Executing busybox-1.35.0-r29.trigger
#5 2.774 OK: 17 MiB in 24 packages
#5 DONE 2.9s

#6 [3/6] RUN  git clone https://github.com/coredns/coredns.git
#6 sha256:aae1eab60ab1f0ffb8d8a48bd03ef02b93bb537b82f1bd4285cfcb2731e19ff4
#6 0.264 Cloning into 'coredns'...
#6 DONE 14.1s

#7 [4/6] WORKDIR /go/coredns
#7 sha256:2291c568fa24f46c6531c6e7d41d5e1150d10485b34e88a85f81542e26295acb
#7 DONE 0.0s

#8 [5/6] RUN go get download
#8 sha256:b2878fe66127be7ffe2e7f4e1f6b538679aebda0abffdd20b14bf928ef23957f
#8 3.603 go: cloud.google.com/go/compute@v1.14.0: Get "https://proxy.golang.org/cloud.google.com/go/compute/@v/v1.14.0.mod": x509: certificate signed by unknown authority
#8 ERROR: executor failed running [/bin/sh -ec go get download]: exit code: 1
------
 > [5/6] RUN go get download:
------
executor failed running [/bin/sh -ec go get download]: exit code: 1

I've googled my heart out trying to figure out how to get past the "x509: certificate signed by unknown authority" error. Any help is appreciated.

答案1

得分: 1

看起来问题是由于我Mac上的Cisco AnyConnect客户端引起的。您可以卸载Cisco AnyConnect或将以下内容添加到您的Dockerfile中。

RUN wget http://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer
RUN openssl x509 -inform DER -in ciscoumbrellaroot.cer -out ciscoumbrellaroot.crt
RUN cp ciscoumbrellaroot.crt /usr/local/share/ca-certificates/ciscoumbrellaroot.crt
RUN update-ca-certificates

我在这里找到了答案链接

英文:

It looks like the issue was caused by the Cisco AnyConnect client on my Mac. You can uninstall Cisco AnyConect or add the following to your Dockerfile.

RUN wget http://www.cisco.com/security/pki/certs/ciscoumbrellaroot.cer
RUN openssl x509 -inform DER -in ciscoumbrellaroot.cer -out ciscoumbrellaroot.crt
RUN cp ciscoumbrellaroot.crt /usr/local/share/ca-certificates/ciscoumbrellaroot.crt
RUN update-ca-certificates

I found the answer here.

huangapple
  • 本文由 发表于 2023年1月13日 09:19:22
  • 转载请务必保留本文链接:https://go.coder-hub.com/75103944.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定