如何将生成的证书内容传递到目标文件
How to pass the content of certificate generated to destination file
Shell 命令无法识别变量
我能够生成证书的内容,但是当我尝试将其传递到容器位置中的文件时,shell 无法识别保存证书内容的变量
RUN apk add ca-certificates
RUN apk add --no-cache openssl
RUN CERTS = $(echo -n | openssl s_client -connect keycloak.abc.domain.com:443 -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p') && \
echo $CERTS >/usr/local/share/ca-certificates/mycert.crt && \
update-ca-certificates
错误说:
步骤 14/18:运行 CERT = $(echo -n | openssl s_client -connect
keycloakt.abc.domain.com:443 -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p') && echo $CERT >/usr/local/share/ca-certificates/mycert.crt && update-ca-certificates
---> Running in 18e319cfa09b
depth=0 C = MX, ST = xx, L = xx, O = xx, OU = xx, CN = *.xx
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=xx C = xx, ST = xx, L = xx, O = xx, OU = xx, CN = *.xx
verify error:num=21:unable to verify the first certificate
verify return:1
DONE
**/bin/sh: CERT: not found**
The command '/bin/sh -c CERT = $(echo -n | openssl s_client -connect
hostname:port -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END
CERTIFICATE-/p') && echo $CERT >/usr/local/share/ca-
certificates/mycert.crt && update-ca-certificates' returned a non-
zero code: 127
我也尝试了 "$CERT" > /usr/local/share/ca-certificates/mycert.crt。
我还尝试从本地
复制证书
#RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
#COPY ./mycert.crt /usr/local/share/ca-certificates/mycert.crt
但是我得到:COPY failed: stat /var/lib/docker/tmp/docker-builder950940816/mycert.crt: no such file or directory
还有其他方法可以在这里传递值吗?任何人都可以指出这两种方法中的任何一种有什么问题吗?
变量赋值包含语法错误。但是,如果您只想将证书写入文件,则没有理由将证书捕获到变量中。
RUN openssl s_client -connect keycloak.abc.domain.com:443 -showcerts </dev/null \
| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p') >/usr/local/share/ca-certificates/mycert.crt && \
update-ca-certificates
这个语法对我有用:
RUN CERT=$(echo -n | openssl s_client -connect keycloakt.abc.domain.com:443 -
showcerts </dev/null \ | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p') && \
echo $CERT >/usr/local/share/ca-certificates/mycert.crt && \
update-ca-certificates
尽管我收到一条警告消息,但它并没有达到为我的 docker 容器导入 ca 证书的目的:
[91ms_client: 不得同时提供 -connect 选项和目标参数
s_client: 使用-help 进行总结。
[0m[91mWARNING: ca-certificates.crt 不完全包含一个证书或 CRL:跳过
[0m[91m警告:ca-cert-mycert.pem 不完全包含一个证书或 CRL:跳过。
但是这个 post 问题已通过@triplee 建议得到解决。谢谢!
Shell 命令无法识别变量
我能够生成证书的内容,但是当我尝试将其传递到容器位置中的文件时,shell 无法识别保存证书内容的变量
RUN apk add ca-certificates
RUN apk add --no-cache openssl
RUN CERTS = $(echo -n | openssl s_client -connect keycloak.abc.domain.com:443 -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p') && \
echo $CERTS >/usr/local/share/ca-certificates/mycert.crt && \
update-ca-certificates
错误说: 步骤 14/18:运行 CERT = $(echo -n | openssl s_client -connect keycloakt.abc.domain.com:443 -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p') && echo $CERT >/usr/local/share/ca-certificates/mycert.crt && update-ca-certificates
---> Running in 18e319cfa09b
depth=0 C = MX, ST = xx, L = xx, O = xx, OU = xx, CN = *.xx
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=xx C = xx, ST = xx, L = xx, O = xx, OU = xx, CN = *.xx
verify error:num=21:unable to verify the first certificate
verify return:1
DONE
**/bin/sh: CERT: not found**
The command '/bin/sh -c CERT = $(echo -n | openssl s_client -connect
hostname:port -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END
CERTIFICATE-/p') && echo $CERT >/usr/local/share/ca-
certificates/mycert.crt && update-ca-certificates' returned a non-
zero code: 127
我也尝试了 "$CERT" > /usr/local/share/ca-certificates/mycert.crt。 我还尝试从本地
复制证书 #RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
#COPY ./mycert.crt /usr/local/share/ca-certificates/mycert.crt
但是我得到:COPY failed: stat /var/lib/docker/tmp/docker-builder950940816/mycert.crt: no such file or directory
还有其他方法可以在这里传递值吗?任何人都可以指出这两种方法中的任何一种有什么问题吗?
变量赋值包含语法错误。但是,如果您只想将证书写入文件,则没有理由将证书捕获到变量中。
RUN openssl s_client -connect keycloak.abc.domain.com:443 -showcerts </dev/null \
| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p') >/usr/local/share/ca-certificates/mycert.crt && \
update-ca-certificates
这个语法对我有用:
RUN CERT=$(echo -n | openssl s_client -connect keycloakt.abc.domain.com:443 -
showcerts </dev/null \ | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p') && \
echo $CERT >/usr/local/share/ca-certificates/mycert.crt && \
update-ca-certificates
尽管我收到一条警告消息,但它并没有达到为我的 docker 容器导入 ca 证书的目的:
[91ms_client: 不得同时提供 -connect 选项和目标参数 s_client: 使用-help 进行总结。 [0m[91mWARNING: ca-certificates.crt 不完全包含一个证书或 CRL:跳过 [0m[91m警告:ca-cert-mycert.pem 不完全包含一个证书或 CRL:跳过。
但是这个 post 问题已通过@triplee 建议得到解决。谢谢!