-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.rkngitar
45 lines (42 loc) · 2.02 KB
/
Dockerfile.rkngitar
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Both debian:buster-slim and ubuntu:18.04 work
FROM ubuntu:22.04
# schors/gost-russian-ca bundle is not sufficient to verify all the available
# dumps. These files are downloaded from http://certenroll.ca.rt.ru/
# That web endpoint is down as of 06-May-2023 so the files are bundled.
COPY \
certenroll.ca.rt.ru/ca_rtk.crt \
certenroll.ca.rt.ru/ca_rtk2.crt \
certenroll.ca.rt.ru/ca_rtk3.crt \
certenroll.ca.rt.ru/ca_rtk4.crt \
certenroll.ca.rt.ru/ca_rtk5.crt \
certenroll.ca.rt.ru/ca_rtk6.crt \
certenroll.ca.rt.ru/ca_rtk_gost2012.crt \
/tmp/
RUN set -ex \
&& sed -i s,http://archive.ubuntu.com/ubuntu/,mirror://mirrors.ubuntu.com/mirrors.txt, /etc/apt/sources.list \
&& apt-get update \
&& apt-get -y --no-install-recommends install \
ca-certificates \
git \
libengine-gost-openssl1.1 \
openssh-client \
openssl \
python3-pip python3-setuptools python3-wheel \
python3-requests \
wget \
&& pip3 install prometheus_client \
&& wget -O /tmp/gost-ca.tar.gz https://github.com/schors/gost-russian-ca/archive/f7a5a4e6084363b052dbecb788d1e7b0626cc71a.tar.gz \
&& tar -x -C /tmp -f /tmp/gost-ca.tar.gz \
&& mv /tmp/gost-russian-ca-????????????????????????????????????????/certs /opt/russian-certs \
&& for f in '' 2 4 5 6 _gost2012; do openssl x509 -inform DER -outform PEM -in /tmp/ca_rtk${f}.crt >/opt/russian-certs/ca_rtk${f}.crt; done \
&& cp /tmp/ca_rtk3.crt /opt/russian-certs/ \
&& c_rehash /opt/russian-certs \
&& mkdir -m 0700 /root/.ssh \
&& ssh-keyscan github.com >>/etc/ssh/ssh_known_hosts \
&& rm -rf /var/lib/apt/lists/* /root/.cache /tmp/* /var/tmp/* \
&& if [ -d /usr/lib/x86_64-linux-gnu/engines-3 -a ! -e /usr/lib/x86_64-linux-gnu/engines-3/gost.so -a -f /gost.so ]; then ln -s /gost.so /usr/lib/x86_64-linux-gnu/engines-3/gost.so; fi \
&& :
COPY rkndex /usr/local/lib/python3.10/dist-packages/rkndex
COPY rkngitar /opt/rkngitar
COPY ssh_config /root/.ssh/config
ENTRYPOINT ["/opt/rkngitar"]