|
@@ -0,0 +1,33 @@
|
|
|
+Dockerized rpki.net RP tool
|
|
|
+===========================
|
|
|
+
|
|
|
+This is a (sort of) Dockerized version of the rpki.net relying party
|
|
|
+toolset. It would probably horrify any Docker True Believer, and
|
|
|
+there's a lot of stuff I would do differently if I had the time to
|
|
|
+rewrite half of the code, but for the moment the goal is just to get
|
|
|
+the `rpki-rp` package running happily in a container.
|
|
|
+
|
|
|
+The existing Debian package is fairly careful about making sure that
|
|
|
+the actions it performs in its postinst script do the right thing
|
|
|
+whether in a new or existing installation, so all we really need to do
|
|
|
+is arrange to defer running the postinst script until the container
|
|
|
+starts up.
|
|
|
+
|
|
|
+Type `make` to build the image. If you're paranoid, you might want to
|
|
|
+generate your own `debian:stretch` base image using `debootstrap`
|
|
|
+rather than trusting the one that's available on Dockerhub, but that's
|
|
|
+your call.
|
|
|
+
|
|
|
+See `create.sh` for an example of how one might start up the generated
|
|
|
+container. One of the things that would probably horrify a True
|
|
|
+Docker Believer is that we run `postgresql` inside the container along
|
|
|
+with everything else, so pay careful attention to the volume mounts.
|
|
|
+
|
|
|
+Essentially the same technique should also work with the `rpki-ca`
|
|
|
+package, except for one thing: the GUI portion of `rpki-ca` depends on
|
|
|
+Django functions which have changed yet again, in incompatible ways,
|
|
|
+and the Django project has this nasty habit of doing that before
|
|
|
+discovering dangerous security issues in their older code. So until
|
|
|
+we update the GUI portions of `rpki-ca`, your choices are running
|
|
|
+vulnerable code or doing without the GUI. Code contributions actively
|
|
|
+solicited, since RPKI hasn't been my day job for years.
|