First public version

1 files changed, 33 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..49c66b3
--- /dev/null
+++ b/README.md
@@ -0,0 +1,33 @@
+Dockerized rpki.net RP tool
+===========================
+
+This is a (sort of) Dockerized version of the rpki.net relying party
+toolset.  It would probably horrify any Docker True Believer, and
+there's a lot of stuff I would do differently if I had the time to
+rewrite half of the code, but for the moment the goal is just to get
+the `rpki-rp` package running happily in a container.
+
+The existing Debian package is fairly careful about making sure that
+the actions it performs in its postinst script do the right thing
+whether in a new or existing installation, so all we really need to do
+is arrange to defer running the postinst script until the container
+starts up.
+
+Type `make` to build the image.  If you're paranoid, you might want to
+generate your own `debian:stretch` base image using `debootstrap`
+rather than trusting the one that's available on Dockerhub, but that's
+your call.
+
+See `create.sh` for an example of how one might start up the generated
+container.  One of the things that would probably horrify a True
+Docker Believer is that we run `postgresql` inside the container along
+with everything else, so pay careful attention to the volume mounts.
+
+Essentially the same technique should also work with the `rpki-ca`
+package, except for one thing: the GUI portion of `rpki-ca` depends on
+Django functions which have changed yet again, in incompatible ways,
+and the Django project has this nasty habit of doing that before
+discovering dangerous security issues in their older code.  So until
+we update the GUI portions of `rpki-ca`, your choices are running
+vulnerable code or doing without the GUI.  Code contributions actively
+solicited, since RPKI hasn't been my day job for years.