From 75f091a80059ca6c8dc8b2c93ebf16f6effb892d Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Tue, 3 Sep 2019 19:06:01 +0000
Subject: First public version

---
 README.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 README.md

(limited to 'README.md')

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..49c66b3
--- /dev/null
+++ b/README.md
@@ -0,0 +1,33 @@
+Dockerized rpki.net RP tool
+===========================
+
+This is a (sort of) Dockerized version of the rpki.net relying party
+toolset.  It would probably horrify any Docker True Believer, and
+there's a lot of stuff I would do differently if I had the time to
+rewrite half of the code, but for the moment the goal is just to get
+the `rpki-rp` package running happily in a container.
+
+The existing Debian package is fairly careful about making sure that
+the actions it performs in its postinst script do the right thing
+whether in a new or existing installation, so all we really need to do
+is arrange to defer running the postinst script until the container
+starts up.
+
+Type `make` to build the image.  If you're paranoid, you might want to
+generate your own `debian:stretch` base image using `debootstrap`
+rather than trusting the one that's available on Dockerhub, but that's
+your call.
+
+See `create.sh` for an example of how one might start up the generated
+container.  One of the things that would probably horrify a True
+Docker Believer is that we run `postgresql` inside the container along
+with everything else, so pay careful attention to the volume mounts.
+
+Essentially the same technique should also work with the `rpki-ca`
+package, except for one thing: the GUI portion of `rpki-ca` depends on
+Django functions which have changed yet again, in incompatible ways,
+and the Django project has this nasty habit of doing that before
+discovering dangerous security issues in their older code.  So until
+we update the GUI portions of `rpki-ca`, your choices are running
+vulnerable code or doing without the GUI.  Code contributions actively
+solicited, since RPKI hasn't been my day job for years.
-- 
cgit v1.2.3