Sin descripción

Rob Austein e6fce11310 Add "base:" target. hace 5 años
.dockerignore 75f091a800 First public version hace 5 años
.gitignore 75f091a800 First public version hace 5 años
Dockerfile e6fce11310 Add "base:" target. hace 5 años
Makefile e6fce11310 Add "base:" target. hace 5 años
README.md 8a7eb9d54b Supply pointer to APT instructions, fix minor doc nits. hace 5 años
create.sh 75f091a800 First public version hace 5 años
startup.sh 8a7eb9d54b Supply pointer to APT instructions, fix minor doc nits. hace 5 años

README.md

Dockerized rpki.net RP tool

This is a (sort of) Dockerized version of the rpki.net relying party toolset. It would probably horrify any Docker True Believer, and there's a lot of stuff I would do differently if I had the time to rewrite half of the code, but for the moment the goal is just to get the rpki-rp package running happily in a container.

The existing Debian package is fairly careful about making sure that the actions it performs in its postinst script do the right thing whether in a new or existing installation, so all we really need to do is arrange to defer running the postinst script until the container starts up.

If you're paranoid, you might want to generate your own debian:stretch base image first, using debootstrap rather than trusting the one that's available on Dockerhub, but that's your call.

The Makefile assumes that you've configured APT according to the instructions at https://download.rpki.net/APTng/debian/ so that apt-get download can find the package. Type make to build the image.

See create.sh for an example of how one might start up the generated container. One of the things that would probably horrify a True Docker Believer is that we run postgresql inside the container along with everything else, so pay careful attention to the volume mounts.

Essentially the same technique should also work with the rpki-ca package, except for one thing: the GUI portion of rpki-ca depends on Django functions which have changed yet again, in incompatible ways, and the Django project has this nasty habit of doing that before discovering dangerous security issues in their older code. So until we update the GUI portions of rpki-ca, your choices are running vulnerable code or doing without the GUI. Code contributions actively solicited, since RPKI hasn't been my day job for years.