Rob Austein e6fce11310 Add "base:" target. | 5 rokov pred | |
---|---|---|
.dockerignore | 5 rokov pred | |
.gitignore | 5 rokov pred | |
Dockerfile | 5 rokov pred | |
Makefile | 5 rokov pred | |
README.md | 5 rokov pred | |
create.sh | 5 rokov pred | |
startup.sh | 5 rokov pred |
This is a (sort of) Dockerized version of the rpki.net relying party
toolset. It would probably horrify any Docker True Believer, and
there's a lot of stuff I would do differently if I had the time to
rewrite half of the code, but for the moment the goal is just to get
the rpki-rp
package running happily in a container.
The existing Debian package is fairly careful about making sure that the actions it performs in its postinst script do the right thing whether in a new or existing installation, so all we really need to do is arrange to defer running the postinst script until the container starts up.
If you're paranoid, you might want to generate your own
debian:stretch
base image first, using debootstrap
rather than
trusting the one that's available on Dockerhub, but that's your call.
The Makefile
assumes that you've configured APT according to the
instructions at https://download.rpki.net/APTng/debian/ so that
apt-get download
can find the package. Type make
to build the
image.
See create.sh
for an example of how one might start up the generated
container. One of the things that would probably horrify a True
Docker Believer is that we run postgresql
inside the container along
with everything else, so pay careful attention to the volume mounts.
Essentially the same technique should also work with the rpki-ca
package, except for one thing: the GUI portion of rpki-ca
depends on
Django functions which have changed yet again, in incompatible ways,
and the Django project has this nasty habit of doing that before
discovering dangerous security issues in their older code. So until
we update the GUI portions of rpki-ca
, your choices are running
vulnerable code or doing without the GUI. Code contributions actively
solicited, since RPKI hasn't been my day job for years.