我尝试使用我的泊坞窗文件在docker镜像中安装证书
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64
COPY app-module/src/main/resources/certificates/A.crt /etc/ssl/certs/
COPY app-module/src/main/resources/certificates/B.crt /etc/ssl/certs/
RUN $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -file /etc/ssl/certs/A.crt -alias A
RUN $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -file /etc/ssl/certs/B.crt -alias B
我收到错误
keytool error: java.io.FileNotFoundException: /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts (Permission denied)
我发现其他答案建议以root / administrator模式运行上述命令。但是,我在Dockerfile中运行这些命令。我如何通过此错误?
答案 0 :(得分:2)
docker中的默认用户是root。我相信,出于安全考虑,您的组织已将其设置为root以外的用户。您需要更改为root用户,然后更改回组织设置的任何用户。
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64
COPY app-module/src/main/resources/certificates/A.crt /etc/ssl/certs/
COPY app-module/src/main/resources/certificates/B.crt /etc/ssl/certs/
#change to user root to install certificates
USER root
RUN $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -file /etc/ssl/certs/A.crt -alias A
RUN $JAVA_HOME/bin/keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt -file /etc/ssl/certs/B.crt -alias B
#change to user oldUser to comply with organisation standards
USER oldUser