如何将生成的证书内容传递到目标文件

时间:2019-07-30 15:52:53

标签: dockerfile sh alpine

Shell命令无法识别变量

我能够生成证书的内容,但是当我尝试将其传递到容器位置的文件中时,shell无法识别包含证书内容的变量

 RUN apk add ca-certificates
 RUN apk add --no-cache openssl
 RUN CERTS = $(echo -n | openssl s_client -connect keycloak.abc.domain.com:443 -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p') && \
echo $CERTS >/usr/local/share/ca-certificates/mycert.crt && \
update-ca-certificates

错误提示:          步骤14/18:RUN CERT = $(echo -n | openssl s_client -connect           keycloakt.abc.domain.com:443 -showcerts | sed -ne'/ -BEGIN CERTIFICATE-/,/-END CERTIFICATE- / p')&& echo $ CERT> /usr/local/share/ca-certificates/mycert.crt && update-ca-certificates 

    ---> Running in 18e319cfa09b   

    depth=0 C = MX, ST = xx, L = xx, O = xx, OU = xx, CN = *.xx

    verify error:num=20:unable to get local issuer certificate

    verify return:1

    depth=xx C = xx, ST = xx, L = xx, O = xx, OU = xx, CN = *.xx

    verify error:num=21:unable to verify the first certificate

    verify return:1

    DONE

    **/bin/sh: CERT: not found**

    The command '/bin/sh -c CERT = $(echo -n | openssl s_client -connect 
    hostname:port -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END 
    CERTIFICATE-/p') &&     echo $CERT >/usr/local/share/ca- 
    certificates/mycert.crt &&     update-ca-certificates' returned a non- 
    zero code: 127

我也尝试了“ $ CERT”> /usr/local/share/ca-certificates/mycert.crt。 我也尝试从本地

复制证书 
 #RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
 #COPY ./mycert.crt /usr/local/share/ca-certificates/mycert.crt

但是我得到:复制失败:stat /var/lib/docker/tmp/docker-builder950940816/mycert.crt:没有这样的文件或目录

还有另一种在此处传递值的方法吗?谁能指出这两种方法有什么问题?

2 个答案:

答案 0 :(得分:1)

变量分配包含语法错误。但是,如果您只想将证书写入文件中,则没有理由将证书捕获到一个变量中。

change policyEffectiveDate textfield

expect(received).toEqual(expected) // deep equality

Expected: "07/30/2019"
Received: undefined

  48 |     },
  49 |   });
> 50 |   expect(policyEffectiveField.props().value).toEqual(now);

答案 1 :(得分:0)

此语法对我有用:

  RUN CERT=$(echo -n | openssl s_client -connect keycloakt.abc.domain.com:443 - 
    showcerts </dev/null \ | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p') && \
    echo $CERT >/usr/local/share/ca-certificates/mycert.crt && \
    update-ca-certificates

尽管我收到警告消息,但它并没有达到为我的docker容器导入ca-certificate的目的:

[91ms_client:不能同时提供-connect选项和目标参数 s_client:使用-help进行摘要。 [0m [91m警告:ca-certificates.crt不完全包含一个证书或CRL:正在跳过 [0m [91m警告:ca-cert-mycert.pem不完全包含一个证书或CRL:正在跳过。

但是此帖子问题已通过@triplee建议解决。谢谢!

相关问题
最新问题