Created
October 4, 2021 21:27
-
-
Save conorsch/ae345542b3ff9707c5f64ebc40312053 to your computer and use it in GitHub Desktop.
docker STR to observe LE failure on FPF apt-test repo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Intentionally using an old tag, to test old Focal packages | |
# See here for options: https://quay.io/repository/freedomofpress/sd-docker-builder-focal?tab=tags | |
# See related expiry info for LE HTTPS certs here: | |
# https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ | |
FROM quay.io/freedomofpress/sd-docker-builder-focal:2021_04_14 | |
RUN apt-get update && apt-get install -y curl apt-transport-https gnupg2 | |
# Uncomment the upgrade task below to see a working build! | |
# RUN apt-get upgrade -y | |
RUN echo "deb [arch=amd64] https://apt-test.freedom.press focal main" | tee /etc/apt/sources.list.d/fpf-apt-test-repo.list | |
RUN curl -s https://raw.githubusercontent.com/freedomofpress/securedrop/develop/install_files/ansible-base/roles/install-fpf-repo/files/apt-test-signing-key.pub | apt-key add - | |
# The following line fails, with: | |
# | |
# 9 0.711 Err:4 https://apt-test.freedom.press focal Release | |
# 9 0.711 Certificate verification failed: The certificate is NOT trusted. | |
# The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 206.81.1.102 443] | |
# | |
RUN apt-get update |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment