Merge remote-tracking branch 'public/master'

mmaehren · mmaehren · commit 7d18b95cb081 · 2023-11-21T13:22:01.000+01:00
diff --git a/certs/Dockerfile b/certs/Dockerfile
@@ -1,10 +1,11 @@
-FROM debian:latest
+FROM alpine:3.18
 
-RUN apt-get update && apt-get install -y \
+RUN apk add \
     openssl \
-    libnss3-tools \
-    default-jdk \
-    curl
+    nss-tools \
+    openjdk8 \
+    curl \
+    && apk cache clean
 
 WORKDIR /certs
 COPY generateCerts.sh cert.cfg /run/
diff --git a/certs/generateCerts.sh b/certs/generateCerts.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 set -eu
 
 WARN='\033[0;31m'
@@ -39,5 +39,6 @@ pk12util -i ec256.p12 -d db -K password -W password
 echo "Creating Java keystore"
 keytool -importkeystore -srckeystore rsa2048.p12 -srcstoretype pkcs12 -destkeystore keys.jks -deststoretype jks -alias cert -destalias rsa2048 -srcstorepass password -deststorepass password
 keytool -importkeystore -srckeystore ec256.p12 -srcstoretype pkcs12 -destkeystore keys.jks -deststoretype jks -alias cert -destalias ec256 -srcstorepass password -deststorepass password
-#use test-ca from rustls
-curl -L https://github.com/ctz/rustls/tarball/master | tar zx --wildcards  --strip-components=1 '*/test-ca/'
+# fetch test-ca from rustls, used for LIBRESSL
+# alpine tar does not have a --wildcards flag. Nonetheless it still extracts correctly but with an error - so use ls to check if it was extracted correctly
+curl -L https://github.com/ctz/rustls/tarball/master | tar x -z --strip-components=1 '*/test-ca/' || ls test-ca/rsa/end.rsa test-ca/rsa/end.fullchain
diff --git a/certs/setup.sh b/certs/setup.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -e
 cd "$(dirname "$0")" || exit 1
 set -eu
 
diff --git a/setup.sh b/setup.sh
@@ -1,12 +1,12 @@
-#!/bin/bash
-cd certs
+#!/bin/bash -e
+cd "$(dirname "$0")" || exit 1
+
 echo "[+] Generate certificates"
-./setup.sh
-cd ..
+./certs/setup.sh
 
 echo "[+] Build base image"
 ./images/baseimage/build-base.sh
 
 echo " "
 echo "To build every available docker image, or every docker image of a specific TLS Libraries, use the 'build-everything.py' script (requires python >=3.7)"
-echo "To build only specific TLS Libraries, use the 'build.sh' scripts inside the subfolders of 'images/'."
+echo "To build only specific TLS Libraries, use the 'build.sh' scripts inside the subfolders of 'images/'."

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-#!/bin/bash`
	`1`	`+#!/bin/bash -e`
`2`	`2`	`cd "$(dirname "$0")" \|\| exit 1`
`3`	`3`	`set -eu`
`4`	`4`