Docker-alpine: ca-certificates not installed properly

Created on 7 Mar 2016 · 5Comments · Source: gliderlabs/docker-alpine

I did a apk add ca-certificates but the folder structure "/etc/ssl" is missing.

When I try to run update-ca-certificates it tells me the exact same thing:

Failed to open temporary file /etc/ssl/certs/bundleXXXXXX for ca bundle

What am I doing wrong? I am running in alpine:edge

question

Source

konradjurk

Most helpful comment

Shit, my Dockerfile does a rm -rf /etc/ssl. Maybe thats the cause :P

Sorry for wasting your time, but the file is long and I didn't see it before...

konradjurk on 7 Mar 2016

👍4 😄1

All 5 comments

Hmmm, seems to work for me:

$ dri alpine ash -c "apk --no-cache add ca-certificates && update-ca-certificates"
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
4d06f2521e4f: Already exists 
Digest: sha256:7739b19a213f3a0aa8dacbd5898c8bd467e6eaf71074296a3d75824e76257396
Status: Downloaded newer image for alpine:latest
fetch http://dl-cdn.alpinelinux.org/alpine/v3.3/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.3/community/x86_64/APKINDEX.tar.gz
(1/2) Installing openssl (1.0.2g-r0)
(2/2) Installing ca-certificates (20160104-r2)
Executing busybox-1.24.1-r7.trigger
Executing ca-certificates-20160104-r2.trigger
OK: 6 MiB in 13 packages
WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping

Can you give some more debugging info? How did you start the container?

andyshinn on 7 Mar 2016

I just tried it with alpine:3.2 and it works for me, too. Unfortunately, I have to use alpine:edge because I need a package from the "testing" repository. I am starting as a privileged container

konradjurk on 7 Mar 2016

It also works for me in edge as well. So something else might be up:

$ dri alpine:edge ash -c "apk --no-cache add ca-certificates && update-ca-certificates && ls -al /etc/ssl/"      
fetch http://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
(1/2) Installing openssl (1.0.2g-r2)
(2/2) Installing ca-certificates (20160104-r2)
Executing busybox-1.24.1-r8.trigger
Executing ca-certificates-20160104-r2.trigger
OK: 6 MiB in 13 packages
WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
total 48
drwxr-xr-x    5 root     root          4096 Mar  7 18:40 .
drwxr-xr-x   16 root     root          4096 Mar  7 18:40 ..
drwxr-xr-x    2 root     root         20480 Mar  7 18:40 certs
drwxr-xr-x    2 root     root          4096 Mar  7 18:40 misc
-rw-r--r--    1 root     root         10835 Mar  3 21:25 openssl.cnf
drwxr-xr-x    2 root     root          4096 Mar  7 18:40 private

Is the container commands being run as a normal user maybe?

andyshinn on 7 Mar 2016

Shit, my Dockerfile does a rm -rf /etc/ssl. Maybe thats the cause :P

Sorry for wasting your time, but the file is long and I didn't see it before...

konradjurk on 7 Mar 2016

👍4 😄1

It's probably a node-js build, cause the same type of thing got me...