Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the CA bundle auto fallback for FROM scratch docker from multicurl to here #31

Merged
merged 5 commits into from
Jun 23, 2024
Merged

Add the CA bundle auto fallback for FROM scratch docker from multicurl to here #31

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
791dfb6
Add the CA bundle auto fallback for FROM scratch docker from https://…
ldemailly Jun 23, 2024
3e8d017
move to a seperate file and use negative build tag - thx @hhhapz
ldemailly Jun 23, 2024
24808bd
duh missing file
ldemailly Jun 23, 2024
5673a7b
ahem, move not clone the import
ldemailly Jun 23, 2024
78fcfad
improve the readme's english a little bit
ldemailly Jun 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,4 @@

# Dependency directories (remove the comment below to include it)
# vendor/
.DS_Store
12 changes: 12 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,3 +130,15 @@ Short 'numeric' version (v skipped, useful for docker image tags etc)
% multicurl version
1.10.1
```

### https/tls in FROM scratch docker images

You should always try to use `FROM scratch` Docker images when possible,
it's one of the strength of go.

Using this `fortio.org/cli` as a base makes it work for outcalls to internet valid TLS certs (e.g. https).
It does this by defaulting to the bundle provided by `golang.org/x/crypto/x509roots/fallback` automatically.

See https://github.com/fortio/multicurl for a good example.

If you do not want this behavior, build using `-tag=no_tls_fallback`.
14 changes: 14 additions & 0 deletions ca_bundle.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
// Fortio CLI/Main utilities.
//
// (c) 2024 Fortio Authors
// See LICENSE

//go:build !no_tls_fallback
// +build !no_tls_fallback

package cli // import "fortio.org/cli"

// golang.org/x/crypto/x509roots/fallback blank import below is because this is a base for all our main package,
// the CA bundle is needed for FROM scratch images to work with outcalls to internet valid TLS certs (https).
// See https://github.com/fortio/multicurl/pull/146 for instance.
import _ "golang.org/x/crypto/x509roots/fallback" // This is a base for main, see extended comment above.
1 change: 1 addition & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ go 1.18
require (
fortio.org/log v1.12.2
fortio.org/version v1.0.4
golang.org/x/crypto/x509roots/fallback v0.0.0-20240604170348-d4e7c9cb6cb8
)

require fortio.org/struct2env v0.4.0 // indirect
2 changes: 2 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,5 @@ fortio.org/struct2env v0.4.0 h1:k5alSOTf3YHiB3MuacjDHQ3YhVWvNZ95ZP/a6MqvyLo=
fortio.org/struct2env v0.4.0/go.mod h1:lENUe70UwA1zDUCX+8AsO663QCFqYaprk5lnPhjD410=
fortio.org/version v1.0.4 h1:FWUMpJ+hVTNc4RhvvOJzb0xesrlRmG/a+D6bjbQ4+5U=
fortio.org/version v1.0.4/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0=
golang.org/x/crypto/x509roots/fallback v0.0.0-20240604170348-d4e7c9cb6cb8 h1:+kWDWI3Eb5cPIOr4cP+R2RLDwK3/dXppL+7XmSOh2LA=
golang.org/x/crypto/x509roots/fallback v0.0.0-20240604170348-d4e7c9cb6cb8/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8=