Add the CA bundle auto fallback for FROM scratch docker from multicur…

…l to here (#31) * Add the CA bundle auto fallback for FROM scratch docker from fortio/multicurl#146 here * move to a seperate file and use negative build tag - thx @hhhapz
fortio · Jun 23, 2024 · cc90dd3 · cc90dd3
1 parent 1396d96
commit cc90dd3
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -14,3 +14,4 @@
 
 # Dependency directories (remove the comment below to include it)
 # vendor/
+.DS_Store
diff --git a/README.md b/README.md
@@ -130,3 +130,15 @@ Short 'numeric' version (v skipped, useful for docker image tags etc)
  % multicurl version
 1.10.1
 ```
+
+### https/tls in FROM scratch docker images
+
+You should always try to use `FROM scratch` Docker images when possible,
+it's one of the strength of go.
+
+Using this `fortio.org/cli` as a base makes it work for outcalls to internet valid TLS certs (e.g. https).
+It does this by defaulting to the bundle provided by `golang.org/x/crypto/x509roots/fallback` automatically.
+
+See https://github.com/fortio/multicurl for a good example.
+
+If you do not want this behavior, build using `-tag=no_tls_fallback`.
diff --git a/ca_bundle.go b/ca_bundle.go
@@ -0,0 +1,14 @@
+// Fortio CLI/Main utilities.
+//
+// (c) 2024 Fortio Authors
+// See LICENSE
+
+//go:build !no_tls_fallback
+// +build !no_tls_fallback
+
+package cli // import "fortio.org/cli"
+
+// golang.org/x/crypto/x509roots/fallback blank import below is because this is a base for all our main package,
+// the CA bundle is needed for FROM scratch images to work with outcalls to internet valid TLS certs (https).
+// See https://github.com/fortio/multicurl/pull/146 for instance.
+import _ "golang.org/x/crypto/x509roots/fallback" // This is a base for main, see extended comment above.
diff --git a/go.mod b/go.mod
@@ -5,6 +5,7 @@ go 1.18
 require (
 	fortio.org/log v1.12.2
 	fortio.org/version v1.0.4
+	golang.org/x/crypto/x509roots/fallback v0.0.0-20240604170348-d4e7c9cb6cb8
 )
 
 require fortio.org/struct2env v0.4.0 // indirect
diff --git a/go.sum b/go.sum
@@ -4,3 +4,5 @@ fortio.org/struct2env v0.4.0 h1:k5alSOTf3YHiB3MuacjDHQ3YhVWvNZ95ZP/a6MqvyLo=
 fortio.org/struct2env v0.4.0/go.mod h1:lENUe70UwA1zDUCX+8AsO663QCFqYaprk5lnPhjD410=
 fortio.org/version v1.0.4 h1:FWUMpJ+hVTNc4RhvvOJzb0xesrlRmG/a+D6bjbQ4+5U=
 fortio.org/version v1.0.4/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0=
+golang.org/x/crypto/x509roots/fallback v0.0.0-20240604170348-d4e7c9cb6cb8 h1:+kWDWI3Eb5cPIOr4cP+R2RLDwK3/dXppL+7XmSOh2LA=
+golang.org/x/crypto/x509roots/fallback v0.0.0-20240604170348-d4e7c9cb6cb8/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8=