[SOLVED] vbatts/slackware docker image can't connect to https

ricky_cardo · 03-06-2021, 10:48 PM

So I've been playing with a docker image from vbatts
mentioned here:
https://docs.slackware.com/howtos:mi...e_docker_image

But I seem to have issues connecting to https urls.

example:

Code:

sh-5.0#  wget https://github.com/sbopkg/sbopkg/releases/download/0.38.1/sbopkg-0.38.1-noarch-1_wsr.tgz
--2021-03-07 04:35:00--  https://github.com/sbopkg/sbopkg/releases/download/0.38.1/sbopkg-0.38.1-noarch-1_wsr.tgz
Resolving github.com (github.com)... 140.82.113.3
Connecting to github.com (github.com)|140.82.113.3|:443... connected.
ERROR: cannot verify github.com's certificate, issued by 'CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US':
  Unable to locally verify the issuer's authority.
To connect to github.com insecurely, use `--no-check-certificate'.
'.

I've added :

Code:

    slackpkg -batch=on -default_answer=y install ca-certificates   
    slackpkg -batch=on -default_answer=y install openssl-solibs

is there some other packages I should add to support https (ssl) webpages via wget

((use `--no-check-certificate'. does work but would like to not be doing this))

0XBF · 03-07-2021, 08:31 AM

Try running "/usr/sbin/update-ca-certificates" which should come from the ca-certificates package.

ponce · 03-07-2021, 11:58 AM

if you want ssl support in wget you will need openssl, not openssl-solibs, because it includes the perl utility (you will need perl too) c_rehash, that is needed by the ca-certificates utility update-ca-certificates.

ricky_cardo · 03-07-2021, 09:48 PM

Thanks for suggestions!!! Still working at it. (I must be missing something else fundamental)

Code:

sh-5.0# slackpkg search ssl        
Looking for ssl in package list. Please wait... DONE
The list below shows all packages with name matching "ssl".
[ installed ] - openssl-solibs-1.1.1j-x86_64-1
[ installed ] - openssl-1.1.1j-x86_64-1
You can search specific files using "slackpkg file-search file".

sh-5.0# slackpkg search perl
Looking for perl in package list. Please wait... DONE
The list below shows all packages with name matching "perl".
[ installed ] - perl-5.32.1-x86_64-2
You can search specific files using "slackpkg file-search file".


sh-5.0# slackpkg search ca-cer
Looking for ca-cer in package list. Please wait... DONE
The list below shows all packages with name matching "ca-cer".
[ installed ] - ca-certificates-20201219-noarch-3
You can search specific files using "slackpkg file-search file".


sh-5.0# /usr/sbin/update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
sh-5.0# wget https://github.com/sbopkg/sbopkg/releases/download/0.38.1/sbopkg-0.38.1-noarch-1_wsr.tgz
--2021-03-08 02:48:06--  https://github.com/sbopkg/sbopkg/releases/download/0.38.1/sbopkg-0.38.1-noarch-1_wsr.tgz
Resolving github.com (github.com)... 140.82.114.4
Connecting to github.com (github.com)|140.82.114.4|:443... connected.
ERROR: cannot verify github.com's certificate, issued by 'CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US':
  Unable to locally verify the issuer's authority.
To connect to github.com insecurely, use `--no-check-certificate'.

I'm going to stay at it though good learning experience

Here are the all installed packages:

Code:

aaa_base-14.2-x86_64-7
aaa_glibc-solibs-2.33-x86_64-1
aaa_libraries-15.0-x86_64-3
aaa_terminfo-6.2_20201219-x86_64-4
autoconf-2.69-noarch-4
autoconf-archive-2021.02.19-noarch-1
automake-1.16.2-noarch-3
bash-5.1.004-x86_64-3
bin-11.1-x86_64-5
binutils-2.36.1-x86_64-2
bzip2-1.0.8-x86_64-3
ca-certificates-20201219-noarch-3
cmake-3.19.6-x86_64-1
coreutils-8.32-x86_64-3
cyrus-sasl-2.1.27-x86_64-7
dcron-4.5-x86_64-11
dialog-1.3_20210306-x86_64-1
diffutils-3.7-x86_64-3
elvis-2.2_0-x86_64-7
etc-15.0-x86_64-14
extra-cmake-modules-5.79.0-x86_64-1
file-5.39-x86_64-3
findutils-4.8.0-x86_64-3
gawk-5.1.0-x86_64-3
gcc-10.2.0-x86_64-4
gcc-brig-10.2.0-x86_64-4
gcc-g++-10.2.0-x86_64-4
gcc-gdc-10.2.0-x86_64-4
gcc-gfortran-10.2.0-x86_64-4
gcc-gnat-10.2.0-x86_64-4
gcc-go-10.2.0-x86_64-4
gcc-objc-10.2.0-x86_64-4
gccmakedep-1.0.3-noarch-4
gettext-0.21-x86_64-3
gettext-tools-0.21-x86_64-3
git-2.30.1-x86_64-3
glibc-2.33-x86_64-1
glibc-i18n-2.33-x86_64-1
glibc-profile-2.33-x86_64-1
glibc-zoneinfo-2021a-noarch-1
gmp-6.2.1-x86_64-3
gnupg-1.4.23-x86_64-4
grep-3.6-x86_64-3
gzip-1.10-x86_64-3
intltool-0.51.0-x86_64-6
iproute2-5.11.0-x86_64-1
kernel-headers-5.10.21-x86-1
libcgroup-0.41-x86_64-9
libffi-3.3-x86_64-3
libmpc-1.2.1-x86_64-3
libpsl-0.21.1-x86_64-4
libtool-2.4.6-x86_64-16
libunistring-0.9.10-x86_64-3
libxslt-1.1.34-x86_64-3
lzlib-1.12-x86_64-3
m4-1.4.18-x86_64-4
make-4.3-x86_64-3
mpfr-4.1.0-x86_64-3
ncurses-6.2_20201219-x86_64-4
net-tools-20181103_0eebece-x86_64-3
oniguruma-6.9.6-x86_64-3
openssl-1.1.1j-x86_64-1
openssl-solibs-1.1.1j-x86_64-1
patch-2.7.6-x86_64-5
pcre-8.44-x86_64-3
pcre2-10.36-x86_64-3
perl-5.32.1-x86_64-2
pkg-config-0.29.2-x86_64-4
pkgtools-15.0-noarch-37
procps-ng-3.3.17-x86_64-2
python-pip-21.0.1-x86_64-2
python3-3.9.2-x86_64-1
rsync-3.2.3-x86_64-4
sed-4.8-x86_64-3
shadow-4.8.1-x86_64-12
slackpkg-15.0-noarch-3
sysfsutils-2.1.0-x86_64-4
tar-1.34-x86_64-1
time-1.9-x86_64-4
tmux-3.1c-x86_64-3
tree-1.8.0-x86_64-3
utempter-1.2.0-x86_64-3
util-linux-2.36.2-x86_64-2
vim-8.2.2541-x86_64-1
vim-gvim-8.2.2541-x86_64-1
wget-1.21.1-x86_64-3
which-2.21-x86_64-4
xz-5.2.5-x86_64-3
zlib-1.2.11-x86_64-4

As an FYI the 14.2 container from vbatts has a similar package list, but does not suffer from the ssl issue.

-- anyone interested in testing:
14.2:

Code:

docker run --rm -it  vbatts/slackware:latest   /bin/sh

current:

Code:

docker run --rm -it  vbatts/slackware:current   /bin/sh

ponce · 03-08-2021, 07:11 AM

you can try adding also p11-kit, nettle and libtasn1.

to force an update you can also launch update-ca-certificates with the -f ("fresh") command-line option.

EDIT: ok, I'll leave here the test I have done:

Code:

docker run -it vbatts/slackware:current /usr/bin/bash
ln -s /usr/bin/elvis /usr/bin/vi # because!
slackpkg update
slackpkg install aaa_glibc-solibs aaa_libraries
removepkg glibc-solibs aaa_elflibs
slackpkg update
slackpkg upgrade slackpkg
slackpkg new-config
slackpkg upgrade pkgtools
slackpkg upgrade-all
slackpkg install e2fsprogs libtasn1 nettle perl p11-kit ca-certificates # openssl is already installed in the default image, perl depends on e2fsprogs!
update-ca-certificates -f

then wget of an ssl link worked without errors.

ricky_cardo · 03-08-2021, 02:47 PM

Quote:

Originally Posted by ponce

you can try adding also p11-kit, nettle and libtasn1.

to force an update you can also launch update-ca-certificates with the -f ("fresh") command-line option.

EDIT: ok, I'll leave here the test I have done:

Code:

docker run -it vbatts/slackware:current /usr/bin/bash
ln -s /usr/bin/elvis /usr/bin/vi # because!
slackpkg update
slackpkg install aaa_glibc-solibs aaa_libraries
removepkg glibc-solibs aaa_elflibs
slackpkg update
slackpkg upgrade slackpkg
slackpkg new-config
sed -i '/^http/s/https:\/\/mirrors\.slackware\.com\/slackware\/slackware64-14\.2/http:\/\/mirrors\.us\.kernel\.org\/slackware\/slackware64-current/' /etc/slackpkg/mirrors
slackpkg upgrade pkgtools
slackpkg upgrade-all
slackpkg install e2fsprogs libtasn1 nettle perl p11-kit ca-certificates # openssl is already installed in the default image, perl depends on e2fsprogs!
update-ca-certificates -f

then wget of an ssl link worked without errors.

Thank you ponce! Very good and concise.

Worked like a champ!!!
--I definately was not adding ( e2fsprogs libtasn1 nettle p11-kit)

I added this just to modify /etc/slackpkg/mirrors (after the update)

Code:

sed -i '/^http/s/https:\/\/mirrors\.slackware\.com\/slackware\/slackware64-14\.2/http:\/\/mirrors\.us\.kernel\.org\/slackware\/slackware64-current/' /etc/slackpkg/mirrors

ricky_cardo · 03-08-2021, 03:57 PM

Here's the docker file I've been putting together for anyone who wants an example: (just followed vbatts example and suggestions from ponce)

Code:

#build on the work of vbatts (thanks ponce too for assistance)
from vbatts/slackware:current
RUN mkdir -p ${ROOT}/var/lib/slackpkg && \
    touch ${ROOT}/var/lib/slackpkg/current

RUN ln -s /usr/bin/elvis /usr/bin/vi # because!
RUN slackpkg update gpg
RUN slackpkg -batch=on -default_answer=y update
RUN slackpkg -batch=on -default_answer=y install aaa_glibc-solibs aaa_libraries
RUN slackpkg -batch=on -default_answer=y removepkg glibc-solibs aaa_elflibs
RUN slackpkg -batch=on -default_answer=y upgrade slackpkg
RUN slackpkg -batch=on -default_answer=y new-config
RUN mv ${ROOT}/etc/slackpkg/slackpkg.conf.new ${ROOT}/etc/slackpkg/slackpkg.conf
RUN mv ${ROOT}/etc/slackpkg/blacklist.new ${ROOT}/etc/slackpkg/blacklist
RUN mv ${ROOT}/etc/slackpkg/mirrors.new ${ROOT}/etc/slackpkg/mirrors
RUN sed -i '/^http/s/https:\/\/mirrors\.slackware\.com\/slackware\/slackware64-14\.2/http:\/\/mirrors\.us\.kernel\.org\/slackware\/slackware64-current/' /etc/slackpkg/mirrors
RUN slackpkg -batch=on -default_answer=y update
RUN slackpkg -batch=on -default_answer=y upgrade pkgtools
RUN slackpkg -batch=on -default_answer=y upgrade-all
RUN mv ${ROOT}/etc/iproute2/rt_protos.new ${ROOT}/etc/iproute2/rt_protos
# openssl is already installed in the default image, perl depends on e2fsprogs!
RUN slackpkg -batch=on -default_answer=y install e2fsprogs libtasn1 nettle perl p11-kit ca-certificates
RUN update-ca-certificates -f

#DEPS
RUN slackpkg -batch=on -default_answer=y install dcron && \
    slackpkg -batch=on -default_answer=y install vim sasl rsync-* glibc-*  && \
    slackpkg -batch=on -default_answer=y install automake gcc pkg-config binutils && \
    slackpkg -batch=on -default_answer=y install libffi gettext-tools intltool  && \
    slackpkg -batch=on -default_answer=y install gmp libsodium openssl-solibs && \
    slackpkg -batch=on -default_answer=y install kernel-headers m4 libmpc pcre libxslt
#MORE DEPS
RUN slackpkg -batch=on -default_answer=y install zlib && \
    slackpkg -batch=on -default_answer=y install lzlib && \
    slackpkg -batch=on -default_answer=y install make && \
    slackpkg -batch=on -default_answer=y install cmake && \
    slackpkg -batch=on -default_answer=y install gccmakedep && \
    slackpkg -batch=on -default_answer=y install tmux && \
    slackpkg -batch=on -default_answer=y install git && \
    slackpkg -batch=on -default_answer=y install libtool && \
    slackpkg -batch=on -default_answer=y install autoconf && \
    slackpkg -batch=on -default_answer=y install autoconf-archive && \
    slackpkg -batch=on -default_answer=y install python3 && \
    slackpkg -batch=on -default_answer=y install python-pip oniguruma

RUN echo "REPO_NAME=SBo-git" >> ${ROOT}/root/.sbopkg.conf && \
    echo "REPO_BRANCH=current" >> ${ROOT}/root/.sbopkg.conf

#RUN \
#    mkdir -p /tmp/install && cd /tmp/install && \
#       wget -c https://github.com/sbopkg/sbopkg/releases/download/0.38.1/sbopkg-0.38.1-noarch-1_wsr.tgz && \
#       installpkg sbopkg-0.38.1-noarch-1_wsr.tgz && \
#       mkdir -p /var/lib/sbopkg/SBo-git && \
#       mkdir -p /var/lib/sbopkg/queues && \
#       mkdir -p /var/cache/sbopkg && \
#       mkdir -p /var/log/sbopkg && \
#       mkdir -p /tmp/SBo && \
#       sbopkg -r && \
#       sbopkg -B -i dos2unix  #comeback to later
#       sbopkg -B -i sbotools && \
#       sbopkg -B -i ghc && \
#	sbosnap fetch && \
#	sboinstall -r oniguruma && \
#       sboinstall -r jq
        


RUN chmod +x /etc/rc.d/rc.crond 
RUN /etc/rc.d/rc.crond start


#RUN chmod +x /root/run.sh

#CMD ["/root/run.sh"]

#interactive : docker run -i -t vbatts/slackware:current /bin/sh
# or
# docker run --rm -it vbatts/slackware:current /bin/sh

#BUILD:
#docker build --tag slackware-current:local ./

#RUN
#docker run --rm -it slackware-current:local /bin/sh