0

I'm having trouble getting alpine/git to work with Docker Desktop on Windows, when running the first command of the Quick Start (docker run --name repo alpine/git clone https://github.com/docker/getting-started.git) I receive the error:

fatal: unable to access 'https://github.com/docker/getting-started.git/': SSL certificate problem: unable to get local issuer certificate

I'm behind a corporate firewall, so this makes sense. But where I'm confused is how I'm meant to modify the settings for Alpine Git running inside of Docker. As I understand it, Docker runs in a virtual Linux environment, so I'm not going to be able to just drag and drop the certificate files into whatever directory Docker is expecting.

I would try doing docker run to get the gitconfig updated, but that wouldn't work because a) I can't clone a repo to start as an image and b) the path to the cert wouldn't be valid because the cert is on my OS's file system.

I've tried following this guide on exploring the file system Docker uses, but this is read only so I can't feed the certificate data into a file there.

How can I update Alpine Git's certificates when I can't clone a repository to make a container?

Edit: I have no idea what I'm doing with docker files, but at the suggestion of torek I've tried editing the alpine git docker file like below, but it doesn't seem to work correctly, giving me the error Unsupported SSL backend 'schannel'. Supported SSL backends: openssl despite having tried to set the config in the Docker file.

FROM alpine

RUN apk fix && \
    apk --no-cache --update add git git-lfs less openssh && \
    git lfs install && \
    git config --system http.sslCAInfo /root.crt && \
    git config --unset-all http.sslBackend

VOLUME /git
WORKDIR /git

COPY root.crt /

ENTRYPOINT ["git"]
CMD ["--help"]

Again I don't really know what I'm doing here, so if I have some fundamental misunderstanding of how Docker images/files work, please advise.

Gumpf
  • 197
  • 7
  • This isn't *quite* a Git issue. Git doesn't do its own certificate stuff: it relies on the system's `libcurl` library (when using `https` anyway). So it's a libcurl issue. But, as you correctly note, if you try to fix it inside the container after creating the container with the wrong certificates, you can't, because you must use the certificate to get the certificate, making this a *bootstrap* issue. The solution for every bootstrap issue is "do it earlier": make your Docker image by taking the Alpine image, then adding the certificate, then writing that as the Docker image *you* will use. – torek Jun 21 '22 at 06:52
  • You'll still have to come up with some way to add the certificate: probably via copying it from a file you set up before you use `docker build` with a dockerfile that builds the container you'll use later to build your containers. – torek Jun 21 '22 at 06:53
  • @torek Thanks for the response, tried following your advice but was unsure exactly how to execute it, I've edited me question accordingly. – Gumpf Jun 21 '22 at 19:58
  • You've moved on to a new problem, which actually *is* a Git problem now! The `http.sslBackend` configuration item is a workaround for various things that come up on Windows, apparently; it shouldn't be used at all on Linux. See [git fatal error: Unsupported SSL backend 'schannel'](https://stackoverflow.com/q/66862358/1256452). – torek Jun 21 '22 at 20:06

0 Answers0