Add the CA bundle auto fallback for FROM scratch docker from fortio/m…

…ulticurl#146 here
fortio · Jun 23, 2024 · 791dfb6 · 791dfb6
1 parent 1396d96
commit 791dfb6
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -130,3 +130,13 @@ Short 'numeric' version (v skipped, useful for docker image tags etc)
  % multicurl version
 1.10.1
 ```
+
+### https/tls in FROM scratch docker images
+
+You should always try to use `FROM scratch` Docker images when possible,
+it's one of the strength of go.
+
+Using this `fortio.org/cli` as a base makes it work
+for TLS by defaulting to the bundle provided by `golang.org/x/crypto/x509roots/fallback` automatically.
+
+See https://github.com/fortio/multicurl for a good example.
diff --git a/cli.go b/cli.go
@@ -22,8 +22,13 @@ import (
 
 	"fortio.org/log"
 	"fortio.org/version"
+	_ "golang.org/x/crypto/x509roots/fallback" // This is a base for main, see extended comment below.
 )
 
+// golang.org/x/crypto/x509roots/fallback blank import above is because this is a base for all our main package,
+// the CA bundle is needed for FROM scratch images to work with outcalls to internet valid TLS certs (https).
+// See https://github.com/fortio/multicurl/pull/146 for instance.
+
 // Configuration for your Main() or ServerMain() function.
 // These variables is how to setup the arguments, flags and usage parsing for [Main] and [ServerMain].
 // At minium set the MinArgs should be set.

diff --git a/go.mod b/go.mod
@@ -5,6 +5,7 @@ go 1.18
 require (
 	fortio.org/log v1.12.2
 	fortio.org/version v1.0.4
+	golang.org/x/crypto/x509roots/fallback v0.0.0-20240604170348-d4e7c9cb6cb8
 )
 
 require fortio.org/struct2env v0.4.0 // indirect
diff --git a/go.sum b/go.sum
@@ -4,3 +4,5 @@ fortio.org/struct2env v0.4.0 h1:k5alSOTf3YHiB3MuacjDHQ3YhVWvNZ95ZP/a6MqvyLo=
 fortio.org/struct2env v0.4.0/go.mod h1:lENUe70UwA1zDUCX+8AsO663QCFqYaprk5lnPhjD410=
 fortio.org/version v1.0.4 h1:FWUMpJ+hVTNc4RhvvOJzb0xesrlRmG/a+D6bjbQ4+5U=
 fortio.org/version v1.0.4/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0=
+golang.org/x/crypto/x509roots/fallback v0.0.0-20240604170348-d4e7c9cb6cb8 h1:+kWDWI3Eb5cPIOr4cP+R2RLDwK3/dXppL+7XmSOh2LA=
+golang.org/x/crypto/x509roots/fallback v0.0.0-20240604170348-d4e7c9cb6cb8/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8=