I am trying to build a aspnet 6 web app container image using RedHat ubi8/dotnet-60-runtime image as base. Since I am working in a restricted environment where i cannot directly reach out to internet to download any dependency. To achieve that I need to add custom certificate chain on the image so that I can establish SSL connection and download required NuGet packages. How can I achieve that? How to add custom/privately signed certificate to ubi8/dotnet-60 image? I am getting permission denied on ubi8/dotnet-60 and ubi8/dotnet-60-runtime images.
Dockerfile
FROM proxyregistry.somecompany.com/ubi8/dotnet-60-runtime AS base
WORKDIR /app
EXPOSE 80
FROM proxyregistry.mycompany.com/ubi8/dotnet-60 AS build
WORKDIR /src
COPY ["HelloWorld.csproj", "."]
RUN dotnet restore "./HelloWorld.csproj"
COPY . .
WORKDIR "/src/."
RUN dotnet build "HelloWorld.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "HelloWorld.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "HelloWorld.dll"]
I did tried to add certificates with a script however i am getting following error:
0.138 /bin/sh: /fix-container-certs.log: Permission denied
0.152 cp: cannot create regular file '/etc/pki/ca-trust/source/anchors/cacert.pem': Permission denied
0.170 p11-kit: no configured writable location to store anchors
0.174 p11-kit: couldn't create file: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem: Unknown error 13
0.175 /bin/sh: line 16: /fix-container-certs.log: Permission denied
