如何将凭证烘焙到码头图像中为git?
[英]How to bake credential into docker image for git?
问题描述
This is actually a question following from my previous one . 
这实际上是我之前的一个问题 。
I am trying to use docker to host a personal note-taking web service and want to backup data generated by the service (my notes). 我正在尝试使用docker来托管个人记笔记Web服务,并希望备份服务生成的数据(我的笔记)。 Currently I plan to use git to commit, pull, and push to a repository for my purpose. 目前我计划使用git来提交,拉取和推送到我的目的的存储库。
To do git pull and push, my docker image needs to host my credentials. 要执行git pull and push,我的docker镜像需要托管我的凭据。 What is the easiest yet safe way to achieve this? 实现这一目标的最简单但最安全的方法是什么?
What I have done so far: 到目前为止我做了什么:
- I choose
Alpineas the base image of the image of my service.我选择Alpine作为我服务形象的基本形象。 - Because I only need credentials for git, I think put a git credential helper into the image may solve my problem. 因为我只需要git的凭据,我认为将git凭证助手放入图像可能会解决我的问题。 I can save credentials to the helper during the build time and use them during runtime. 我可以在构建期间将凭据保存到帮助程序,并在运行时使用它们。
- I googled a while and decided to use
libsecretas my git credential helper, according to this article .根据这篇文章 ,我用libsecret搜索了一段时间并决定使用libsecret作为我的git凭证助手。 - I have installed
libsecretand set my git credential helper to begit-credential-libsecret我已经安装了libsecret并将我的git凭证助手设置为git-credential-libsecret
However, I cannot make git-credential-libsecret functional so far. 但是,到目前为止,我无法使git-credential-libsecret功能化。 Here are a couple of problems that I encountered: 以下是我遇到的一些问题:
Firstly, I tested
git-credential-libsecret getand get the following error:首先,我测试了git-credential-libsecret get并得到以下错误:CRITICAL **: could not connect to Secret Service: Cannot spawn a message bus without a machine-id: Unable to load /var/lib/dbus/machine-id or /etc/machine-id: Failed to open file */var/lib/dbus/machine-id*: No such file or directory- I (probably?) solved it by installing
dbusand rundbus-uuidgen > /var/lib/dbus/machine-id我(可能?)通过安装dbus解决它并运行dbus-uuidgen > /var/lib/dbus/machine-id
- I (probably?) solved it by installing
Then I try to run
git-credential-libsecret getagain.然后我尝试再次运行git-credential-libsecret get。 This time, it reports that:这一次,它报告说: CRITICAL **: could not connect to Secret Service: Cannot autolaunch D-Bus without X11 $DISPLAY
In conclusion, I would like to know: 最后,我想知道:
- Am I on a right direction (using git credential helper) to achieve my goal? 我是在正确的方向(使用git凭证助手)来实现我的目标吗?
- If so, how can I resolve the X11 problem? 如果是这样,我该如何解决X11问题?
- Are there any other quick and clean methods to backup data in docker with version control? 有没有其他快速,干净的方法来备份具有版本控制的docker中的数据?
2 个解决方案
解决方案1
2 已采纳 2018-01-13 07:44:19
If your git provider supports ssh with public keys, I think the easiest way would be to switch to them. 如果您的git提供程序支持使用公钥的ssh,我认为最简单的方法是切换到它们。 You would also not have to copy around your password. 您也无需复制密码。
You need to: 你需要:
- add ssh client to your docker image 将ssh客户端添加到docker镜像
- generate an ssh key and copy it to the image. 生成一个ssh密钥并将其复制到映像。 The
ssh-agentpart is not needed不需要ssh-agent部分 - register the key to the provider 将密钥注册到提供者
解决方案2
1 2018-01-13 07:21:11
It depends on where you are running git-credential-libsecret: you need to have it installed in your image/container, not on the host. 这取决于您运行git-credential-libsecret的位置:您需要将其安装在映像/容器中,而不是安装在主机上。
Note that another option would be to use a volume (see my answer to your previous question ), in which case, git could be installed only on the host. 请注意,另一个选项是使用卷(请参阅我之前的问题的答案 ),在这种情况下, git只能安装在主机上。
But here, you would use git directly in your image, which means, as in this Dockerfile , you need to have in your Dockerfile: 但是在这里,你可以直接在你的图像中使用git,这意味着, 就像在这个Dockerfile中一样 ,你需要在你的Dockerfile中:
RUN apt-get update -y &&
apt-get install --no-install-recommends -y libsecret-1-0 git
https://github.com/electron-userland/electron-builder/blob/master/docker/base/Dockerfile https://github.com/electron-userland/electron-builder/blob/master/docker/base/Dockerfile
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.