[英]How to bake credential into docker image for git?
This is actually a question following from my previous one . 这实际上是我之前的一个问题 。
I am trying to use docker to host a personal note-taking web service and want to backup data generated by the service (my notes). 我正在尝试使用docker来托管个人记笔记Web服务,并希望备份服务生成的数据(我的笔记)。 Currently I plan to use git to commit, pull, and push to a repository for my purpose. 目前我计划使用git来提交,拉取和推送到我的目的的存储库。
To do git pull and push, my docker image needs to host my credentials. 要执行git pull and push,我的docker镜像需要托管我的凭据。 What is the easiest yet safe way to achieve this? 实现这一目标的最简单但最安全的方法是什么?
What I have done so far: 到目前为止我做了什么:
Alpine
as the base image of the image of my service. 我选择Alpine
作为我服务形象的基本形象。 libsecret
as my git credential helper, according to this article . 根据这篇文章 ,我用libsecret
搜索了一段时间并决定使用libsecret
作为我的git凭证助手。 libsecret
and set my git credential helper to be git-credential-libsecret
我已经安装了libsecret
并将我的git凭证助手设置为git-credential-libsecret
However, I cannot make git-credential-libsecret
functional so far. 但是,到目前为止,我无法使git-credential-libsecret
功能化。 Here are a couple of problems that I encountered: 以下是我遇到的一些问题:
Firstly, I tested git-credential-libsecret get
and get the following error: 首先,我测试了git-credential-libsecret get
并得到以下错误:
CRITICAL **: could not connect to Secret Service: Cannot spawn a message bus without a machine-id: Unable to load /var/lib/dbus/machine-id or /etc/machine-id: Failed to open file */var/lib/dbus/machine-id*: No such file or directory
dbus
and run dbus-uuidgen > /var/lib/dbus/machine-id
我(可能?)通过安装dbus
解决它并运行dbus-uuidgen > /var/lib/dbus/machine-id
Then I try to run git-credential-libsecret get
again. 然后我尝试再次运行git-credential-libsecret get
。 This time, it reports that: 这一次,它报告说:
CRITICAL **: could not connect to Secret Service: Cannot autolaunch D-Bus without X11 $DISPLAY
In conclusion, I would like to know: 最后,我想知道:
If your git provider supports ssh with public keys, I think the easiest way would be to switch to them. 如果您的git提供程序支持使用公钥的ssh,我认为最简单的方法是切换到它们。 You would also not have to copy around your password. 您也无需复制密码。
You need to: 你需要:
ssh-agent
part is not needed 不需要ssh-agent
部分 It depends on where you are running git-credential-libsecret: you need to have it installed in your image/container, not on the host. 这取决于您运行git-credential-libsecret的位置:您需要将其安装在映像/容器中,而不是安装在主机上。
Note that another option would be to use a volume (see my answer to your previous question ), in which case, git
could be installed only on the host. 请注意,另一个选项是使用卷(请参阅我之前的问题的答案 ),在这种情况下, git
只能安装在主机上。
But here, you would use git directly in your image, which means, as in this Dockerfile , you need to have in your Dockerfile: 但是在这里,你可以直接在你的图像中使用git,这意味着, 就像在这个Dockerfile中一样 ,你需要在你的Dockerfile中:
RUN apt-get update -y &&
apt-get install --no-install-recommends -y libsecret-1-0 git
https://github.com/electron-userland/electron-builder/blob/master/docker/base/Dockerfile https://github.com/electron-userland/electron-builder/blob/master/docker/base/Dockerfile
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.