I have a strange build issue involving the SSL helper in wget.
I have a step that fails in a build when trying to fetch a vanilla WordPress tarball:
Step 10/44 : RUN cd /root && wget https://wordpress.org/wordpress-4.9.7.tar.gz && gunzip wordpress-*.tar.gz && tar -xf wordpress-*.tar && rm wordpress-*.tar
---> Running in 25f40a9d8e96
Connecting to wordpress.org (198.143.164.252:443)
ssl_client: wordpress.org: TLS connect failed
wget: error getting response: Connection reset by peer
The command '/bin/sh -c cd /root && wget https://wordpress.org/wordpress-4.9.7.tar.gz && gunzip wordpress-*.tar.gz && tar -xf wordpress-*.tar && rm wordpress-*.tar' returned a non-zero code: 1
Exited with code 1
However, if I get an SSH session at the end of a failing build, I can download successfully:
~ # wget https://wordpress.org/wordpress-4.9.7.tar.gz
Connecting to wordpress.org (198.143.164.252:443)
wordpress-4.9.7.tar. 100% |*********************************************************************************************************************************************************************************************| 8537k 0:00:00 ETA
The relevant part of my Dockerfile is thus:
FROM alpine:3.6 AS build
# Required to do Git clone operation
RUN apk --update add git openssh-client
WORKDIR /root
# Install the private SSH key to be able to fetch private, low-value repos
#
# The known hosts can be generated by turning off StrictHostKeyChecking temporarily,
# then cloning the private repo in the container manually, and copying the resulting
# known_hosts to this repository (see https://stackoverflow.com/a/29380672).
COPY config/ssh-keys/bitbucket_rsa /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
COPY config/ssh-keys/known_hosts /root/.ssh/known_hosts
RUN mkdir themes
RUN git clone git@bitbucket.org:halferbits/threattocreativity-forked.git themes/threattocreativity && \
git clone git@bitbucket.org:halferbits/jonblog-theme.git themes/jonblog
# Stock unzip won't work
# Need ca-certificates and openssl to fetch WP
RUN apk add unzip openssl ca-certificates
# This will decompress to /root/wordpress
RUN cd /root && \
wget https://wordpress.org/wordpress-4.9.7.tar.gz && \
gunzip wordpress-*.tar.gz && \
tar -xf wordpress-*.tar && \
rm wordpress-*.tar
It’s a two-stage build, and this is the start of the first stage, which just downloads stuff the box needs.
Since I am getting an SSL error, I’d have thought it would be a certs problem, but I am fetching the ca-certificates
dependency.