当我用Dockle检查我的坞站图像时,我收到一个致命错误:
FATAL-CIS-DI-0010:不将凭据存储在环境变量/文件中发现可疑的ENV密钥:NGINX_GPGKEY on/bin/sh-c set-x&&addgroup--system--gid 101nginx&&adduser--system-disabled-LOGIN-inggroup nginx--no-创建主目录--home/不存在--Gecos“nginx用户”-外壳/bin/FALSE-uid 101 nginx&&apt-Get更新&&APT-Get-Install-no-Install-建议-no-Installation-建议-y gnupg1 ca-证书&&NGINX_GPGKEY=573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62;Found=‘’;对于HKP://keyserver.ubuntu.com中的服务器:80 pgp.mit.edu;do ECHO“FETCHING GPG KEY$NGINX_GPGKEY from$SERVER”;APT-KEY ADV--KEYSERVER“$SERVER”--KEYSERVER-OPTIONS=10--Recv-KEYES“$NGINX_GPGKEY”&&Found=YES&Break;Done;test-z“$Found”&&ECHO>&2“错误:无法获取GPG密钥$NGINX_GPGKEY”&&Exit 1;APT-GET REMOVE--PURGE--AUTO-REMOVE-y gnupg1&&rm-rf/var/lib/apt/list/&&dpkgArch=“$(dpkg--print-Architecture)”&&nginxPackages=“nginx=${nginx_Version}-${pkg_Release}nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE}nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE}nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE}nginx-MODULE-Njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE}“&&case”$dpkgArch“in AMD64|ARM64)ECHO”Deb https://nginx.org/packages/mainline/debian/ Bulseye nginx“>>/etc/apt/Soures.list.d/nginx.list&&apt-Get UPDATE;;)ECHO“deb-src https://nginx.org/packages/mainline/debian/ boseye nginx”>/etc/apt/Soures.list.d/nginx.list&&tempDir=“$(mktemp-d)”&&chmod 777“$tempDir”&&avedAptMark=“$(apt-mark showbook)”&&apt-Get UPDATE&&apt-get-dep-y$nginxPackages&&(cd“$tempDir”&&DEB_BUILD_OPTIONS=“nocheck并行=$(Nproc)”apt-Get源代码--编译$nginxPackages)&&apt-mark手册|xarapt-标记自动>/dev/NULL&&{[-z“$avedAptMark”]||apt-mark手动$avedAptMark;}&&ls-lAFh“$tempDir”&&(cd“$tempDir”&&dpkg-scanPackages。>Packages)&&grep‘^Package:’“$tempDir/Packages”&&ECHO“deb[Trusted=yes]file://$tempDir./”>/etc/apt/Soures.list.d/temp.list&&apt-get-o Acquiire::GzipIndeses=FALSE UPDATE;ESAC&&APT-GET INSTALL--no-INSTALL-COMEREMENTS--NO-INSTALL-SUMMESSIONS--y$nginxPackages gettext-base curl&&apt-Get Remove--PURGE--AUTO-Remove-y&&rm-rf/var/lib/apt/list//etc/apt/Soures.list.d/nginx.list&&if[-n“$tempDir”];则apt-Get PURGE-y-AUTO-REMOVE&&rm-rf“$tempDir”/ETC/apt/Soures.list;Fi&&ln-sf/dev/stdout/var/log/nginx/acces.log&&ln-sf/dev/stderr/var/log/nginx/error.log&&mkdir/docker-entrypoint t.d(您可以使用--Accept-key来抑制它)
和,
这是我的文档文件:
FROM nginx:latest
WORKDIR /
RUN apt-get update && apt-get install -y
gcc
libfcgi-dev
spawn-fcgi
&& apt-get clean
&& rm -rf /var/lib/apt/lists/*
RUN chmod 777 /var/cache/nginx/ /var/run/
COPY server/nginx/nginx.conf /etc/nginx/
COPY server/hello.c /etc/nginx/
COPY server/span-fcgi.sh /etc/nginx/
RUN chmod +x /etc/nginx/span-fcgi.sh
&& gcc -o /etc/nginx/hello.fcgi /etc/nginx/hello.c -lpthread -lfcgi
&& usermod -aG root,gnats,daemon,disk,sudo nginx
EXPOSE 81
USER nginx
CMD ["/etc/nginx/span-fcgi.sh"]脚本“span-fcgi.sh”包含
# !/bin/bash
spawn-fcgi -a 127.0.0.1 -p 8080 -f /etc/nginx/hello.fcgi -F 1
nginx -g 'daemon off;请告诉我的Docker文件中发生了什么,使Dockle在上面显示错误?如何解决问题并让Dockle闭嘴?
1条答案
按热度按时间jq6vz3qz1#
您可以使用-AK或--Accept-Key标志来绕过这一步。更多文档可以在这里找到。