Alpine is a lightweight option with official Docker images. You can install the CERTS using the Alpine package manager:
# apk --no-cache add ca-certificates && update-ca-certificates On Saturday, 17 December 2016 07:32:32 UTC-8, Alex Flint wrote: > > I'm working with busybox, which does not ship with CA roots. > On Sat, Dec 17, 2016 at 12:26 AM Konstantin Khomoutov < > flat...@users.sourceforge.net <javascript:>> wrote: > >> On Thu, 15 Dec 2016 16:35:09 +0000 >> Alex Flint <alex....@gmail.com <javascript:>> wrote: >> >> > Does anyone know of a golang package that embeds (go-bindata or >> > similar) a reasonable standard set of CA roots? Ideally such a >> > package would provide a ready-to-use http.Client. >> > >> > For context, I'm building minimal docker images containing go >> > binaries that need to make https connections to some third party APIs. >> >> In such context, why would you need that? Every sensible >> GNU/Linux-based OS ships a package containing such list of CA >> certificates, and Go built for GOOS=linux knows how to find those certs >> in a set of standard places. >> >> Sure, one problem with this is that the list is opinionated; on the >> other hand, the list of your imaginary package would be opinionated as >> well. On the other hand, whatever list is shipped with your base OS >> gets security updates and also updates which merely bring the list >> up-to-date (just like the time-zone information package(s)). >> >> So I'd just rely on the underlying OS. >> In Debian and it's derivatives it's named "ca-certificates". >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.