From b9e505b030ed269391414dbc0a1af1fa19150b6a Mon Sep 17 00:00:00 2001
From: "egon w. stemle" <egon.stemle@eurac.edu>
Date: Mon, 14 Oct 2019 12:19:34 +0200
Subject: [PATCH] Fix (too early) tainted cache during docker build

---
 CHANGELOG.md                 | 1 +
 dockerfiles/Dockerfile.nginx | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2031b49..6ef2e52 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - disable k8s-internal secure TLS communication: getting rid of the necessity
   to (re-)create valid/self-signed certs
   Note: using HTTP over port 443 for internal communication (Shibboleth mishap)
+- add IdP metadata from CLARIN server later in docker build build
 
 ### Removed
 ### Fixed
diff --git a/dockerfiles/Dockerfile.nginx b/dockerfiles/Dockerfile.nginx
index 6056974..d1f8d8e 100644
--- a/dockerfiles/Dockerfile.nginx
+++ b/dockerfiles/Dockerfile.nginx
@@ -76,8 +76,6 @@ RUN /tmp/shibboleth_sp_with_fastcgi.sh
 # copy the init script
 RUN cp /opt/shibboleth-sp-fastcgi/etc/shibboleth/shibd-debian /etc/init.d/shibd
 RUN chmod a+x /etc/init.d/shibd
-# add IdP metadata from CLARIN server
-ADD https://infra.clarin.eu/aai/prod_md_about_spf_idps.xml /opt/shibboleth-sp-fastcgi/var/cache/shibboleth/ 
 
 # create the test secure folder and set up perl fastcgi
 RUN mkdir /opt/nginx/html/secure
@@ -126,5 +124,7 @@ RUN yui-compressor -o aai.min.js aai.js
 # COPY commul-customization/certs/clarin.key /etc/ssl/private/
 # COPY commul-customization/certs/clarin_eurac_edu.crt /etc/ssl/certs/
 
+# add IdP metadata from CLARIN server
+ADD https://infra.clarin.eu/aai/prod_md_about_spf_idps.xml /opt/shibboleth-sp-fastcgi/var/cache/shibboleth/
 
 ENTRYPOINT ["/usr/local/bin/supervisord", "-c", "/etc/supervisord.conf"]
-- 
GitLab