-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ca-certificates
does not require
buildpacks who provide ca-certificates
paths
#215
Comments
I thought that perhaps because I am providing the cert I would need to also have a #!/bin/bash
cat >${CNB_BUILD_PLAN_PATH} <<EOF
[[provides]]
name = "ca-certificates"
[provides.metadata]
paths = ["/layers/my-buildpacks_example/certs/my-cert.pem"]
[[requires]]
name = "ca-certificates"
[requires.metadata]
paths = ["/layers/my-buildpacks_example/certs/my-cert.pem"]
EOF This allows it to complete the detect phase but the Hate to tag but just seeing if @dmikusa has any ideas since you seem to actively maintain this project. |
Sorry for the delay. Here's how this is supposed to work.
When you do this, detect should pass because you're requiring The limitation that is present here is that you cannot dynamically generate CA certificates with your custom buildpack. This is because your custom buildpack MUST come after the ca-certificates buildpack in the order group to pass detection, but that means that your custom buildpack's build script will not run until after the ca-certificates build binary runs. This unfortunately negates some of the things you can do here. For example, you can't load CA certificates from an external resource because that would need to be done during build time. If you want to provide CA certs through a custom buildpack, that means you can either do:
|
Expected Behavior
Based on the documentation in the README, specifically this section:
I would expect a buildpack who provides a build plan during the detection phase, to become required by this buildpack. (note that the docs are wrongly stating that it requires a
type
when the code expectsname
)https://github.com/paketo-buildpacks/ca-certificates/blob/main/cacerts/build.go#L58
Build Plan:
Unfortunately this doesn't seem to be the case and you get an error from the Pack CLI during detect that no buildpacks require ca-certificates.
Current Behavior
You get an error that
ca-certificates
is not required by any buildpacksPossible Solution
I noticed that detection seems to only add a require if a platform binding is provided, which would not be the case here unless I'm misunderstanding the docs: https://github.com/paketo-buildpacks/ca-certificates/blob/main/cacerts/detect.go#L55
Steps to Reproduce
pack build example --path ./sample-app --buildpack ./example-buildpack --buildpack paketobuildpacks/ca-certificates
Motivations
I am creating a custom meta buildpack and would like to include custom CA's during the build phase that are bundled within the buildpack itself rather than at runtime.
I'm fairly new to creating buildpacks so it's possible I misunderstood something about the docs.
The text was updated successfully, but these errors were encountered: