Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ca-certificates does not require buildpacks who provide ca-certificates paths #215

Open
braunsonm opened this issue Feb 21, 2024 · 1 comment
Open

ca-certificates does not require buildpacks who provide ca-certificates paths #215

braunsonm opened this issue Feb 21, 2024 · 1 comment

Comments

@braunsonm
Copy link

braunsonm commented Feb 21, 2024
edited

Expected Behavior

Based on the documentation in the README, specifically this section:

If another buildpack provides an entry of type ca-certificates in the build plan with metadata.paths containing an array of certificate paths, it adds all CA certificates from the given paths to the system truststore.

I would expect a buildpack who provides a build plan during the detection phase, to become required by this buildpack. (note that the docs are wrongly stating that it requires a type when the code expects name)
https://github.com/paketo-buildpacks/ca-certificates/blob/main/cacerts/build.go#L58

Build Plan:

[[provides]]
name = "ca-certificates"
[provides.metadata]
paths = ["my-cert.pem"]

Unfortunately this doesn't seem to be the case and you get an error from the Pack CLI during detect that no buildpacks require ca-certificates.

Current Behavior

You get an error that ca-certificates is not required by any buildpacks

Possible Solution

I noticed that detection seems to only add a require if a platform binding is provided, which would not be the case here unless I'm misunderstanding the docs: https://github.com/paketo-buildpacks/ca-certificates/blob/main/cacerts/detect.go#L55

Steps to Reproduce

  1. Create a simple buildpack with a detect phase of
#!/bin/bash

cat >${CNB_BUILD_PLAN_PATH} <<EOF
[[provides]]
name = "ca-certificates"
[provides.metadata]
paths = ["my-cert.pem"]
EOF
  1. Run pack build example --path ./sample-app --buildpack ./example-buildpack --buildpack paketobuildpacks/ca-certificates
  2. Note the error during detect phase

Motivations

I am creating a custom meta buildpack and would like to include custom CA's during the build phase that are bundled within the buildpack itself rather than at runtime.

I'm fairly new to creating buildpacks so it's possible I misunderstood something about the docs.
@braunsonm
Copy link
Author

I thought that perhaps because I am providing the cert I would need to also have a [[requires]] block but this prevents it from getting passed to the build phase of the ca-certificates buildpack.

#!/bin/bash

cat >${CNB_BUILD_PLAN_PATH} <<EOF
[[provides]]
name = "ca-certificates"
[provides.metadata]
paths = ["/layers/my-buildpacks_example/certs/my-cert.pem"]
[[requires]]
name = "ca-certificates"
[requires.metadata]
paths = ["/layers/my-buildpacks_example/certs/my-cert.pem"]
EOF

This allows it to complete the detect phase but the ca-certificates buildpack downstream doesn't receive the entry in the build plan when BP_LOG_LEVEL=debug is enabled. So I'm assuming that Pack "consumes" the requires as my example buildpack also provides it.

Hate to tag but just seeing if @dmikusa has any ideas since you seem to actively maintain this project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@braunsonm