Skip to content

Commit

Permalink
fix openssl bundled cert path
Browse files Browse the repository at this point in the history 
openssl looks in `/usr/lib/ssl` for `cert.pem` for bundled certificates
to trust. symlink it to the `ca-certificates.crt` in `/etc/ssl/certs`
  • Loading branch information
@lazcamus
lazcamus committed Aug 9, 2024
1 parent 04ba624 commit 29cba03
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 1 deletion.
1 change: 1 addition & 0 deletions distroless/private/cacerts.bzl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ def _cacerts_impl(ctx):
mtree.add_dir("/etc", mode = "0755", time = ctx.attr.time)
mtree.add_parents("/etc/ssl/certs", mode = "0755", time = ctx.attr.time, skip = [1])
mtree.add_file("/etc/ssl/certs/ca-certificates.crt", cacerts, time = ctx.attr.time, mode = ctx.attr.mode)
mtree.add_link("/usr/lib/ssl/cert.pem", "/etc/ssl/certs/ca-certificates.crt", time = ctx.attr.time, mode = ctx.attr.mode)
mtree.add_parents("/usr/share/doc/ca-certificates", time = ctx.attr.time)
mtree.add_file("/usr/share/doc/ca-certificates/copyright", copyright, time = ctx.attr.time, mode = ctx.attr.mode)
mtree.build(output = output, mnemonic = "CaCertsTarGz", inputs = [cacerts, copyright])
Expand Down
6 changes: 5 additions & 1 deletion distroless/private/tar.bzl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,10 @@ def _mtree_line(dest, type, content = None, uid = DEFAULT_UID, gid = DEFAULT_GID
"type=" + type,
]
if content:
spec.append("content=" + content)
if type == "link":
spec.append("link=" + content)
else:
spec.append("content=" + content)
return " ".join(spec)

def _add_parents(path, uid = DEFAULT_UID, gid = DEFAULT_GID, time = DEFAULT_TIME, mode = DEFAULT_MODE, skip = []):
Expand Down Expand Up @@ -94,6 +97,7 @@ def _create_mtree(ctx = None):
return struct(
entry = lambda path, type, **kwargs: content.add(_mtree_line(path, type, **kwargs)),
add_file = lambda path, file, **kwargs: content.add(_mtree_line(path, "file", content = file.path, **kwargs)),
add_link = lambda path, src, **kwargs: content.add(_mtree_line(path, "link", content = src, **kwargs)),
add_dir = lambda path, **kwargs: content.add(_mtree_line(path, "dir", **kwargs)),
add_parents = lambda path, **kwargs: content.add_all(_add_parents(path, **kwargs), uniquify = True),
build = lambda **kwargs: _build_tar(ctx, _build_mtree(ctx, content), **kwargs),
Expand Down
1 change: 1 addition & 0 deletions examples/cacerts/BUILD.bazel
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ assert_tar_listing(
./etc/ssl/certs time=0.0 mode=755 gid=0 uid=0 type=dir
./etc/ssl/certs/ca-certificates.crt time=0.0 mode=555 gid=0 uid=0 type=file size=200313
./usr time=0.0 mode=755 gid=0 uid=0 type=dir
./usr/lib/ssl/cert.pem time=0.0 mode=555 gid=0 uid=0 type=link link=/etc/ssl/certs/ca-certificates.crt
./usr/share time=0.0 mode=755 gid=0 uid=0 type=dir
./usr/share/doc time=0.0 mode=755 gid=0 uid=0 type=dir
./usr/share/doc/ca-certificates time=0.0 mode=755 gid=0 uid=0 type=dir
Expand Down

0 comments on commit 29cba03

Please sign in to comment.