Skip to content

Commit

Permalink
Revert "fix cacert() to work with openssl's defaults #71" (#101)
Browse files Browse the repository at this point in the history
  • Loading branch information
loosebazooka authored Sep 21, 2024
1 parent 2ce7b47 commit e435e18
Show file tree
Hide file tree
Showing 6 changed files with 1 addition and 16 deletions.
1 change: 0 additions & 1 deletion distroless/private/cacerts.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,6 @@ def _cacerts_impl(ctx):
mtree.add_dir("/etc", mode = "0755", time = ctx.attr.time)
mtree.add_parents("/etc/ssl/certs", mode = "0755", time = ctx.attr.time, skip = [1])
mtree.add_file("/etc/ssl/certs/ca-certificates.crt", cacerts, time = ctx.attr.time, mode = ctx.attr.mode)
mtree.add_link("/usr/lib/ssl/cert.pem", "/etc/ssl/certs/ca-certificates.crt", time = ctx.attr.time, mode = ctx.attr.mode)
mtree.add_parents("/usr/share/doc/ca-certificates", time = ctx.attr.time)
mtree.add_file("/usr/share/doc/ca-certificates/copyright", copyright, time = ctx.attr.time, mode = ctx.attr.mode)
mtree.build(output = output, mnemonic = "CaCertsTarGz", inputs = [cacerts, copyright])
Expand Down
6 changes: 1 addition & 5 deletions distroless/private/tar.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ DEFAULT_ARGS = [
"--options=gzip:!timestamp",
]

def _mtree_line(dest, type, content = None, link = None, uid = DEFAULT_UID, gid = DEFAULT_GID, time = DEFAULT_TIME, mode = DEFAULT_MODE):
def _mtree_line(dest, type, content = None, uid = DEFAULT_UID, gid = DEFAULT_GID, time = DEFAULT_TIME, mode = DEFAULT_MODE):
# mtree expects paths to start with ./ so normalize paths that starts with
# `/` or relative path (without / and ./)
if not dest.startswith("."):
Expand All @@ -33,9 +33,6 @@ def _mtree_line(dest, type, content = None, link = None, uid = DEFAULT_UID, gid
]
if content:
spec.append("content=" + content)
if link:
spec.append("link=" + link)

return " ".join(spec)

def _add_parents(path, uid = DEFAULT_UID, gid = DEFAULT_GID, time = DEFAULT_TIME, mode = DEFAULT_MODE, skip = []):
Expand Down Expand Up @@ -97,7 +94,6 @@ def _create_mtree(ctx = None):
return struct(
entry = lambda path, type, **kwargs: content.add(_mtree_line(path, type, **kwargs)),
add_file = lambda path, file, **kwargs: content.add(_mtree_line(path, "file", content = file.path, **kwargs)),
add_link = lambda path, src, **kwargs: content.add(_mtree_line(path, "link", link = src, **kwargs)),
add_dir = lambda path, **kwargs: content.add(_mtree_line(path, "dir", **kwargs)),
add_parents = lambda path, **kwargs: content.add_all(_add_parents(path, **kwargs), uniquify = True),
build = lambda **kwargs: _build_tar(ctx, _build_mtree(ctx, content), **kwargs),
Expand Down
1 change: 0 additions & 1 deletion examples/cacerts/BUILD.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ assert_tar_listing(
./etc/ssl/certs time=0.0 mode=755 gid=0 uid=0 type=dir
./etc/ssl/certs/ca-certificates.crt time=0.0 mode=555 gid=0 uid=0 type=file size=200313
./usr time=0.0 mode=755 gid=0 uid=0 type=dir
./usr/lib/ssl/cert.pem time=0.0 mode=555 gid=0 uid=0 type=link link=/etc/ssl/certs/ca-certificates.crt
./usr/share time=0.0 mode=755 gid=0 uid=0 type=dir
./usr/share/doc time=0.0 mode=755 gid=0 uid=0 type=dir
./usr/share/doc/ca-certificates time=0.0 mode=755 gid=0 uid=0 type=dir
Expand Down
1 change: 0 additions & 1 deletion examples/debian_snapshot/BUILD.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,6 @@ PACKAGES = [
"@bullseye//dpkg",
"@bullseye//apt",
"@bullseye//perl",
"@bullseye//openssl",
"@bullseye//nvidia-kernel-common",
]

Expand Down
4 changes: 0 additions & 4 deletions examples/debian_snapshot/test_linux_amd64.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,3 @@ commandTests:
command: "head"
args: ["-1", "/etc/ssl/certs/ca-certificates.crt"]
expectedOutput: [-----BEGIN CERTIFICATE-----]
- name: "in depth ca-certs check"
command: "/usr/bin/openssl"
args: ["s_client", "-connect", "www.google.com:443"]
expectedOutput: ["Verify return code: 0 .ok."]
4 changes: 0 additions & 4 deletions examples/debian_snapshot/test_linux_arm64.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,3 @@ commandTests:
command: "head"
args: ["-1", "/etc/ssl/certs/ca-certificates.crt"]
expectedOutput: [-----BEGIN CERTIFICATE-----]
- name: "in depth ca-certs check"
command: "/usr/bin/openssl"
args: ["s_client", "-connect", "www.google.com:443"]
expectedOutput: ["Verify return code: 0 .ok."]

0 comments on commit e435e18

Please sign in to comment.