![](/img/trans.png)
[英]Cache Cloud Native Buildpacks/Paketo.io pack CLI builds on GitHub Actions (e.g. with Spring Boot/Java/Maven buildpacks)?
[英]Paketo Cloud Native Buildpacks behind corporate proxy
我正在嘗試在公司代理后面設置雲原生構建包(paketo builder),並且我有“x509:由未知機構簽名的證書”。 這是因為代理會重寫證書。
我嘗試遵循https://paketo.io/docs/howto/configuration/#ca-certificates (在項目中創建一個“綁定”文件夾,其中包含我的代理根 CA 的 .pem 文件和一個包含“ca-certificate”),但這沒有效果。
日志
pack build test --builder paketobuildpacks/builder:base -e BP_JVM_VERSION=17
base: Pulling from paketobuildpacks/builder
Digest: sha256:855aaa00a7eadca9c6cdba72550889f7c618c2bf1489c29fb9e7e01588665db7
Status: Image is up to date for paketobuildpacks/builder:base
base-cnb: Pulling from paketobuildpacks/run
Digest: sha256:1e2a282085f1b7a0fa1d96bd8509378270ab752c6d8042472a95df2bf5e1d6ea
Status: Image is up to date for paketobuildpacks/run:base-cnb
Previous image with name "test" not found
===> DETECTING
9 of 24 buildpacks participating
paketo-buildpacks/ca-certificates 3.2.4
paketo-buildpacks/bellsoft-liberica 9.4.0
paketo-buildpacks/syft 1.13.0
paketo-buildpacks/maven 6.6.0
paketo-buildpacks/executable-jar 6.2.4
paketo-buildpacks/apache-tomcat 7.3.7
paketo-buildpacks/liberty 1.1.2
paketo-buildpacks/dist-zip 5.2.4
paketo-buildpacks/spring-boot 5.13.0
===> RESTORING
===> BUILDING
Paketo CA Certificates Buildpack 3.2.4
https://github.com/paketo-buildpacks/ca-certificates
Launch Helper: Contributing to layer
Creating /layers/paketo-buildpacks_ca-certificates/helper/exec.d/ca-certificates-helper
Paketo BellSoft Liberica Buildpack 9.4.0
https://github.com/paketo-buildpacks/bellsoft-liberica
Build Configuration:
$BP_JVM_JLINK_ARGS --no-man-pages --no-header-files --strip-debug --compress=1 configure custom link arguments (--output must be omitted)
$BP_JVM_JLINK_ENABLED false enables running jlink tool to generate custom JRE
$BP_JVM_TYPE JRE the JVM type - JDK or JRE
$BP_JVM_VERSION 17 the Java version
Launch Configuration:
$BPL_DEBUG_ENABLED false enables Java remote debugging support
$BPL_DEBUG_PORT 8000 configure the remote debugging port
$BPL_DEBUG_SUSPEND false configure whether to suspend execution until a debugger has attached
$BPL_HEAP_DUMP_PATH write heap dumps on error to this path
$BPL_JAVA_NMT_ENABLED true enables Java Native Memory Tracking (NMT)
$BPL_JAVA_NMT_LEVEL summary configure level of NMT, summary or detail
$BPL_JFR_ARGS configure custom Java Flight Recording (JFR) arguments
$BPL_JFR_ENABLED false enables Java Flight Recording (JFR)
$BPL_JMX_ENABLED false enables Java Management Extensions (JMX)
$BPL_JMX_PORT 5000 configure the JMX port
$BPL_JVM_HEAD_ROOM 0 the headroom in memory calculation
$BPL_JVM_LOADED_CLASS_COUNT 35% of classes the number of loaded classes in memory calculation
$BPL_JVM_THREAD_COUNT 250 the number of threads in memory calculation
$JAVA_TOOL_OPTIONS the JVM launch flags
Using Java version 17 from BP_JVM_VERSION
BellSoft Liberica JDK 17.0.3: Contributing to layer
Downloading from https://github.com/bell-sw/Liberica/releases/download/17.0.3.1+2/bellsoft-jdk17.0.3.1+2-linux-amd64.tar.gz
unable to invoke layer creator
unable to get dependency jdk
unable to download https://github.com/bell-sw/Liberica/releases/download/17.0.3.1+2/bellsoft-jdk17.0.3.1+2-linux-amd64.tar.gz
unable to request https://github.com/bell-sw/Liberica/releases/download/17.0.3.1+2/bellsoft-jdk17.0.3.1+2-linux-amd64.tar.gz
Get "https://objects.githubusercontent.com/github-production-release-asset-2e65be/115621629/40b89c3a-208c-434b-8604-3dd53f5dfde1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220713%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220713T111101Z&X-Amz-Expires=300&X-Amz-Signature=24802ad67a837b74ba5d682a5891905dd219f38f524af3d3b19b714800b40243&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=115621629&response-content-disposition=attachment%3B%20filename%3Dbellsoft-jdk17.0.3.1%2B2-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream": x509: certificate signed by unknown authority
ERROR: failed to build: exit status 1
ERROR: failed to build: executing lifecycle: failed with status code: 51
您需要將綁定傳遞給pack build
命令,因此它在構建時存在。
您的命令是pack build test --builder paketobuildpacks/builder:base -e BP_JVM_VERSION=17
,您需要包含--volume
映射。
pack build test --builder paketobuildpacks/builder:base -e BP_JVM_VERSION=17 --volume $PWD/bindings:/platform/bindings
其中$PWD/bindings
引用您創建的綁定目錄。
$ tree bindings/
bindings/
├── ca-certificates
│ ├── support-labs-ca.crt
│ └── type
當您的構建運行時,您會知道它正在工作,因為 CA 證書構建包將如下所示:
Paketo CA Certificates Buildpack 3.2.4
https://github.com/paketo-buildpacks/ca-certificates
Launch Helper: Contributing to layer
Creating /layers/paketo-buildpacks_ca-certificates/helper/exec.d/ca-certificates-helper
CA Certificates: Contributing to layer
Added 1 additional CA certificate(s) to system truststore
Writing env.build/SSL_CERT_DIR.append
Writing env.build/SSL_CERT_DIR.delim
Writing env.build/SSL_CERT_FILE.default
您可以看到它Added 1 additional CA certificate(s) to system truststore
。 那是您的 CA 證書。
您還可以通過查看 JVM buildpack 來確認,當它安裝 JDK 工具時,它會添加您的證書:
BellSoft Liberica JDK 11.0.15: Contributing to layer
Downloading from https://github.com/bell-sw/Liberica/releases/download/11.0.15.1+2/bellsoft-jdk11.0.15.1+2-linux-amd64.tar.gz
Verifying checksum
Expanding to /layers/paketo-buildpacks_bellsoft-liberica/jdk
Adding 128 container CA certificates to JVM truststore
Writing env.build/JAVA_HOME.override
Writing env.build/JDK_HOME.override
您可以看到它正在Adding 128 container CA certificates to JVM truststore
(默認情況下有 127 個證書,因此默認為 + 1)。
您可能還想查看binding-tool ,這是一個可以安裝的小型 CLI,可幫助您管理綁定,包括 CA 證書。
它可以用來輕松地創建綁定文件夾結構。 只需給它您的證書文件,它就會創建結構。
您還可以將它與您的 shell 集成,它會自動擴充您的pack build
命令以添加--volume
參數,因此您無需考慮這一點。
使用它不是必需的,但我想我會指出它,因為它可以使使用pack
和綁定更容易。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.