堆棧內存溢出
  簡體   English   中英

企業代理背后的 Paketo Cloud Native Buildpacks

[英]Paketo Cloud Native Buildpacks behind corporate proxy

 原文  2022-07-13 11:19:24       paketo

問題描述

我正在嘗試在公司代理后面設置雲原生構建包(paketo builder),並且我有“x509:由未知機構簽名的證書”。 這是因為代理會重寫證書。

我嘗試遵循https://paketo.io/docs/howto/configuration/#ca-certificates (在項目中創建一個“綁定”文件夾,其中包含我的代理根 CA 的 .pem 文件和一個包含“ca-certificate”),但這沒有效果。

  • 提示?
  • 是否可以禁用此檢查(測試的解決方法)

日志

pack build test --builder paketobuildpacks/builder:base -e BP_JVM_VERSION=17
base: Pulling from paketobuildpacks/builder
Digest: sha256:855aaa00a7eadca9c6cdba72550889f7c618c2bf1489c29fb9e7e01588665db7
Status: Image is up to date for paketobuildpacks/builder:base
base-cnb: Pulling from paketobuildpacks/run
Digest: sha256:1e2a282085f1b7a0fa1d96bd8509378270ab752c6d8042472a95df2bf5e1d6ea
Status: Image is up to date for paketobuildpacks/run:base-cnb
Previous image with name "test" not found
===> DETECTING
9 of 24 buildpacks participating
paketo-buildpacks/ca-certificates   3.2.4
paketo-buildpacks/bellsoft-liberica 9.4.0
paketo-buildpacks/syft              1.13.0
paketo-buildpacks/maven             6.6.0
paketo-buildpacks/executable-jar    6.2.4
paketo-buildpacks/apache-tomcat     7.3.7
paketo-buildpacks/liberty           1.1.2
paketo-buildpacks/dist-zip          5.2.4
paketo-buildpacks/spring-boot       5.13.0
===> RESTORING
===> BUILDING

Paketo CA Certificates Buildpack 3.2.4
  https://github.com/paketo-buildpacks/ca-certificates
  Launch Helper: Contributing to layer
    Creating /layers/paketo-buildpacks_ca-certificates/helper/exec.d/ca-certificates-helper

Paketo BellSoft Liberica Buildpack 9.4.0
  https://github.com/paketo-buildpacks/bellsoft-liberica
  Build Configuration:
    $BP_JVM_JLINK_ARGS           --no-man-pages --no-header-files --strip-debug --compress=1  configure custom link arguments (--output must be omitted)
    $BP_JVM_JLINK_ENABLED        false                                                        enables running jlink tool to generate custom JRE
    $BP_JVM_TYPE                 JRE                                                          the JVM type - JDK or JRE
    $BP_JVM_VERSION              17                                                           the Java version
  Launch Configuration:
    $BPL_DEBUG_ENABLED           false                                                        enables Java remote debugging support
    $BPL_DEBUG_PORT              8000                                                         configure the remote debugging port
    $BPL_DEBUG_SUSPEND           false                                                        configure whether to suspend execution until a debugger has attached
    $BPL_HEAP_DUMP_PATH                                                                       write heap dumps on error to this path
    $BPL_JAVA_NMT_ENABLED        true                                                         enables Java Native Memory Tracking (NMT)
    $BPL_JAVA_NMT_LEVEL          summary                                                      configure level of NMT, summary or detail
    $BPL_JFR_ARGS                                                                             configure custom Java Flight Recording (JFR) arguments
    $BPL_JFR_ENABLED             false                                                        enables Java Flight Recording (JFR)
    $BPL_JMX_ENABLED             false                                                        enables Java Management Extensions (JMX)
    $BPL_JMX_PORT                5000                                                         configure the JMX port
    $BPL_JVM_HEAD_ROOM           0                                                            the headroom in memory calculation
    $BPL_JVM_LOADED_CLASS_COUNT  35% of classes                                               the number of loaded classes in memory calculation
    $BPL_JVM_THREAD_COUNT        250                                                          the number of threads in memory calculation
    $JAVA_TOOL_OPTIONS                                                                        the JVM launch flags
    Using Java version 17 from BP_JVM_VERSION
  BellSoft Liberica JDK 17.0.3: Contributing to layer
    Downloading from https://github.com/bell-sw/Liberica/releases/download/17.0.3.1+2/bellsoft-jdk17.0.3.1+2-linux-amd64.tar.gz
unable to invoke layer creator
unable to get dependency jdk
unable to download https://github.com/bell-sw/Liberica/releases/download/17.0.3.1+2/bellsoft-jdk17.0.3.1+2-linux-amd64.tar.gz
unable to request https://github.com/bell-sw/Liberica/releases/download/17.0.3.1+2/bellsoft-jdk17.0.3.1+2-linux-amd64.tar.gz
Get "https://objects.githubusercontent.com/github-production-release-asset-2e65be/115621629/40b89c3a-208c-434b-8604-3dd53f5dfde1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220713%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220713T111101Z&X-Amz-Expires=300&X-Amz-Signature=24802ad67a837b74ba5d682a5891905dd219f38f524af3d3b19b714800b40243&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=115621629&response-content-disposition=attachment%3B%20filename%3Dbellsoft-jdk17.0.3.1%2B2-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream": x509: certificate signed by unknown authority
ERROR: failed to build: exit status 1
ERROR: failed to build: executing lifecycle: failed with status code: 51

1 個解決方案

解決方案1
 1 已采納  2022-07-13 16:01:55

您需要將綁定傳遞給pack build命令,因此它在構建時存在。

您的命令是pack build test --builder paketobuildpacks/builder:base -e BP_JVM_VERSION=17 ,您需要包含--volume映射。

pack build test --builder paketobuildpacks/builder:base -e BP_JVM_VERSION=17 --volume $PWD/bindings:/platform/bindings

其中$PWD/bindings引用您創建的綁定目錄。

$ tree bindings/
bindings/
├── ca-certificates
│   ├── support-labs-ca.crt
│   └── type

當您的構建運行時,您會知道它正在工作,因為 CA 證書構建包將如下所示:


Paketo CA Certificates Buildpack 3.2.4
  https://github.com/paketo-buildpacks/ca-certificates
  Launch Helper: Contributing to layer
    Creating /layers/paketo-buildpacks_ca-certificates/helper/exec.d/ca-certificates-helper
  CA Certificates: Contributing to layer
    Added 1 additional CA certificate(s) to system truststore
    Writing env.build/SSL_CERT_DIR.append
    Writing env.build/SSL_CERT_DIR.delim
    Writing env.build/SSL_CERT_FILE.default

您可以看到它Added 1 additional CA certificate(s) to system truststore 那是您的 CA 證書。

您還可以通過查看 JVM buildpack 來確認,當它安裝 JDK 工具時,它會添加您的證書:

  BellSoft Liberica JDK 11.0.15: Contributing to layer
    Downloading from https://github.com/bell-sw/Liberica/releases/download/11.0.15.1+2/bellsoft-jdk11.0.15.1+2-linux-amd64.tar.gz
    Verifying checksum
    Expanding to /layers/paketo-buildpacks_bellsoft-liberica/jdk
    Adding 128 container CA certificates to JVM truststore
    Writing env.build/JAVA_HOME.override
    Writing env.build/JDK_HOME.override

您可以看到它正在Adding 128 container CA certificates to JVM truststore (默認情況下有 127 個證書,因此默認為 + 1)。

您可能還想查看binding-tool ,這是一個可以安裝的小型 CLI,可幫助您管理綁定,包括 CA 證書。

  1. 它可以用來輕松地創建綁定文件夾結構 只需給它您的證書文件,它就會創建結構。

  2. 您還可以將它與您的 shell 集成,它會自動擴充您的pack build命令以添加--volume參數,因此您無需考慮這一點。

使用它不是必需的,但我想我會指出它,因為它可以使使用pack和綁定更容易。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 緩存 Cloud Native Buildpacks/Paketo.io 包 CLI 基於 GitHub 操作構建(例如,使用 Spring Boot/Java/Maven buildpacks)? 如何使用 Paketo.io/Cloud Native Buildpacks Docker 圖像變基(CI-Pipeline,如 GitHub Actions 或 renovatebot)自動創建 PR? Cloud Native Buildpacks/Paketo with Java/Spring Boot:如何配置不同的 JDK 下載 uri(例如無法訪問 github.com) 使用 Paketo Buildpacks 容器化 Angular 應用程序:空回復 如何使用 Cloud Native Buildpacks 構建服務 Vue SPA 的容器 在 Spring Boot < 2.3 中使用雲原生構建包 用於 Spring Boot 應用程序的 Paketo BuildPacks Java JSON 日志 Cloud Native Buildpacks 只是一種自動執行多階段容器映像構建的方法嗎? 如何啟用 Cloud Native Buildpacks 構建器來檢測我的 Gradle Java 項目的 Java 版本? 基於另一個創建 paketo builder
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM