公司代理背后的Paketo云本地构建包
公司代理背后的Paketo云本地构建包
提问于 2022-07-13 11:19:24
我正在尝试在企业代理后面安装云本地构建包(paketo构建器),并且我有"x509:由未知权威机构签名的证书“。这是因为代理重写证书。
我尝试了https://paketo.io/docs/howto/configuration/#ca-certificates (使用代理的根CA的.pem文件和包含“ca-证书”的"type“文件在项目中创建一个”绑定“文件夹),但没有效果。
- 暗示?
- 是否可以禁用此检查(用于测试)
日志
pack build test --builder paketobuildpacks/builder:base -e BP_JVM_VERSION=17
base: Pulling from paketobuildpacks/builder
Digest: sha256:855aaa00a7eadca9c6cdba72550889f7c618c2bf1489c29fb9e7e01588665db7
Status: Image is up to date for paketobuildpacks/builder:base
base-cnb: Pulling from paketobuildpacks/run
Digest: sha256:1e2a282085f1b7a0fa1d96bd8509378270ab752c6d8042472a95df2bf5e1d6ea
Status: Image is up to date for paketobuildpacks/run:base-cnb
Previous image with name "test" not found
===> DETECTING
9 of 24 buildpacks participating
paketo-buildpacks/ca-certificates 3.2.4
paketo-buildpacks/bellsoft-liberica 9.4.0
paketo-buildpacks/syft 1.13.0
paketo-buildpacks/maven 6.6.0
paketo-buildpacks/executable-jar 6.2.4
paketo-buildpacks/apache-tomcat 7.3.7
paketo-buildpacks/liberty 1.1.2
paketo-buildpacks/dist-zip 5.2.4
paketo-buildpacks/spring-boot 5.13.0
===> RESTORING
===> BUILDING
Paketo CA Certificates Buildpack 3.2.4
https://github.com/paketo-buildpacks/ca-certificates
Launch Helper: Contributing to layer
Creating /layers/paketo-buildpacks_ca-certificates/helper/exec.d/ca-certificates-helper
Paketo BellSoft Liberica Buildpack 9.4.0
https://github.com/paketo-buildpacks/bellsoft-liberica
Build Configuration:
$BP_JVM_JLINK_ARGS --no-man-pages --no-header-files --strip-debug --compress=1 configure custom link arguments (--output must be omitted)
$BP_JVM_JLINK_ENABLED false enables running jlink tool to generate custom JRE
$BP_JVM_TYPE JRE the JVM type - JDK or JRE
$BP_JVM_VERSION 17 the Java version
Launch Configuration:
$BPL_DEBUG_ENABLED false enables Java remote debugging support
$BPL_DEBUG_PORT 8000 configure the remote debugging port
$BPL_DEBUG_SUSPEND false configure whether to suspend execution until a debugger has attached
$BPL_HEAP_DUMP_PATH write heap dumps on error to this path
$BPL_JAVA_NMT_ENABLED true enables Java Native Memory Tracking (NMT)
$BPL_JAVA_NMT_LEVEL summary configure level of NMT, summary or detail
$BPL_JFR_ARGS configure custom Java Flight Recording (JFR) arguments
$BPL_JFR_ENABLED false enables Java Flight Recording (JFR)
$BPL_JMX_ENABLED false enables Java Management Extensions (JMX)
$BPL_JMX_PORT 5000 configure the JMX port
$BPL_JVM_HEAD_ROOM 0 the headroom in memory calculation
$BPL_JVM_LOADED_CLASS_COUNT 35% of classes the number of loaded classes in memory calculation
$BPL_JVM_THREAD_COUNT 250 the number of threads in memory calculation
$JAVA_TOOL_OPTIONS the JVM launch flags
Using Java version 17 from BP_JVM_VERSION
BellSoft Liberica JDK 17.0.3: Contributing to layer
Downloading from https://github.com/bell-sw/Liberica/releases/download/17.0.3.1+2/bellsoft-jdk17.0.3.1+2-linux-amd64.tar.gz
unable to invoke layer creator
unable to get dependency jdk
unable to download https://github.com/bell-sw/Liberica/releases/download/17.0.3.1+2/bellsoft-jdk17.0.3.1+2-linux-amd64.tar.gz
unable to request https://github.com/bell-sw/Liberica/releases/download/17.0.3.1+2/bellsoft-jdk17.0.3.1+2-linux-amd64.tar.gz
Get "https://objects.githubusercontent.com/github-production-release-asset-2e65be/115621629/40b89c3a-208c-434b-8604-3dd53f5dfde1?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220713%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220713T111101Z&X-Amz-Expires=300&X-Amz-Signature=24802ad67a837b74ba5d682a5891905dd219f38f524af3d3b19b714800b40243&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=115621629&response-content-disposition=attachment%3B%20filename%3Dbellsoft-jdk17.0.3.1%2B2-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream": x509: certificate signed by unknown authority
ERROR: failed to build: exit status 1
ERROR: failed to build: executing lifecycle: failed with status code: 51回答 1
Stack Overflow用户
回答已采纳
发布于 2022-07-13 16:01:55
您需要将绑定传递给pack build命令,因此它在构建时就出现了。
您的命令是pack build test --builder paketobuildpacks/builder:base -e BP_JVM_VERSION=17,您需要包含--volume映射。
pack build test --builder paketobuildpacks/builder:base -e BP_JVM_VERSION=17 --volume $PWD/bindings:/platform/bindings其中$PWD/bindings引用您创建的绑定目录。
$ tree bindings/
bindings/
├── ca-certificates
│ ├── support-labs-ca.crt
│ └── type当您的构建运行时,您将知道它正在工作,因为CA证书buildpack看起来如下所示:
Paketo CA Certificates Buildpack 3.2.4
https://github.com/paketo-buildpacks/ca-certificates
Launch Helper: Contributing to layer
Creating /layers/paketo-buildpacks_ca-certificates/helper/exec.d/ca-certificates-helper
CA Certificates: Contributing to layer
Added 1 additional CA certificate(s) to system truststore
Writing env.build/SSL_CERT_DIR.append
Writing env.build/SSL_CERT_DIR.delim
Writing env.build/SSL_CERT_FILE.default你可以看到它是Added 1 additional CA certificate(s) to system truststore。这是你的CA证书。
您还可以通过查看JVM构建包来确认,当它安装JDK工具时,它将添加您的证书:
BellSoft Liberica JDK 11.0.15: Contributing to layer
Downloading from https://github.com/bell-sw/Liberica/releases/download/11.0.15.1+2/bellsoft-jdk11.0.15.1+2-linux-amd64.tar.gz
Verifying checksum
Expanding to /layers/paketo-buildpacks_bellsoft-liberica/jdk
Adding 128 container CA certificates to JVM truststore
Writing env.build/JAVA_HOME.override
Writing env.build/JDK_HOME.override您可以看到它是Adding 128 container CA certificates to JVM truststore (在默认情况下有127个证书,所以它是默认的+ 1)。
您可能还想看看装订工具,它是您可以安装的小型CLI,它将帮助您管理绑定,包括CA Certs。
- 它可以方便地创建绑定文件夹结构。。只需给它您的证书文件&它将创建结构。
- 您还可以使用将其与您的shell集成,它将自动增强
pack build命令以添加--volume参数,因此不需要考虑这个问题。
它不是使用它的要求,但我想指出它,因为它可以使使用pack和绑定更容易。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/72965396
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号