Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding ca certificates to support transparent proxy #2193

Open
d-m opened this issue Feb 28, 2024 · 12 comments
Open

Adding ca certificates to support transparent proxy #2193

d-m opened this issue Feb 28, 2024 · 12 comments
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@d-m
Copy link

d-m commented Feb 28, 2024

Hello, is it possible to add a CA certificate to be used during func build steps? I’m working with a transparent proxy and builds using buildpacks fail when downloading versions of Python, go, etc. in the container. This seems to be possible with with the build pack “pack” command using bindings but I wasn’t sure if this was exposed in func. Thanks!
@braunsonm
Copy link

This is not supported in func, see: #2177

@matejvasek
Copy link
Contributor

@d-m try putting your CAs in your project directory and stetting the SSL_CERT_DIR envvar.

build:
  buildEnvs:
    - name: SSL_CERT_DIR
      value: /workspace

@matejvasek
Copy link
Contributor

It should work: https://cloud-native.slack.com/archives/C04LKEZUXEE/p1707837008531269 .

@matejvasek matejvasek mentioned this issue Mar 6, 2024
Closed
@Vishal1297
Copy link

@d-m try putting your CAs in your project directory and stetting the SSL_CERT_DIR envvar.

build:
  buildEnvs:
    - name: SSL_CERT_DIR
      value: /workspace

What should be value for SSL_CERT_DIR in windows and linux?
Is this common for all environments?

@matejvasek
Copy link
Contributor

@Vishal1297 it should be just /workspace -- that's the path of source code in a build container.

@Vishal1297
Copy link

@matejvasek Thanks, It worked but now I am facing another issue.
Error is there while downloading go modules from private repo.

Server certification verification failed

Maybe my certs having correct?

@Vishal1297
Copy link

@matejvasek Thanks, It worked but now I am facing another issue. Error is there while downloading go modules from private repo.

Server certification verification failed

Maybe my certs having correct?

It's resolved with help of go mod vendor

@matejvasek
Copy link
Contributor

@matejvasek Thanks, It worked but now I am facing another issue. Error is there while downloading go modules from private repo.

Server certification verification failed

Maybe my certs having correct?

Hard to tell without more output. Maybe go does not respect SSL_CERT_DIR, I do not know.

@Vishal1297
Copy link

@matejvasek Thanks, It worked but now I am facing another issue. Error is there while downloading go modules from private repo.
Server certification verification failed
Maybe my certs having correct?

Hard to tell without more output. Maybe go does not respect SSL_CERT_DIR, I do not know.

SSL_CERT_DIR env works with https://github.com/paketo-buildpacks/go
What I got to know is that we have two options to solve the certificate problem.

@matejvasek
Copy link
Contributor

What are "Git bindings"?

@Vishal1297
Copy link

Vishal1297 commented Mar 12, 2024
edited

What are "Git bindings"?

paketo-buildpacks/go-mod-vendor#140

I mean bindings for git paketo.io/docs/howto/configuration/#bindings.
Not sure how to use it.

@github-actions GitHub Actions
Copy link
Contributor

This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Reopen the issue with /reopen. Mark the issue as
fresh by adding the comment /remove-lifecycle stale.

@github-actions github-actions bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@d-m @matejvasek @braunsonm @Vishal1297