The highest tagged major version is
README
¶
gcr.io/paketo-buildpacks/ca-certificates
The Paketo CA Certificates Buildpack is a Cloud Native Buildpack that adds CA certificates to the system truststore at build and runtime.
Behavior
This buildpack always participates.
The buildpack will do the following:
- At build time:
- Contributes the
ca-cert-helperto the application image. - If one or more bindings with
typeofca-certificatesexists, it adds all CA certificates from the bindings to the system truststore. - If another buildpack provides an entry of
typeca-certifcatesin the build plan withmetadata.pathscontaining an array of certificate paths, it adds all CA certificates from the given paths to the system truststore.
- Contributes the
- At runtime:
- If one or more bindings with
typeofca-certificatesexists, theca-cert-helperadds all CA certificates from the bindings to the system truststore.
- If one or more bindings with
The buildpack configures trusted certs at both build and runtime by:
- Creating a directory.
- Creating symlinks within the directory pointing to any additional requested certficate files.
- Appending the directory to the
SSL_CERT_DIRenvironment variable. - Setting
SSL_CERT_FILEto the default system CA file, if it was previously unset.
To learn about the conventional meaning of SSL_CERT_DIR and SSL_CERT_FILE environment variables see the OpenSSL documentation for SSL_CTX_load_verify_locations. This buildpack may not work with tools that do not respect these environment variables.
Bindings
The buildpack optionally accepts the following bindings:
Type: ca-certificates
| Key | Value | Description |
|---|---|---|
<certificate-name> |
<certificate> |
CA certificate to trust. Should contain exactly one PEM encoded certificate. |
License
This buildpack is released under version 2.0 of the Apache License.
Directories
Click to show internal directories.
Click to hide internal directories.