forked from GoogleContainerTools/distroless
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cacerts.bzl
58 lines (48 loc) · 1.59 KB
/
cacerts.bzl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
"""A rule to unpack ca certificates from the debian package."""
load("@rules_pkg//:providers.bzl", "PackageFilesInfo")
load("@rules_pkg//:pkg.bzl", "pkg_tar")
CMD = """\
#!/usr/bin/env bash
set -o pipefail -o errexit -o nounset
tmp=$(mktemp -d)
tar -xf "$1" -C "$tmp" ./usr/share/ca-certificates ./usr/share/doc/ca-certificates/copyright
cp "$tmp/usr/share/doc/ca-certificates/copyright" $3
CERTS=$(find $tmp/usr/share/ca-certificates -type f | sort)
for cert in $CERTS; do
cat $cert >> $2
done
"""
def _impl(ctx):
ca_certificates = ctx.actions.declare_file("ca_certificates_{}.crt".format(ctx.label.name))
copyright = ctx.actions.declare_file("ca_certificates_copyright_{}".format(ctx.label.name))
ctx.actions.run_shell(
inputs = [ctx.file.deb],
outputs = [ca_certificates, copyright],
arguments = [
ctx.file.deb.path,
ca_certificates.path,
copyright.path,
],
command = CMD,
)
files = {
"/etc/ssl/certs/ca-certificates.crt": ca_certificates,
"/usr/share/doc/ca-certificates/copyright": copyright,
}
return [
DefaultInfo(files = depset([ca_certificates, copyright])),
PackageFilesInfo(dest_src_map = files),
]
_cacerts = rule(
attrs = {
"deb": attr.label(
allow_single_file = [".tar.xz"],
mandatory = True,
),
},
executable = False,
implementation = _impl,
)
def cacerts(name, deb, **kwargs):
_cacerts(name = "%s_extract" % name, deb = deb, **kwargs)
pkg_tar(name = name, srcs = ["%s_extract" % name], **kwargs)